whoo
This commit is contained in:
parent
31a5b24ded
commit
2f9c850c52
GPG key ID:
AD2560A0F84F0759
7 changed files with 77 additions and 12 deletions
|
|
@ -4,7 +4,8 @@
|
|||
"type": "library",
|
||||
"require": {
|
||||
"ext-FFI": "*",
|
||||
"php": "^7.4"
|
||||
"php": "^7.4",
|
||||
"ext-openssl": "*"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpstan/phpstan": "^0.11.19",
|
||||
|
|
|
|||
|
|
@ -234,6 +234,42 @@ struct stack_st_X509_CRL {
|
|||
_STACK stack;
|
||||
};
|
||||
|
||||
typedef struct x509_lookup_st X509_LOOKUP;
|
||||
|
||||
typedef struct x509_object_st
|
||||
{
|
||||
|
||||
int type;
|
||||
union {
|
||||
char *ptr;
|
||||
X509 *x509;
|
||||
X509_CRL *crl;
|
||||
EVP_PKEY *pkey;
|
||||
} data;
|
||||
} X509_OBJECT;
|
||||
|
||||
struct stack_st_X509_LOOKUP { _STACK stack; };
|
||||
struct stack_st_X509_OBJECT { _STACK stack; };
|
||||
|
||||
typedef struct x509_lookup_method_st {
|
||||
const char *name;
|
||||
int (*new_item)(X509_LOOKUP *ctx);
|
||||
void (*free)(X509_LOOKUP *ctx);
|
||||
int (*init)(X509_LOOKUP *ctx);
|
||||
int (*shutdown)(X509_LOOKUP *ctx);
|
||||
int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
|
||||
char **ret);
|
||||
int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name,
|
||||
X509_OBJECT *ret);
|
||||
int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name,
|
||||
ASN1_INTEGER *serial, X509_OBJECT *ret);
|
||||
int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type,
|
||||
const unsigned char *bytes, int len,
|
||||
X509_OBJECT *ret);
|
||||
int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str, int len,
|
||||
X509_OBJECT *ret);
|
||||
} X509_LOOKUP_METHOD;
|
||||
|
||||
X509 *X509_new(void);
|
||||
X509 *X509_dup(X509 *x509);
|
||||
void X509_free(X509 *a);
|
||||
|
|
@ -241,7 +277,13 @@ void X509_free(X509 *a);
|
|||
X509_STORE *X509_STORE_new(void);
|
||||
void X509_STORE_free(X509_STORE *v);
|
||||
|
||||
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
|
||||
X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
|
||||
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
|
||||
|
||||
int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
|
||||
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
|
||||
X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
|
||||
X509_LOOKUP_METHOD *X509_LOOKUP_mem(void);
|
||||
|
||||
int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
|
||||
|
||||
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
|
||||
long argl, char **ret);
|
||||
|
|
@ -5,6 +5,7 @@ namespace Cijber;
|
|||
|
||||
use Cijber\OpenSSL\FFIWrapper;
|
||||
use Cijber\OpenSSL\Instance;
|
||||
use Cijber\OpenSSL\X509Store;
|
||||
use FFI;
|
||||
|
||||
/**
|
||||
|
|
@ -71,6 +72,10 @@ class OpenSSL
|
|||
|
||||
public static function CAStore()
|
||||
{
|
||||
if (static::$caStore === null) {
|
||||
static::$caStore = X509Store::default();
|
||||
}
|
||||
|
||||
return static::$caStore;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,18 +5,14 @@ namespace Cijber\OpenSSL\PKCS7;
|
|||
|
||||
use Cijber\OpenSSL;
|
||||
use Cijber\OpenSSL\BIO;
|
||||
use Cijber\OpenSSL\PKCS7;
|
||||
use Cijber\OpenSSL\Stack\X509Stack;
|
||||
use Cijber\OpenSSL\X509Store;
|
||||
use FFI;
|
||||
use FFI\CData;
|
||||
|
||||
class Signed
|
||||
{
|
||||
use Helpers;
|
||||
|
||||
|
||||
|
||||
public function getCerts(): X509Stack
|
||||
{
|
||||
|
||||
|
|
@ -25,14 +21,14 @@ class Signed
|
|||
return $stack;
|
||||
}
|
||||
|
||||
public function verify(string $plain, ?X509Store $x509Store = null)
|
||||
public function verify(string $plain, int $flags, ?X509Store $x509Store = null)
|
||||
{
|
||||
if ($x509Store === null) {
|
||||
$x509Store = OpenSSL::CAStore();
|
||||
}
|
||||
|
||||
$buffer = BIO::buffer($plain);
|
||||
$x = $this->ffi->PKCS7_verify($this->parent, null, null, $buffer->getCData(), null, 0);
|
||||
$x = $this->ffi->PKCS7_verify($this->parent, null, $x509Store->getCData(), $buffer->getCData(), null, $flags);
|
||||
return $x === 1;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ use FFI;
|
|||
|
||||
class X509 extends CBackedObjectWithOwner
|
||||
{
|
||||
const FILETYPE_DEFAULT = 3;
|
||||
|
||||
const TYPE = "X509*";
|
||||
|
||||
public static function new(): X509
|
||||
|
|
|
|||
|
|
@ -15,6 +15,24 @@ class X509Store extends CBackedObjectWithOwner
|
|||
return new X509Store($ffi, $x509);
|
||||
}
|
||||
|
||||
public static function default(): X509Store
|
||||
{
|
||||
$store = X509Store::new();
|
||||
$obj = $store->cObj;
|
||||
$ffi = $store->ffi;
|
||||
$lookup = $ffi->X509_STORE_add_lookup($obj, $ffi->X509_LOOKUP_file());
|
||||
if ($lookup === null || !$ffi->X509_LOOKUP_ctrl($lookup, 1, null, X509::FILETYPE_DEFAULT, null)) {
|
||||
throw new \RuntimeException("Couldn't load default CA files");
|
||||
}
|
||||
|
||||
$lookup = $ffi->X509_STORE_add_lookup($obj, $ffi->X509_LOOKUP_hash_dir());
|
||||
if ($lookup === null || !$ffi->X509_LOOKUP_ctrl($lookup, 2, null, X509::FILETYPE_DEFAULT, null)) {
|
||||
throw new \RuntimeException("Couldn't load default CA files");
|
||||
}
|
||||
|
||||
return $store;
|
||||
}
|
||||
|
||||
public function freeObject()
|
||||
{
|
||||
$this->ffi->X509_STORE_free($this->cObj);
|
||||
|
|
|
|||
|
|
@ -37,7 +37,8 @@ class PKCS7Test extends TestCase
|
|||
$plain = file_get_contents(__DIR__ . "/data/pkcs7/1.SF");
|
||||
$pkcs7 = PKCS7::loadFromDER($der);
|
||||
$signed = $pkcs7->asSigned();
|
||||
$result = $signed->verify($plain);
|
||||
$result = $signed->verify($plain, PKCS7_NOVERIFY);
|
||||
$this->assertTrue($result);
|
||||
}
|
||||
|
||||
public function testLoadingGarbageDER()
|
||||
|
|
|
|||
Loading…
Reference in a new issue