public function testOpenSSLSignature()
{
if (!extension_loaded('OpenSSL')) {
$this->markTestSkipped("Need OpenSSL extension");
}
// Generate a private key on the fly.
$passphrase = uniqid();
$passfile = PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pass.txt';
file_put_contents($passfile, $passphrase);
$pkey = openssl_pkey_new();
openssl_pkey_export_to_file($pkey, PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/priv.key', $passphrase);
$this->executeTarget(__FUNCTION__);
// Make sure we are dealing with an OpenSSL signature.
// (Phar silently falls back to an SHA1 signature
// whenever it fails to add an OpenSSL signature)
$dest = PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pharpackage.phar';
$this->assertFileExists($dest);
$phar = new Phar($dest);
$signature = $phar->getSignature();
$this->assertEquals('OpenSSL', $signature['hash_type']);
unlink(PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/priv.key');
unlink(PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pharpackage.phar.pubkey');
unlink(PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pass.txt');
unlink($dest);
}
function createNewcertificate()
{
global $gbl, $login, $ghtml;
$cerpath = "server.crt";
$keypath = "server.key";
$requestpath = "a.csr";
$ltemp["countryName"] = "IN";
$ltemp["stateOrProvinceName"] = "Bn";
$ltemp["localityName"] = "Bn";
$ltemp["organizationName"] = "LxCenter";
$ltemp["organizationalUnitName"] = "Kloxo";
$ltemp["commonName"] = "Kloxo";
$ltemp["emailAddress"] = "*****@*****.**";
$privkey = openssl_pkey_new();
openssl_pkey_export_to_file($privkey, $keypath);
$csr = openssl_csr_new($ltemp, $privkey);
openssl_csr_export_to_file($csr, $requestpath);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
openssl_x509_export_to_file($sscert, $cerpath);
$src = getcwd();
$dest = '/usr/local/lxlabs/kloxo/ext/lxhttpd/conf';
root_execsys("lxfilesys_mkdir", $dest . "/ssl.crt/");
root_execsys("lxfilesys_mkdir", $dest . "/ssl.key/");
root_execsys("lxfilesys_mv", "{$src}/{$cerpath}", $dest . "/ssl.crt/" . $cerpath);
root_execsys("lxfilesys_mv", "{$src}/{$keypath}", $dest . "/ssl.key/" . $cerpath);
root_execsys("lxfilesys_mv", "{$src}/{$requestpath}", "{$dest}/{$requestpath}");
}
/**
* Speichert den Schlüssel als PEM.
*
* @param string $filename
* @param string $password
* @param array $config
*/
public function exportToFile(string $filename, string $password = NULL, array $config = [])
{
$status = openssl_pkey_export_to_file($this->getHandle(), $filename, $password, $config);
if (!$status) {
throw new RuntimeException(OpenSSL::getLastError());
}
}
function create_ca()
{
global $file_ca_pkey, $file_ca_x509;
global $pass, $config, $dn, $root_expire_time;
$ca_key = openssl_pkey_new($config);
// OpenSSL key
$ca_csr = openssl_csr_new($dn, $ca_key, $config);
// OpenSSL X.509 CSR
$ca_cert = openssl_csr_sign($ca_csr, null, $ca_key, $root_expire_time);
// OpenSSL X.509
$ret = openssl_x509_export_to_file($ca_cert, $file_ca_x509);
if (!$ret) {
while ($msg = openssl_error_string()) {
echo $msg . "<br />\n";
}
echo "-Err, create CA x509 fail!(" . __LINE__ . ")\n";
exit(1);
}
$ret = openssl_pkey_export_to_file($ca_key, $file_ca_pkey, $pass, $config);
if (!$ret) {
while ($msg = openssl_error_string()) {
echo $msg . "<br />\n";
}
echo "-Err, create CA pkey fail!(" . __LINE__ . ")\n";
exit(1);
}
echo "+Ok, create CA succ!\n";
}
public function makeKeys($distinguishedName, $passphrase = NULL, $certCA = NULL, $keyCA)
{
// keep track of the distinguished name
$this->dn = $distinguishedName;
// generate the pem-encoded private key
$config = array('digest_alg' => 'sha1', 'private_key_bits' => 1024, 'encrypt_key' => TRUE);
$key = openssl_pkey_new($config);
// generate the certificate signing request...
