rollerworks / x509-validator
X509 PEM-encoded validators. CA-Chain, OCSP, common-name compatibility, purpose
Requires
- php: ^8.2
- ext-mbstring: *
- ext-openssl: *
- mlocati/ocsp: ^1.0
- psr/clock: ^1.0
- rollerworks/pdb-symfony-bridge: ^1.0
- symfony/translation-contracts: ^2.5 || ^3.0
Requires (Dev)
- paragonie/hidden-string: ^2.0
- phpspec/prophecy-phpunit: ^2.0
- phpunit/phpunit: ^10.4.2
- rollerscapes/standards: ^1.0
- rollerworks/pdb-symfony-bridge: ^1.0
- symfony/clock: ^6.3
- symfony/config: ^6.4 || ^7.0
- symfony/error-handler: ^6.3
- symfony/http-client: ^6.3
- symfony/phpunit-bridge: ^6.3 || ^7.0
- symfony/translation: ^6.3 || ^7.0
Suggests
- paragonie/hidden-string: Safely privide the private-key for validation, without leaking secrets
- symfony/http-client: To validate certificate rovocation status
- symfony/translation: To translate violation messages
README
This package provides X509 TLS certificate/private-key validators to validate the following:
- CA chain completeness
- PrivateKey bits length
- Signature algorithm
- OCSP Revocation status (requires internet access)
- Certificate purpose
- Certificate general validity (private-key compatibility, not expired, readable)
- Certificate hostname pattern supported, and protection against global wildcards of public-suffix length violations
Tip: Violations can be easily translated using the Symfony Translator component and provided translations.
Use the X509Validator Symfony Constraints (separate package) to these validators with the Symfony Validator component.
Installation
To install this package, add rollerworks/x509-validator to your composer.json:
php composer.phar require rollerworks/x509-validator
Now, Composer will automatically download all required files, and install them for you.
Requirements
You need at least PHP 8.2, internet access is required if you want to validate a certificate's OCSP status.
Basic Usage
The CertificateValidator and KeyValidator are to primary validators
for validating a certificate or private-key encoded in PEM (base64),
DER (binary) is not supported.
See documentation for usage of all validators.
Versioning
For transparency and insight into the release cycle, and for striving to maintain backward compatibility, this package is maintained under the Semantic Versioning guidelines as much as possible.
Releases will be numbered with the following format:
<major>.<minor>.<patch>
And constructed with the following guidelines:
- Breaking backward compatibility bumps the major (and resets the minor and patch)
- New additions without breaking backward compatibility bumps the minor (and resets the patch)
- Bug fixes and misc changes bumps the patch
For more information on SemVer, please visit http://semver.org/.
License
This library is released under the MIT license.
Contributing
This is an open source project. If you'd like to contribute, please read the Contributing Guidelines. If you're submitting a pull request, please follow the guidelines in the Submitting a Patch section.