Home Explore Help
Sign In
RMichael
/
gnu-social
forked from diogo/gnu-social
Watch 1
Star 0
Fork 0
Files
Branch: issue-337
Branches Tags
gnu-social
/
extlib
/
phpseclib
/
Crypt
/
RSA
/
PKCS.php

PKCS.php 17 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * PKCS Formatted RSA Key Handler
    4. 

  4.  *
    5. 

  5.  * PHP version 5
    6. 

  6.  *
    7. 

  7.  * @category  Crypt
    8. 

  8.  * @package   RSA
    9. 

  9.  * @author    Jim Wigginton <terrafrost@php.net>
    10. 

  10.  * @copyright 2015 Jim Wigginton
    11. 

  11.  * @license   http://www.opensource.org/licenses/mit-license.html  MIT License
    12. 

  12.  * @link      http://phpseclib.sourceforge.net
    13. 

  13.  */
    14. 

  14. 

  15. namespace phpseclib\Crypt\RSA;
    16. 

  16. 

  17. use ParagonIE\ConstantTime\Base64;
    18. 

  18. use ParagonIE\ConstantTime\Hex;
    19. 

  19. use phpseclib\Crypt\AES;
    20. 

  20. use phpseclib\Crypt\Base;
    21. 

  21. use phpseclib\Crypt\DES;
    22. 

  22. use phpseclib\Crypt\TripleDES;
    23. 

  23. use phpseclib\Math\BigInteger;
    24. 

  24. 

  25. /**
    26. 

  26.  * PKCS Formatted RSA Key Handler
    27. 

  27.  *
    28. 

  28.  * @package RSA
    29. 

  29.  * @author  Jim Wigginton <terrafrost@php.net>
    30. 

  30.  * @access  public
    31. 

  31.  */
    32. 

  32. abstract class PKCS
    33. 

  33. {
    34. 

  34.     /**#@+
    35. 

  35.      * @access private
    36. 

  36.      * @see \phpseclib\Crypt\RSA::createKey()
    37. 

  37.      */
    38. 

  38.     /**
    39. 

  39.      * ASN1 Integer
    40. 

  40.      */
    41. 

  41.     const ASN1_INTEGER = 2;
    42. 

  42.     /**
    43. 

  43.      * ASN1 Bit String
    44. 

  44.      */
    45. 

  45.     const ASN1_BITSTRING = 3;
    46. 

  46.     /**
    47. 

  47.      * ASN1 Octet String
    48. 

  48.      */
    49. 

  49.     const ASN1_OCTETSTRING = 4;
    50. 

  50.     /**
    51. 

  51.      * ASN1 Object Identifier
    52. 

  52.      */
    53. 

  53.     const ASN1_OBJECT = 6;
    54. 

  54.     /**
    55. 

  55.      * ASN1 Sequence (with the constucted bit set)
    56. 

  56.      */
    57. 

  57.     const ASN1_SEQUENCE = 48;
    58. 

  58.     /**#@-*/
    59. 

  59. 

  60.     /**#@+
    61. 

  61.      * @access private
    62. 

  62.      */
    63. 

  63.     /**
    64. 

  64.      * Auto-detect the format
    65. 

  65.      */
    66. 

  66.     const MODE_ANY = 0;
    67. 

  67.     /**
    68. 

  68.      * Require base64-encoded PEM's be supplied
    69. 

  69.      */
    70. 

  70.     const MODE_PEM = 1;
    71. 

  71.     /**
    72. 

  72.      * Require raw DER's be supplied
    73. 

  73.      */
    74. 

  74.     const MODE_DER = 2;
    75. 

  75.     /**#@-*/
    76. 

  76. 

  77.     /**
    78. 

  78.      * Is the key a base-64 encoded PEM, DER or should it be auto-detected?
    79. 

  79.      *
    80. 

  80.      * @access private
    81. 

  81.      * @param int
    82. 

  82.      */
    83. 

  83.     static $format = self::MODE_ANY;
    84. 

  84. 

  85.     /**
    86. 

  86.      * Returns the mode constant corresponding to the mode string
    87. 

  87.      *
    88. 

  88.      * @access public
    89. 

  89.      * @param string $mode
    90. 

  90.      * @return int
    91. 

