Properties

$rootCertContent

$rootCertContent

Methods

getCertSN()

getCertSN( $certPath) : string

从证书中提取序列号

Parameters

$certPath

Returns

string —

getPublicKey()

getPublicKey( $certPath) : mixed

从证书中提取公钥

Parameters

$certPath

Returns

mixed —

getRootCertSN()

getRootCertSN( $certPath) : string|null

提取根证书序列号

Parameters

$certPath

string 根证书

Returns

string|null —

hex2dec()

hex2dec( $hex) : int|string

0x转高精度数字

Parameters

$hex

Returns

int|string —

isTrusted()

isTrusted( $alipayCert,  $rootCert) : bool

验证支付宝公钥证书是否可信

Parameters

$alipayCert

支付宝公钥证书

$rootCert

支付宝根证书

Returns

bool —

验证证书是否可信

verifySignature()

verifySignature(mixed  $alipayCert, mixed  $rootCert) : mixed

Parameters

mixed $alipayCert
mixed $rootCert

Returns

mixed —

readPemCertChain()

readPemCertChain(mixed  $cert) : mixed

Parameters

mixed $cert

Returns

mixed —

verifyCert()

verifyCert(mixed  $prev, mixed  $rootCerts) : mixed

Parameters

mixed $prev
mixed $rootCerts

Returns

mixed —

verifyCertChain()

verifyCertChain( $alipayCerts,  $rootCerts) : bool

验证证书链是否是信任证书库中证书签发的

Parameters

$alipayCerts

array 目标验证证书列表

$rootCerts

array 可信根证书列表

Returns

bool —

sortByDn()

sortByDn( $certs) : bool

将证书链按照完整的签发顺序进行排序,排序后证书链为:[issuerA, subjectA]-[issuerA, subjectB]-[issuerB, subjectC]-[issuerC, subjectD].

..

Parameters

$certs

array 证书链

Returns

bool —

isSelfSigned()

isSelfSigned( $cert) : bool

验证证书是否是自签发的

Parameters

$cert

array 目标证书

Returns

bool —

array2string()

array2string(mixed  $array) : mixed

Parameters

mixed $array

Returns

mixed —

addressingUp()

addressingUp( $subjectMap,  $certChain,  $current) : mixed

向上构造证书链

Parameters

$subjectMap

array 主题和证书的映射

$certChain

array 证书链

$current

当前需要插入证书链的证书,include

Returns

mixed —

addressingDown()

addressingDown( $issuerMap,  $certChain,  $current) : mixed

向下构造证书链

Parameters

$issuerMap

签发者和证书的映射

$certChain

证书链

$current

当前需要插入证书链的证书,exclude

Returns

mixed —

extractSignature()

extractSignature(string  $der = false) : string

Extract signature from der encoded cert.

Expects x509 der encoded certificate consisting of a section container containing 2 sections and a bitstream. The bitstream contains the original encrypted signature, encrypted by the public key of the issuing signer.

Parameters

string $der

Returns

string —

on success

getSignatureAlgorithmOid()

getSignatureAlgorithmOid(mixed  $der = null) : bool

Get signature algorithm oid from der encoded signature data.

Expects decrypted signature data from a certificate in der format. This ASN1 data should contain the following structure: SEQUENCE SEQUENCE OID (signature algorithm) NULL OCTET STRING (signature hash)

Parameters

mixed $der

Returns

bool —

false on failures

getSignatureHash()

getSignatureHash(mixed  $der = null) : bool

Get signature hash from der encoded signature data.

Expects decrypted signature data from a certificate in der format. This ASN1 data should contain the following structure: SEQUENCE SEQUENCE OID (signature algorithm) NULL OCTET STRING (signature hash)

Parameters

mixed $der

Returns

bool —

false on failures

isCertSigner()

isCertSigner(mixed  $certPem = null, mixed  $caCertPem = null) : bool

Determine if one cert was used to sign another Note that more than one CA cert can give a positive result, some certs re-issue signing certs after having only changed the expiration dates.

Parameters

mixed $certPem
mixed $caCertPem

Returns

bool —

pemToDer()

pemToDer(mixed  $pem = null) : string

Convert pem encoded certificate to DER encoding

Parameters

mixed $pem

Returns

string —

$derEncoded on success

stripSignerAsn()

stripSignerAsn(string  $der = null) : string

Obtain der cert with issuer and signature sections stripped.

Parameters

string $der
  • der encoded certificate

Returns

string —

$der on success