$response = $apiClient->createAccount($account, $person);
if (isset($response["ko"])) {
echo json_encode(array("ko" => "ko", "message" => $response["message"]));
exit;
}
}
$response = $apiClient->getSerial($account);
if (isset($response["ko"])) {
echo json_encode(array("ko" => "ko", "message" => $response["message"]));
exit;
}
$serial = $response["serial"];
$openSslConfig = array("digest_alg" => "sha512", "private_key_bits" => 4096, "private_key_type" => OPENSSL_KEYTYPE_RSA);
// Create the private and public key
$res = openssl_pkey_new($openSslConfig);
$dn = array("countryName" => "FR", "stateOrProvinceName" => "France", "organizationName" => "Armagnet", "commonName" => $person["firstname"] . " " . $person["lastname"] . " - " . $serial, "emailAddress" => $person["mail"]);
// Create the Certificate Signature Request
$csr = openssl_csr_new($dn, $res);
openssl_csr_export($csr, $csrout);
$result = $apiClient->postCsr($account, $serial, $csrout);
$vpnHash = $result["vpn_id"];
$keyPath = $config["openvpn"]["config"] . "_{$vpnHash}";
$defaultPassword = "******";
// Extract the private key from $res to $privKey
// No password for openvpn in deamon mode
openssl_pkey_export($res, $privKey, $defaultPassword);
// Find a better way
file_put_contents($keyPath . ".pkey", $privKey);
shell_exec("openssl pkey -in {$keyPath}" . ".pkey -passin pass:{$defaultPassword} -out {$keyPath}" . ".key");
unlink("{$keyPath}" . ".pkey");
echo json_encode(array("ok" => "ok", "vpnHash" => $vpnHash));