$csr = openssl_csr_new($this->dn, $key, $config);
// and use it to make a self-signed certificate
$this->serialNumber = rand();
$cert = openssl_csr_sign($csr, NULL, $key, 365, $config, time());
// make openssl forget the key
openssl_free_key($keyCA);
// export private and public keys
openssl_pkey_export($key, $this->privatekey, $passphrase, $config);
//openssl_pkey_export_to_file ( $this->privatekey , "server.key", $passphrase, $config )
openssl_x509_export($cert, $this->certificate);
// parse certificate
$this->x509 = openssl_x509_parse($cert);
if (isset($this->serialNumber)) {
$outfilename = '/var/www/html/' . $this->serialNumber;
// Gets an exportable representation of a key into a file
openssl_pkey_export_to_file($key, $outfilename . '.pem', $passphrase, $config);
}
openssl_x509_export_to_file($this->certificate, $outfilename . '.crt', TRUE);
return TRUE;
// end of makeKeys() method
}
function generateKeyPair($publicKeyFile, $privateKeyFile)
{
// generate a 1024 bit rsa private key, returns a php resource, save to file
$privateKey = openssl_pkey_new(array('private_key_bits' => 1024, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
openssl_pkey_export_to_file($privateKey, $privateKeyFile, $passphrase);
// get the public key $keyDetails['key'] from the private key;
$keyDetails = openssl_pkey_get_details($privateKey);
file_put_contents($publicKeyFile, $keyDetails['key']);
}
/**
* Initialise the private key.
*/
protected function initPrivateKey()
{
if (!isset($config['private-key']['file']) || !file_exists($config['private-key']['file'])) {
$this->privateKey = openssl_pkey_new();
openssl_pkey_export_to_file($this->privateKey, $config['private-key']['file']);
} else {
$this->privateKey = openssl_pkey_new($config['private-key']['file']);
}
}
public function generateKeyPair($saveTo)
{
$privateKey = openssl_pkey_new(array('private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
if (!file_exists($saveTo . 'private.key') || !file_exists($saveTo . 'public.key')) {
// Save the private key to private.key file. Never share this file with anyone.
openssl_pkey_export_to_file($privateKey, $saveTo . 'private.key');
// Generate the public key for the private key
$a_key = openssl_pkey_get_details($privateKey);
// Save the public key in public.key file. Send this file to anyone who want to send you the encrypted data.
file_put_contents($saveTo . 'public.key', $a_key['key']);
// Free the private Key.
openssl_free_key($privateKey);
}
}
public function create($bits = 2048, $folder = null)
{
$folder = $folder ? rtrim($folder, '/') : __DIR__;
$public = $folder . '/public.key';
$private = $folder . '/private.key';
if (!is_writable($folder)) {
throw new Exception('folder is not writable');
}
$config = ['private_key_bits' => $bits, 'private_key_type' => OPENSSL_KEYTYPE_RSA];
$private_key = openssl_pkey_new($config);
openssl_pkey_export_to_file($private_key, $private);
$public_key = openssl_pkey_get_details($private_key);
file_put_contents($public, $public_key['key']);
openssl_free_key($private_key);
}
public function testGenerateSignedLink()
{
if (!extension_loaded('openssl')) {
$this->markTestSkipped('OpenSSL is required for this test.');
}
$pemFile = sys_get_temp_dir() . '/aws-sdk-php-zf2-cloudfront-test.pem';
if (!file_exists($pemFile)) {
// Generate a new Certificate Signing Request and public/private keypair
$csr = openssl_csr_new(array(), $keypair);
// Create a self-signed certificate
