Class X509Cert
Analyze an X.509 certificate.
The X509Cert class provides a set of convenient methods for extracting
essential information contained in an X.509 certificate and for performing
some useful checkings. In particular, it can verify the origin of the X.509
certificate by using the intermediate certificate used by the CA to perform
its signature (CSR). This class is used internaly by the XMLDSigToken
class.
Methods summary
public
|
#
__construct( string $cert )
Create a new X509Cert object.
Create a new X509Cert object.
Parameters
- $cert
- An X.509 certificate (public key) in PEM format.
Throws
Exception
|
public
String
|
#
getPem( )
Get the certificate (public key) in PEM format.
Get the certificate (public key) in PEM format.
Returns
String
The certificate (public key) in PEM format.
|
public
array
|
#
getIssuer( )
Get the issuer information of the certificate.
Get the issuer information of the certificate.
Returns
array
The issuer information of the certificate.
|
public
array
|
#
getSubject( )
Get the subject information of the certificate.
Get the subject information of the certificate.
Returns
array
The subject information of the certificate.
|
public
string
|
#
getDN( )
Get the Distinguished Name of the certificate.
Get the Distinguished Name of the certificate.
Returns
string
The Distinguished Name of the certificate.
|
public
string|false
|
#
getValidFrom( string $dateFormat = 'ymdHise' )
Get the UTC date from which the certificate is valid.
Get the UTC date from which the certificate is valid.
Parameters
- $dateFormat
format of the returned date.
Default: 'ymdHise' Returns
string|false The date from which the certificate is valid,
FALSE if $dateFormat is invalid.
|
public
string|false
|
#
getValidTo( string $dateFormat = 'ymdHise' )
Get the UTC date to which the certificate is valid.
Get the UTC date to which the certificate is valid.
Parameters
- $dateFormat
format of the returned date.
Default: 'ymdHise' Returns
string|false The date to which the certificate is valid,
FALSE if $dateFormat is invalid.
|
public
boolean
|
#
isOutOfDate( )
Indicates whether the certificate is out of date or not.
Indicates whether the certificate is out of date or not.
Returns
boolean TRUE if embedded certificate is out of date,
FALSE otherwise.
|
public
boolean
|
#
isValidCA( string $caCert )
Check the origin of the certificate.
Check the origin of the certificate.
Verify that the X.509 certificate has been signed with the private key
correcsponding to the given CA certificate to validate its origin.
NOTE : Note that more than one CA certificate can give a positive result, some certificates re-issue signing certificates after having only changed the expiration dates. Note that it also works with self-signed certificates. In this case, passes the the X.509 certificate that is supposed been included in the XML digital signature to the function.
Parameters
- $caCert
The certificate (in PEM format) corresponding to
the private key that is supposed been used by CA to sign the X.509
certificate. Returns
boolean TRUE if origin of the X.509 certificate has been
validated, FALSE otherwise.
Throws
Exception
|
public static
string|false
|
#
pemToDer( string $pemCertificate )
Convert PEM encoded X.509 certificate to DER encoding.
Convert PEM encoded X.509 certificate to DER encoding.
Parameters
- $pemCertificate
- PEM encoded X.509 certificate.
Returns
string|false DER encoded X.509 certificate on success,
FALSE on failure.
|
public static
string|false
|
#
derToPem( string $derCertificate )
Convert DER encoded X.509 certificate to PEM encoding.
Convert DER encoded X.509 certificate to PEM encoding.
Parameters
- $derCertificate
- DER encoded X.509 certificate.
Returns
string|false PEM encoded X.509 certificate on success,
FALSE on failure.
|