/**
* Create a CSR for an authority that can issue CRLs.
*
* @param array $keyPair
* @param string $dn
* @return string
* PEM-encoded CSR.
*/
public static function createCrlDistCSR($keyPair, $dn)
{
$privKey = new \Crypt_RSA();
$privKey->loadKey($keyPair['privatekey']);
$pubKey = new \Crypt_RSA();
$pubKey->loadKey($keyPair['publickey']);
$pubKey->setPublicKey();
$csr = new \File_X509();
$csr->setPrivateKey($privKey);
$csr->setPublicKey($pubKey);
$csr->setDN($dn);
$csr->loadCSR($csr->saveCSR($csr->signCSR(Constants::CERT_SIGNATURE_ALGORITHM)));
$csr->setExtension('id-ce-keyUsage', array('cRLSign'));
$csrData = $csr->signCSR(Constants::CERT_SIGNATURE_ALGORITHM);
return $csr->saveCSR($csrData);
}