$x509 = openssl_csr_sign($csr, null, $keypair, 1);
openssl_x509_export($x509, $certificate);
// Create and save a private key
$privateKey = openssl_get_privatekey($keypair);
openssl_pkey_export_to_file($privateKey, $pemFile);
}
$this->viewHelper->setHostname('example.com');
$link = $this->viewHelper->__invoke('my-object', '123abc', time() + 600, 'kpid', $pemFile);
$this->assertRegExp('#^https\\:\\/\\/123abc\\.example\\.com\\/my-object\\?Expires\\=(.*)\\&Signature\\=(.*)\\&Key-Pair-Id\\=kpid$#', $link);
}
public function testKeyGen()
{
$fileName = 'testfile_ssl_id_rsa_' . date('Ymd_His') . '_' . uniqid('', true);
$sslConfig = array('digest_alg' => 'sha512', 'private_key_bits' => 4096, 'private_key_type' => OPENSSL_KEYTYPE_RSA);
$ssl = openssl_pkey_new($sslConfig);
$this->assertTrue($ssl ? true : false);
openssl_pkey_export_to_file($ssl, 'test_data/' . $fileName . '.prv');
#fwrite(STDOUT, 'SSL ERROR: '.openssl_error_string()."\n");
openssl_pkey_export_to_file($ssl, 'test_data/' . $fileName . '_pass.prv', 'my_password');
#fwrite(STDOUT, 'SSL ERROR: '.openssl_error_string()."\n");
$keyPub = openssl_pkey_get_details($ssl);
#ve($keyPub);
$keyPub = $keyPub['key'];
file_put_contents('test_data/' . $fileName . '.pub', $keyPub);
openssl_public_encrypt('test my keys', $encrypted, $keyPub);
#fwrite(STDOUT, 'SSL ERROR: '.openssl_error_string()."\n");
openssl_private_decrypt($encrypted, $decrypted, $ssl);
#fwrite(STDOUT, 'SSL ERROR: '.openssl_error_string()."\n");
$this->assertEquals('test my keys', $decrypted);
openssl_pkey_free($ssl);
}
public function init($options)
{
parent::init($options);
if (!extension_loaded("openssl")) {
return;
}
$keyFile = $this->getPluginWorkDir(true) . "/agent.pem";
if (file_exists($keyFile)) {
return;
}
$config = array("digest_alg" => "sha1", "private_key_bits" => 1024, "private_key_type" => OPENSSL_KEYTYPE_RSA);
// Create the private and public key
$res = openssl_pkey_new($config);
if ($res === false) {
AJXP_Logger::error(__CLASS__, __FUNCTION__, "Warning, OpenSSL is active but could not correctly generate a key for Zoho Editor. Please make sure the openssl.cnf file is correctly set up.");
while ($message = openssl_error_string()) {
AJXP_Logger::debug(__CLASS__, __FUNCTION__, "Open SSL Error: " . $message);
}
} else {
openssl_pkey_export_to_file($res, $keyFile);
}
}
/**
* Save the private key in a file using a passphrase
* @param string $filename
* @param string $passphrase
* @return boolean
*/
public function savePrivateKey(string $filename, string $passphrase)
{
return openssl_pkey_export_to_file($this->getPrivateKey(), $filename, $passphrase);
}
<?php
$privateKey = openssl_pkey_new(array(
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
));
openssl_pkey_export_to_file($privateKey, 'private.key');
$a_key = openssl_pkey_get_details($privateKey);
file_put_contents('public.key', $a_key['key']);
openssl_free_key($privateKey);
?>
/**
* Generates the private key and certificate used by iDeal
*
* @return bool True on success, false on failure
*/
private function GenerateKeyAndCertificate()
{
if (file_exists($this->_keyFile) && file_exists($this->_certFile)) {
return false;
}
// Create the keypair
if (($key = openssl_pkey_new()) === false) {
// could not create key
$this->SetError(GetLang('IdealCantCreateKeyPair'));
return false;
}
if (file_exists($this->_keyFile)) {
if (!unlink($this->_keyFile)) {
// could not delete old key file