  91.      * @throws \UnexpectedValueException if the block cipher mode is unsupported
    92. 

  92.      */
    93. 

  93.     static function getEncryptionMode($mode)
    94. 

  94.     {
    95. 

  95.         switch ($mode) {
    96. 

  96.             case 'CBC':
    97. 

  97.                 return Base::MODE_CBC;
    98. 

  98.             case 'ECB':
    99. 

  99.                 return Base::MODE_ECB;
    100. 

  100.             case 'CFB':
    101. 

  101.                 return Base::MODE_CFB;
    102. 

  102.             case 'OFB':
    103. 

  103.                 return Base::MODE_OFB;
    104. 

  104.             case 'CTR':
    105. 

  105.                 return Base::MODE_CTR;
    106. 

  106.         }
    107. 

  107.         throw new \UnexpectedValueException('Unsupported block cipher mode of operation');
    108. 

  108.     }
    109. 

  109. 

  110.     /**
    111. 

  111.      * Returns a cipher object corresponding to a string
    112. 

  112.      *
    113. 

  113.      * @access public
    114. 

  114.      * @param string $algo
    115. 

  115.      * @return string
    116. 

  116.      * @throws \UnexpectedValueException if the encryption algorithm is unsupported
    117. 

  117.      */
    118. 

  118.     static function getEncryptionObject($algo)
    119. 

  119.     {
    120. 

  120.         $modes = '(CBC|ECB|CFB|OFB|CTR)';
    121. 

  121.         switch (true) {
    122. 

  122.             case preg_match("#^AES-(128|192|256)-$modes$#", $algo, $matches):
    123. 

  123.                 $cipher = new AES(self::getEncryptionMode($matches[2]));
    124. 

  124.                 $cipher->setKeyLength($matches[1]);
    125. 

  125.                 return $cipher;
    126. 

  126.             case preg_match("#^DES-EDE3-$modes$#", $algo, $matches):
    127. 

  127.                 return new TripleDES(self::getEncryptionMode($matches[1]));
    128. 

  128.             case preg_match("#^DES-$modes$#", $algo, $matches):
    129. 

  129.                 return new DES(self::getEncryptionMode($matches[1]));
    130. 

  130.             default:
    131. 

  131.                 throw new \UnexpectedValueException('Unsupported encryption algorithmn');
    132. 

  132.         }
    133. 

  133.     }
    134. 

  134. 

  135.     /**
    136. 

  136.      * Generate a symmetric key for PKCS#1 keys
    137. 

  137.      *
    138. 

  138.      * @access public
    139. 

  139.      * @param string $password
    140. 

  140.      * @param string $iv
    141. 

  141.      * @param int $length
    142. 

  142.      * @return string
    143. 

  143.      */
    144. 

  144.     static function generateSymmetricKey($password, $iv, $length)
    145. 

  145.     {
    146. 

  146.         $symkey = '';
    147. 

  147.         $iv = substr($iv, 0, 8);
    148. 

  148.         while (strlen($symkey) < $length) {
    149. 

  149.             $symkey.= md5($symkey . $password . $iv, true);
    150. 

  150.         }
    151. 

  151.         return substr($symkey, 0, $length);
    152. 

  152.     }
    153. 

  153. 

  154.     /**
    155. 

  155.      * Break a public or private key down into its constituent components
    156. 

  156.      *
    157. 

  157.      * @access public
    158. 

  158.      * @param string $key
    159. 

  159.      * @param string $password optional
    160. 

  160.      * @return array
    161. 

  161.      */
    162. 

  162.     static function load($key, $password = '')
    163. 

  163.     {
    164. 

  164.         if (!is_string($key)) {
    165. 

  165.             return false;
    166. 

  166.         }
    167. 

  167. 

  168.         $components = array('isPublicKey' => strpos($key, 'PUBLIC') !== false);
    169. 

  169. 

  170.         /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is
    171. 

  171.            "outside the scope" of PKCS#1.  PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to
    172. 

  172.            protect private keys, however, that's not what OpenSSL* does.  OpenSSL protects private keys by adding
    173. 

  173.            two new "fields" to the key - DEK-Info and Proc-Type.  These fields are discussed here:
    174. 

  174. 

