1. class
  2. Poppy
  3. \
  4. Extension
  5. \
  6. Alipay
  7. \
  8. Aop
  9. \
  10. AopCertEncrypt

AopCertEncrypt

class AopCertEncrypt

Methods

static bool
isTrusted(string $alipayCert, string $rootCert)

验证支付宝公钥证书是否可信

static 
verifySignature($alipayCert, $rootCert)

No description

static 
readPemCertChain($cert)

No description

static 
verifyCert($prev, $rootCerts)

No description

static 
verifyCertChain($alipayCerts, $rootCerts)

验证证书链是否是信任证书库中证书签发的

static 
sortByDn($certs)

将证书链按照完整的签发顺序进行排序,排序后证书链为:[issuerA, subjectA]-[issuerA, subjectB]-[issuerB, subjectC]-[issuerC, subjectD].

static 
isSelfSigned($cert)

验证证书是否是自签发的

static 
array2string($array)

No description

static 
addressingUp($subjectMap, $certChain, $current)

向上构造证书链

static 
addressingDown($issuerMap, $certChain, $current)

向下构造证书链

static string
extractSignature(string $der = false)

Extract signature from der encoded cert.

static bool
getSignatureAlgorithmOid($der = null)

Get signature algorithm oid from der encoded signature data.

static bool
getSignatureHash($der = null)

Get signature hash from der encoded signature data.

static bool
isCertSigner($certPem = null, $caCertPem = null)

Determine if one cert was used to sign another Note that more than one CA cert can give a positive result, some certs re-issue signing certs after having only changed the expiration dates.

static string
pemToDer($pem = null)

Convert pem encoded certificate to DER encoding

static string
stripSignerAsn(string $der = null)

Obtain der cert with issuer and signature sections stripped.

Details

at line 18
static bool isTrusted(string $alipayCert, string $rootCert)

验证支付宝公钥证书是否可信

Parameters

string $alipayCert 支付宝公钥证书
string $rootCert 支付宝根证书

Return Value

bool

at line 31
static verifySignature($alipayCert, $rootCert)

No description

Parameters

$alipayCert
$rootCert

at line 66
static readPemCertChain($cert)

No description

Parameters

$cert

at line 76
static verifyCert($prev, $rootCerts)

No description

Parameters

$prev
$rootCerts

at line 105
static verifyCertChain($alipayCerts, $rootCerts)

验证证书链是否是信任证书库中证书签发的

Parameters

$alipayCerts 目标验证证书列表
$rootCerts 可信根证书列表

at line 140
static sortByDn($certs)

将证书链按照完整的签发顺序进行排序,排序后证书链为:[issuerA, subjectA]-[issuerA, subjectB]-[issuerB, subjectC]-[issuerC, subjectD].

..

Parameters

$certs 证书链

at line 177
static isSelfSigned($cert)

验证证书是否是自签发的

Parameters

$cert 目标证书

at line 185
static array2string($array)

No description

Parameters

$array

at line 202
static addressingUp($subjectMap, $certChain, $current)

向上构造证书链

Parameters

$subjectMap 主题和证书的映射
$certChain 证书链
$current 当前需要插入证书链的证书,include

at line 222
static addressingDown($issuerMap, $certChain, $current)

向下构造证书链

Parameters

$issuerMap 签发者和证书的映射
$certChain 证书链
$current 当前需要插入证书链的证书,exclude

at line 243
static string extractSignature(string $der = false)

Extract signature from der encoded cert.

Expects x509 der encoded certificate consisting of a section container containing 2 sections and a bitstream. The bitstream contains the original encrypted signature, encrypted by the public key of the issuing signer.

Parameters

string $der

Return Value

string

on success

at line 302
static bool getSignatureAlgorithmOid($der = null)

Get signature algorithm oid from der encoded signature data.

Expects decrypted signature data from a certificate in der format. This ASN1 data should contain the following structure: SEQUENCE SEQUENCE OID (signature algorithm) NULL OCTET STRING (signature hash)

Parameters

$der

Return Value

bool

false on failures

at line 362
static bool getSignatureHash($der = null)

Get signature hash from der encoded signature data.

Expects decrypted signature data from a certificate in der format. This ASN1 data should contain the following structure: SEQUENCE SEQUENCE OID (signature algorithm) NULL OCTET STRING (signature hash)

Parameters

$der

Return Value

bool

false on failures

at line 411
static bool isCertSigner($certPem = null, $caCertPem = null)

Determine if one cert was used to sign another Note that more than one CA cert can give a positive result, some certs re-issue signing certs after having only changed the expiration dates.

Parameters

$certPem
$caCertPem

Return Value

bool

at line 506
static string pemToDer($pem = null)

Convert pem encoded certificate to DER encoding

Parameters

$pem

Return Value

string

$derEncoded on success

at line 524
static string stripSignerAsn(string $der = null)

Obtain der cert with issuer and signature sections stripped.

Parameters

string $der
  • der encoded certificate

Return Value

string

$der on success