$this->SetError(GetLang('IdealCantDeleteKeyFile', array("keyFile" => $this->_keyFile)));
return false;
}
}
// export our key
if (!openssl_pkey_export_to_file($key, $this->_keyFile, GetConfig('EncryptionToken'))) {
// could not export key
$this->SetError(GetLang('IdealCantExportKey'));
return false;
}
chmod($this->_keyFile, ISC_WRITEABLE_FILE_PERM);
$dn = array(
"countryName" => GetCountryISO2ByName(GetConfig('CompanyCountry')),
"stateOrProvinceName" => GetConfig('CompanyState'),
"localityName" => GetConfig('CompanyCity'),
"organizationName" => GetConfig('CompanyName'),
"organizationalUnitName" => GetConfig('CompanyName'),
"commonName" => GetConfig('CompanyName'),
"emailAddress" => GetConfig('AdminEmail')
);
// create our certificate
if (($csr = openssl_csr_new($dn, $key)) === false) {
// could not create cert
$this->SetError(GetLang('IdealCantCreateCert'));
return false;
}
// self sign our certificate
if (($sscert = openssl_csr_sign($csr, null, $key, 3650)) === false) {
// could not sign cert
$this->SetError(GetLang('IdealCantSignCert'));
return false;
}
if (file_exists($this->_certFile)) {
if (!unlink($this->_certFile)) {
// could not delete old cert file
$this->SetError(GetLang('IdealCantDeleteCertFile', array("certFile" => $this->_certFile)));
return false;
}
}
// export certificate to file
if (!openssl_x509_export_to_file($sscert, $this->_certFile)) {
// could not export cert
$this->SetError(GetLang('IdealCantExportCert'));
return false;
}
chmod($this->_certFile, ISC_WRITEABLE_FILE_PERM);
return true;
}
return array_filter(array_map('trim', array_map(function ($line) use($keywords, $hash, $author) {
// Check if message starts with a keyword:
foreach ($keywords as $keyword) {
if (substr_compare($keyword, $line, 0, strlen($keyword), true) === 0) {
if ($keyword == 'Updated translation') {
return "#" . $line;
} else {
return '-' . strtr($line, ['#0' => '#']) . " ({$author})";
}
}
}
}, explode("\n", $message))));
}]);
if (!file_exists(__DIR__ . '/priv.key')) {
$privKey = openssl_pkey_new();
openssl_pkey_export_to_file($privKey, __DIR__ . '/priv.key');
} else {
$privKey = openssl_pkey_get_private(file_get_contents(__DIR__ . '/priv.key'));
}
$pre = new \SamIT\AutoUpdater\Generator\PreUpdate($diff);
$pre->sign($privKey);
$pre->saveToFile('/tmp/test.json');
$data = $pre->getDataForSigning();
$update = new SamIT\AutoUpdater\Generator\Update($diff);
$update->sign($privKey);
$update->saveToFile('/tmp/test.zip');
unset($update);
unset($pre);
$basePath = '/tmp/LimeSurvey';
$pre = new SamIT\AutoUpdater\Executor\PreUpdate(['basePath' => $basePath]);
$pre->loadFromFile('/tmp/test.json', openssl_pkey_get_details($privKey)['key']);
function guardarLlave($ruta,$fraseSeguridad,$idProceso){
openssl_pkey_export($this->llave,$this->llavePrivada, $fraseSeguridad);
return openssl_pkey_export_to_file($this->llave, $ruta.'llave'.$idProceso.'.pem', $fraseSeguridad);
}
private function genPrivateKeyFile()
{
openssl_pkey_export_to_file($this->privateKey, $this->privateKeyFileName);
}
function guardarLlave($ruta,$fraseSeguridad){
openssl_pkey_export($this->llave,$this->llavePrivada, $fraseSeguridad);
return openssl_pkey_export_to_file($this->llave, $ruta.'/llave.pem', $fraseSeguridad);
}
/**
* Saves the private key to a file.
*
* @param string $path The path of the file to save.
* @param string|null $passphrase The optional passphrase to secure the private key.
* @return bool Returns true on success, false otherwise.