  175.            http://tools.ietf.org/html/rfc1421#section-4.6.1.1
    176. 

  176.            http://tools.ietf.org/html/rfc1421#section-4.6.1.3
    177. 

  177. 

  178.            DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell.
    179. 

  179.            DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation
    180. 

  180.            function.  As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's
    181. 

  181.            own implementation.  ie. the implementation *is* the standard and any bugs that may exist in that
    182. 

  182.            implementation are part of the standard, as well.
    183. 

  183. 

  184.            * OpenSSL is the de facto standard.  It's utilized by OpenSSH and other projects */
    185. 

  185.         if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) {
    186. 

  186.             $iv = Hex::decode(trim($matches[2]));
    187. 

  187.             // remove the Proc-Type / DEK-Info sections as they're no longer needed
    188. 

  188.             $key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $key);
    189. 

  189.             $ciphertext = self::_extractBER($key);
    190. 

  190.             if ($ciphertext === false) {
    191. 

  191.                 $ciphertext = $key;
    192. 

  192.             }
    193. 

  193.             $crypto = self::getEncryptionObject($matches[1]);
    194. 

  194.             $crypto->setKey(self::generateSymmetricKey($password, $iv, $crypto->getKeyLength() >> 3));
    195. 

  195.             $crypto->setIV($iv);
    196. 

  196.             $key = $crypto->decrypt($ciphertext);
    197. 

  197.             if ($key === false) {
    198. 

  198.                 return false;
    199. 

  199.             }
    200. 

  200.         } else {
    201. 

  201.             if (self::$format != self::MODE_DER) {
    202. 

  202.                 $decoded = self::_extractBER($key);
    203. 

  203.                 if ($decoded !== false) {
    204. 

  204.                     $key = $decoded;
    205. 

  205.                 } elseif (self::$format == self::MODE_PEM) {
    206. 

  206.                     return false;
    207. 

  207.                 }
    208. 

  208.             }
    209. 

  209.         }
    210. 

  210. 

  211.         if (ord(self::_string_shift($key)) != self::ASN1_SEQUENCE) {
    212. 

  212.             return false;
    213. 

  213.         }
    214. 

  214.         if (self::_decodeLength($key) != strlen($key)) {
    215. 

  215.             return false;
    216. 

  216.         }
    217. 

  217. 

  218.         $tag = ord(self::_string_shift($key));
    219. 

  219.         /* intended for keys for which OpenSSL's asn1parse returns the following:
    220. 

  220. 

  221.             0:d=0  hl=4 l= 631 cons: SEQUENCE
    222. 

  222.             4:d=1  hl=2 l=   1 prim:  INTEGER           :00
    223. 

  223.             7:d=1  hl=2 l=  13 cons:  SEQUENCE
    224. 

  224.             9:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
    225. 

  225.            20:d=2  hl=2 l=   0 prim:   NULL
    226. 

  226.            22:d=1  hl=4 l= 609 prim:  OCTET STRING
    227. 

  227. 

  228.            ie. PKCS8 keys */
    229. 

  229. 

  230.         if ($tag == self::ASN1_INTEGER && substr($key, 0, 3) == "\x01\x00\x30") {
    231. 

  231.             self::_string_shift($key, 3);
    232. 

  232.             $tag = self::ASN1_SEQUENCE;
    233. 

  233.         }
    234. 

  234. 

  235.         if ($tag == self::ASN1_SEQUENCE) {
    236. 

  236.             $temp = self::_string_shift($key, self::_decodeLength($key));
    237. 

  237.             if (ord(self::_string_shift($temp)) != self::ASN1_OBJECT) {
    238. 

  238.                 return false;
    239. 

  239.             }
    240. 

  240.             $length = self::_decodeLength($temp);
    241. 

  241.             switch (self::_string_shift($temp, $length)) {
    242. 

  242.                 case "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01": // rsaEncryption
    243. 

  243.                     break;
    244. 

  244.                 case "\x2a\x86\x48\x86\xf7\x0d\x01\x05\x03": // pbeWithMD5AndDES-CBC
    245. 

  245.                     /*
    246. 

  246.                        PBEParameter ::= SEQUENCE {
    247. 

  247.                            salt OCTET STRING (SIZE(8)),
    248. 

