-
Notifications
You must be signed in to change notification settings - Fork 14
Expand file tree
/
Copy pathpath-validate.php
More file actions
48 lines (44 loc) · 1.48 KB
/
path-validate.php
File metadata and controls
48 lines (44 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
/**
* Validate certification path.
*
* php path-validate.php
*/
declare(strict_types = 1);
use Sop\CryptoEncoding\PEM;
use Sop\X509\Certificate\Certificate;
use Sop\X509\CertificationPath\CertificationPath;
use Sop\X509\CertificationPath\PathValidation\PathValidationConfig;
require dirname(__DIR__) . '/vendor/autoload.php';
// generate CA and end-entity certificates
$dir = __DIR__;
$ca_pem = `php '$dir/create-ca-cert.php'`;
$csr_pem = `php '$dir/create-csr.php'`;
$ca_file = tempnam(sys_get_temp_dir(), 'crt');
file_put_contents($ca_file, $ca_pem);
$csr_file = tempnam(sys_get_temp_dir(), 'csr');
file_put_contents($csr_file, $csr_pem);
$cert_pem = `php '$dir/issue-cert.php' '$ca_file' '$csr_file'`;
// load CA certificate
$ca = Certificate::fromPEM(PEM::fromString($ca_pem));
// load end-entity certificate
$cert = Certificate::fromPEM(PEM::fromString($cert_pem));
// build certification path from CA to end-entity certificate
$path = CertificationPath::fromTrustAnchorToTarget($ca, $cert);
foreach ($path->certificates() as $idx => $cert) {
printf("#%d: %s\n", $idx,
$cert->tbsCertificate()
->subject()
->toString());
}
// validate certification path with default configuration
$config = PathValidationConfig::defaultConfig();
$result = $path->validate($config);
printf("Certificate '%s' is valid.\n",
$result->certificate()
->tbsCertificate()
->subject()
->toString());
// remove temporary files
unlink($ca_file);
unlink($csr_file);