bugfix: ARI: OpenSSL 'authorityKeyIdentifier' (#54)

skoerfgen · web-flow · commit 38b74ce7726a · 2025-02-03T22:29:03.000+01:00
"keyid" prefix not present anymore in newer openssl versions
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # ACMECert
 
 PHP client library for [Let's Encrypt](https://letsencrypt.org/) and other [ACME v2 - RFC 8555](https://tools.ietf.org/html/rfc8555) compatible Certificate Authorities.  
-Version: 3.4.0
+Version: 3.4.1
 
 ## Description
 
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
 	"name": "skoerfgen/acmecert",
-	"version": "3.4.0",
+	"version": "3.4.1",
 	"description": "PHP client library for Let's Encrypt and other ACME v2 - RFC 8555 compatible Certificate Authorities",
 	"license": "MIT",
 	"authors": [
diff --git a/src/ACMECert.php b/src/ACMECert.php
@@ -471,19 +471,24 @@ private function getARICertID($pem){
 		if (version_compare(PHP_VERSION,'7.1.2','<')){
 			throw new Exception('PHP Version >= 7.1.2 required for ARI'); // serialNumberHex - https://github.com/php/php-src/pull/1755
 		}
+
 		$ret=$this->parseCertificate($pem);
 
 		if (!isset($ret['extensions']['authorityKeyIdentifier'])) {
 			throw new Exception('authorityKeyIdentifier missing');
 		}
-		$aki=hex2bin(str_replace(':','',substr(trim($ret['extensions']['authorityKeyIdentifier']),6)));
+
+		$aki=trim($ret['extensions']['authorityKeyIdentifier']);
+		if (stripos($aki,'keyid')===0) $aki=substr($aki,5);
+		$aki=hex2bin(str_replace(':','',$aki));
 		if (!$aki) throw new Exception('Failed to parse authorityKeyIdentifier');
 
 		if (!isset($ret['serialNumberHex'])) {
 			throw new Exception('serialNumberHex missing');
 		}
 		$ser=hex2bin(trim($ret['serialNumberHex']));
 		if (!$ser) throw new Exception('Failed to parse serialNumberHex');
+		if (ord($ser[0]) & 0x80) $ser="\x00".$ser;
 
 		return $this->base64url($aki).'.'.$this->base64url($ser);
 	}
diff --git a/src/ACMEv2.php b/src/ACMEv2.php
@@ -309,7 +309,7 @@ protected function http_request($url,$data=null){
 		}
 
 		$method=$data===false?'HEAD':($data===null?'GET':'POST');
-		$user_agent='ACMECert v3.4.0 (+https://github.com/skoerfgen/ACMECert)';
+		$user_agent='ACMECert v3.4.1 (+https://github.com/skoerfgen/ACMECert)';
 		$header=($data===null||$data===false)?array():array('Content-Type: application/jose+json');
 		if ($this->ch) {
 			$headers=array();

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "skoerfgen/acmecert",`
`3`		`- "version": "3.4.0",`
	`3`	`+ "version": "3.4.1",`
`4`	`4`	`"description": "PHP client library for Let's Encrypt and other ACME v2 - RFC 8555 compatible Certificate Authorities",`
`5`	`5`	`"license": "MIT",`
`6`	`6`	`"authors": [`
Original file line number	Diff line number	Diff line change
`@@ -471,19 +471,24 @@ private function getARICertID($pem){`
`471`	`471`	`if (version_compare(PHP_VERSION,'7.1.2','<')){`
`472`	`472`	`throw new Exception('PHP Version >= 7.1.2 required for ARI'); // serialNumberHex - https://github.com/php/php-src/pull/1755`
`473`	`473`	`}`
	`474`	`+`
`474`	`475`	`$ret=$this->parseCertificate($pem);`
`475`	`476`
`476`	`477`	`if (!isset($ret['extensions']['authorityKeyIdentifier'])) {`
`477`	`478`	`throw new Exception('authorityKeyIdentifier missing');`
`478`	`479`	`}`
`479`		`- $aki=hex2bin(str_replace(':','',substr(trim($ret['extensions']['authorityKeyIdentifier']),6)));`
	`480`	`+`
	`481`	`+ $aki=trim($ret['extensions']['authorityKeyIdentifier']);`
	`482`	`+ if (stripos($aki,'keyid')===0) $aki=substr($aki,5);`
	`483`	`+ $aki=hex2bin(str_replace(':','',$aki));`
`480`	`484`	`if (!$aki) throw new Exception('Failed to parse authorityKeyIdentifier');`
`481`	`485`
`482`	`486`	`if (!isset($ret['serialNumberHex'])) {`
`483`	`487`	`throw new Exception('serialNumberHex missing');`
`484`	`488`	`}`
`485`	`489`	`$ser=hex2bin(trim($ret['serialNumberHex']));`
`486`	`490`	`if (!$ser) throw new Exception('Failed to parse serialNumberHex');`
	`491`	`+ if (ord($ser[0]) & 0x80) $ser="\x00".$ser;`
`487`	`492`
`488`	`493`	`return $this->base64url($aki).'.'.$this->base64url($ser);`
`489`	`494`	`}`
Original file line number	Diff line number	Diff line change
`@@ -309,7 +309,7 @@ protected function http_request($url,$data=null){`
`309`	`309`	`}`
`310`	`310`
`311`	`311`	`$method=$data===false?'HEAD':($data===null?'GET':'POST');`
`312`		`- $user_agent='ACMECert v3.4.0 (+https://github.com/skoerfgen/ACMECert)';`
	`312`	`+ $user_agent='ACMECert v3.4.1 (+https://github.com/skoerfgen/ACMECert)';`
`313`	`313`	`$header=($data===null\|\|$data===false)?array():array('Content-Type: application/jose+json');`
`314`	`314`	`if ($this->ch) {`
`315`	`315`	`$headers=array();`