  248.                            iterationCount INTEGER }
    249. 

  249.                     */
    250. 

  250.                     if (ord(self::_string_shift($temp)) != self::ASN1_SEQUENCE) {
    251. 

  251.                         return false;
    252. 

  252.                     }
    253. 

  253.                     if (self::_decodeLength($temp) != strlen($temp)) {
    254. 

  254.                         return false;
    255. 

  255.                     }
    256. 

  256.                     self::_string_shift($temp); // assume it's an octet string
    257. 

  257.                     $salt = self::_string_shift($temp, self::_decodeLength($temp));
    258. 

  258.                     if (ord(self::_string_shift($temp)) != self::ASN1_INTEGER) {
    259. 

  259.                         return false;
    260. 

  260.                     }
    261. 

  261.                     self::_decodeLength($temp);
    262. 

  262.                     list(, $iterationCount) = unpack('N', str_pad($temp, 4, chr(0), STR_PAD_LEFT));
    263. 

  263.                     self::_string_shift($key); // assume it's an octet string
    264. 

  264.                     $length = self::_decodeLength($key);
    265. 

  265.                     if (strlen($key) != $length) {
    266. 

  266.                         return false;
    267. 

  267.                     }
    268. 

  268. 

  269.                     $crypto = new DES(DES::MODE_CBC);
    270. 

  270.                     $crypto->setPassword($password, 'pbkdf1', 'md5', $salt, $iterationCount);
    271. 

  271.                     $key = $crypto->decrypt($key);
    272. 

  272.                     if ($key === false) {
    273. 

  273.                         return false;
    274. 

  274.                     }
    275. 

  275.                     return self::load($key);
    276. 

  276.                 default:
    277. 

  277.                     return false;
    278. 

  278.             }
    279. 

  279.             /* intended for keys for which OpenSSL's asn1parse returns the following:
    280. 

  280. 

  281.                 0:d=0  hl=4 l= 290 cons: SEQUENCE
    282. 

  282.                 4:d=1  hl=2 l=  13 cons:  SEQUENCE
    283. 

  283.                 6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
    284. 

  284.                17:d=2  hl=2 l=   0 prim:   NULL
    285. 

  285.                19:d=1  hl=4 l= 271 prim:  BIT STRING */
    286. 

  286.             $tag = ord(self::_string_shift($key)); // skip over the BIT STRING / OCTET STRING tag
    287. 

  287.             self::_decodeLength($key); // skip over the BIT STRING / OCTET STRING length
    288. 

  288.             // "The initial octet shall encode, as an unsigned binary integer wtih bit 1 as the least significant bit, the number of
    289. 

  289.             //  unused bits in the final subsequent octet. The number shall be in the range zero to seven."
    290. 

  290.             //  -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf (section 8.6.2.2)
    291. 

  291.             if ($tag == self::ASN1_BITSTRING) {
    292. 

  292.                 self::_string_shift($key);
    293. 

  293.             }
    294. 

  294.             if (ord(self::_string_shift($key)) != self::ASN1_SEQUENCE) {
    295. 

  295.                 return false;
    296. 

  296.             }
    297. 

  297.             if (self::_decodeLength($key) != strlen($key)) {
    298. 

  298.                 return false;
    299. 

  299.             }
    300. 

  300.             $tag = ord(self::_string_shift($key));
    301. 

  301.         }
    302. 

  302.         if ($tag != self::ASN1_INTEGER) {
    303. 

  303.             return false;
    304. 

  304.         }
    305. 

  305. 

  306.         $length = self::_decodeLength($key);
    307. 

  307.         $temp = self::_string_shift($key, $length);
    308. 

  308.         if (strlen($temp) != 1 || ord($temp) > 2) {
    309. 

  309.             $components['modulus'] = new BigInteger($temp, 256);
    310. 

  310.             self::_string_shift($key); // skip over self::ASN1_INTEGER
    311. 

  311.             $length = self::_decodeLength($key);
    312. 

  312.             $components[$components['isPublicKey'] ? 'publicExponent' : 'privateExponent'] = new BigInteger(self::_string_shift($key, $length), 256);
    313. 

  313. 

  314.             return $components;
    315. 

  315.         }
    316. 

  316.         if (ord(self::_string_shift($key)) != self::ASN1_INTEGER) {
    317. 

  317.             return false;
    318. 

  318.         }
    319. 

  319.         $length = self::_decodeLength($key);
    320. 

  320.         $components['modulus'] = new BigInteger(self::_string_shift($key, $length), 256);
    321. 

  321.         self::_string_shift($key);
    322. 

  322.         $length = self::_decodeLength($key);
    323. 

  323.         $components['publicExponent'] = new BigInteger(self::_string_shift($key, $length), 256);
    324. 

  324.         self::_string_shift($key);
    325. 

  325.         $length = self::_decodeLength($key);
    326. 

  326.         $components['privateExponent'] = new BigInteger(self::_string_shift($key, $length), 256);
    327. 

  327.         self::_string_shift($key);
    328. 

  328.         $length = self::_decodeLength($key);
    329. 

  329.         $components['primes'] = array(1 => new BigInteger(self::_string_shift($key, $length), 256));
    330. 

  330.         self::_string_shift($key);
    331. 

  331.         $length = self::_decodeLength($key);
    332. 

  332.         $components['primes'][] = new BigInteger(self::_string_shift($key, $length), 256);
    333. 

  333.         self::_string_shift($key);
    334. 

  334.         $length = self::_decodeLength($key);
    335. 

  335.         $components['exponents'] = array(1 => new BigInteger(self::_string_shift($key, $length), 256));
    336. 

  336.         self::_string_shift($key);
    337. 

  337.         $length = self::_decodeLength($key);
    338. 

  338.         $components['exponents'][] = new BigInteger(self::_string_shift($key, $length), 256);
    339. 

  339.         self::_string_shift($key);
    340. 

  340.         $length = self::_decodeLength($key);
    341. 

  341.         $components['coefficients'] = array(2 => new BigInteger(self::_string_shift($key, $length), 256));
    342. 

  342. 

  343.         if (!empty($key)) {
    344. 

  344.             if (ord(self::_string_shift($key)) != self::ASN1_SEQUENCE) {
    345. 

  345.                 return false;
    346. 

  346.             }
    347. 

  347.             self::_decodeLength($key);
    348. 

  348.             while (!empty($key)) {
    349. 

  349.                 if (ord(self::_string_shift($key)) != self::ASN1_SEQUENCE) {
    350. 

  350.                     return false;
    351. 

  351.                 }
    352. 

  352.                 self::_decodeLength($key);
    353. 

  353.                 $key = substr($key, 1);
    354. 

  354.                 $length = self::_decodeLength($key);
    355. 

  355.                 $components['primes'][] = new BigInteger(self::_string_shift($key, $length), 256);
    356. 

  356.                 self::_string_shift($key);
    357. 

  357.                 $length = self::_decodeLength($key);
    358. 

  358.                 $components['exponents'][] = new BigInteger(self::_string_shift($key, $length), 256);
    359. 

  359.                 self::_string_shift($key);
    360. 

  360.                 $length = self::_decodeLength($key);
    361. 

  361.                 $components['coefficients'][] = new BigInteger(self::_string_shift($key, $length), 256);
    362. 

  362.             }
    363. 

  363.         }
    364. 

  364. 

  365.         return $components;
    366. 

  366.     }
    367. 

  367. 

  368.     /**
    369. 

  369.      * Require base64-encoded PEM's be supplied
    370. 

  370.      *
    371. 

  371.      * @see self::load()
    372. 

  372.      * @access public
    373. 

  373.      */
    374. 

  374.     static function requirePEM()
    375. 

  375.     {
    376. 

  376.         self::$format = self::MODE_PEM;
    377. 

  377.     }
    378. 

  378. 

  379.     /**
    380. 

  380.      * Require raw DER's be supplied
    381. 

  381.      *
    382. 

  382.      * @see self::load()
    383. 

  383.      * @access public
    384. 

  384.      */
    385. 

  385.     static function requireDER()
    386. 

  386.     {
    387. 

  387.         self::$format = self::MODE_DER;
    388. 

  388.     }
    389. 

  389. 

  390.     /**
    391. 

  391.      * Accept any format and auto detect the format
    392. 

  392.      *
    393. 

  393.      * This is the default setting
    394. 

  394.      *
    395. 

  395.      * @see self::load()
    396. 

  396.      * @access public
    397. 

  397.      */
    398. 

  398.     static function requireAny()
    399. 

  399.     {
    400. 

  400.         self::$format = self::MODE_ANY;
    401. 

  401.     }
    402. 

  402. 

  403.     /**
    404. 

  404.      * DER-decode the length
    405. 

  405.      *
    406. 

  406.      * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4.  See
    407. 

  407.      * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information.
    408. 

  408.      *
    409. 

  409.      * @access private
    410. 

  410.      * @param string $string
    411. 

  411.      * @return int
    412. 

  412.      */
    413. 

  413.     static function _decodeLength(&$string)
    414. 

  414.     {
    415. 

  415.         $length = ord(self::_string_shift($string));
    416. 

  416.         if ($length & 0x80) { // definite length, long form
    417. 

  417.             $length&= 0x7F;
    418. 

  418.             $temp = self::_string_shift($string, $length);
    419. 

  419.             list(, $length) = unpack('N', substr(str_pad($temp, 4, chr(0), STR_PAD_LEFT), -4));
    420. 

  420.         }
    421. 

  421.         return $length;
    422. 

  422.     }
    423. 

  423. 

  424.     /**
    425. 

  425.      * DER-encode the length
    426. 

  426.      *
    427. 

  427.      * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4.  See
    428. 

  428.      * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information.
    429. 

  429.      *
    430. 

  430.      * @access private
    431. 

  431.      * @param int $length
    432. 

  432.      * @return string
    433. 

  433.      */
    434. 

  434.     static function _encodeLength($length)
    435. 

  435.     {
    436. 

  436.         if ($length <= 0x7F) {
    437. 

  437.             return chr($length);
    438. 

  438.         }
    439. 

  439. 

  440.         $temp = ltrim(pack('N', $length), chr(0));
    441. 

  441.         return pack('Ca*', 0x80 | strlen($temp), $temp);
    442. 

  442.     }
    443. 

  443. 

  444.     /**
    445. 

  445.      * String Shift
    446. 

  446.      *
    447. 

  447.      * Inspired by array_shift
    448. 

  448.      *
    449. 

  449.      * @param string $string
    450. 

  450.      * @param int $index
    451. 

  451.      * @return string
    452. 

  452.      * @access private
    453. 

  453.      */
    454. 

  454.     static function _string_shift(&$string, $index = 1)
    455. 

  455.     {
    456. 

  456.         $substr = substr($string, 0, $index);
    457. 

  457.         $string = substr($string, $index);
    458. 

  458.         return $substr;
    459. 

  459.     }
    460. 

  460. 

  461.     /**
    462. 

  462.      * Extract raw BER from Base64 encoding
    463. 

  463.      *
    464. 

  464.      * @access private
    465. 

  465.      * @param string $str
    466. 

  466.      * @return string
    467. 

  467.      */
    468. 

  468.     static function _extractBER($str)
    469. 

  469.     {
    470. 

  470.         /* X.509 certs are assumed to be base64 encoded but sometimes they'll have additional things in them
    471. 

  471.          * above and beyond the ceritificate.
    472. 

  472.          * ie. some may have the following preceding the -----BEGIN CERTIFICATE----- line:
    473. 

  473.          *
    474. 

  474.          * Bag Attributes
    475. 

  475.          *     localKeyID: 01 00 00 00
    476. 

  476.          * subject=/O=organization/OU=org unit/CN=common name
    477. 

  477.          * issuer=/O=organization/CN=common name
    478. 

  478.          */
    479. 

  479.         $temp = preg_replace('#.*?^-+[^-]+-+[\r\n ]*$#ms', '', $str, 1);
    480. 

  480.         // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
    481. 

  481.         $temp = preg_replace('#-+[^-]+-+#', '', $temp);
    482. 

  482.         // remove new lines
    483. 

  483.         $temp = str_replace(array("\r", "\n", ' '), '', $temp);
    484. 

  484.         $temp = preg_match('#^[a-zA-Z\d/+]*={0,2}$#', $temp) ? Base64::decode($temp) : false;
    485. 

  485.         return $temp != false ? $temp : $str;
    486. 

  486.     }
    487. 

  487. }
    488. 

  488.