* @since 0.3
*/
public function save(string $path, string $passphrase = null) : bool
{
OpenSSL::resetErrors();
return openssl_pkey_export_to_file($this->resource, $path, $passphrase, $this->config);
}
function test_openssl_pkey_export_to_file()
{
$tmp = tempnam('/tmp', 'vmopenssltest');
unlink($tmp);
VS(file_get_contents($tmp), false);
$privkey = openssl_pkey_new();
VERIFY($privkey != null);
openssl_pkey_export_to_file($privkey, $tmp, "1234");
VERIFY(strlen(file_get_contents($tmp)) > 400);
unlink($tmp);
}
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new($SSLcnf);
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey, $SSLcnf);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365, $SSLcnf);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
//CERTIFICADO
openssl_csr_export_to_file($csr, $fncert, false);
//CERTIFICADO AUTO-ASSINADO
openssl_x509_export_to_file($sscert, $fnsscert, false);
//CHAVE PRIVADA (private.pem)
openssl_pkey_export_to_file($privkey, $fnprivate, null, $SSLcnf);
//CHAVE PÚBLICA (public.key)
file_put_contents($fnpublic, openssl_pkey_get_details($privkey)['key']);
/**
* @todo Criar rotinas de interceptação de erros
*
*/
// Show any errors that occurred here
//while (($e = openssl_error_string()) !== false) {
// echo "\n".$e."\n";
//}
$z .= $i * $i;
if (function_exists("usleep")) {
usleep($i);
}
}
$privkey = openssl_pkey_new();
if ($privkey === false) {
die("failed to create private key");
}
$passphrase = "banana";
$key_file_name = tempnam("/tmp", "ssl");
if ($key_file_name === false) {
die("failed to get a temporary filename!");
}
echo "Export key to file\n";
openssl_pkey_export_to_file($privkey, $key_file_name, $passphrase) or die("failed to export to file {$key_file_name}");
echo "Load key from file - array syntax\n";
$loaded_key = openssl_pkey_get_private(array("file://{$key_file_name}", $passphrase));
if ($loaded_key === false) {
die("failed to load key using array syntax");
}
openssl_pkey_free($loaded_key);
echo "Load key using direct syntax\n";
$loaded_key = openssl_pkey_get_private("file://{$key_file_name}", $passphrase);
if ($loaded_key === false) {
die("failed to load key using direct syntax");
}
openssl_pkey_free($loaded_key);
echo "Load key manually and use string syntax\n";
$key_content = file_get_contents($key_file_name);
$loaded_key = openssl_pkey_get_private($key_content, $passphrase);
$SSL = array('encrypt_key' => true, 'private_key_type' => OPENSSL_KEYTYPE_DSA, 'digest_alg' => 'md5', 'x509_extensions' => 'v3_ca', 'private_key_bits' => 1024);
$config = array("digest_alg" => "md5", "private_key_bits" => 1024, "private_key_type" => OPENSSL_KEYTYPE_RSA);
$privkey_enc = openssl_pkey_new($config);
$csr = openssl_csr_new($dn, $privkey_enc, $SSL);
$sscert = openssl_csr_sign($csr, null, $privkey_enc, 365);
openssl_csr_export($csr, $csrout);
openssl_x509_export($sscert, $sscertout);
openssl_pkey_export($privkey_enc, $privkeyout);
$pubkey = openssl_pkey_get_details($privkey_enc)["key"];
// var_dump($csrout);
// echo "\n";
// var_dump($sscertout);
// echo "\n";
// var_dump($privkeyout);
echo "\n";
openssl_x509_export_to_file($sscert, "certificate.crt");
openssl_pkey_export_to_file($privkey_enc, "key.pem");
file_put_contents("key.pub", $pubkey);
$zip = new ZipArchive();
$zip->open("certif.zip", ZipArchive::CREATE);
$zip->addFile("certificate.crt");
$zip->addFile("key.pub");
$zip->addFile("key.pem");
$zip->close();
unlink("certificate.crt");
unlink("key.pub");
unlink("key.pem");
// Show any errors that occurred here
// while (($e = openssl_error_string()) !== false) {
// echo $e . "\n";
// }
function export_privatekey_to_file()
{
//$this->clear_debug_buffer();
// Create empty private key file;
$this->set_privatekey_file();
openssl_pkey_export_to_file($this->ppkeypair, FILE_LOCATION . $this->privatekey_resource_file);
//$this->debug("export_privatekey_to_file");
}
$sslPubKey = openssl_pkey_get_public(file_get_contents($settings->data['node']['sslKeyPubPath']));
if ($sslPubKey) {
$sslPubKeyDetails = openssl_pkey_get_details($sslPubKey);
if (isset($sslPubKeyDetails['key'])) {
$keyPub = $sslPubKeyDetails['key'];
}
}
} else {
$log->info('SSL: key pair generation. this may take a while...');
$keyPrv = null;
$sslConfig = array('digest_alg' => 'sha512', 'private_key_bits' => 4096, 'private_key_type' => OPENSSL_KEYTYPE_RSA);
// Create the private and public key
$ssl = openssl_pkey_new($sslConfig);
if ($ssl) {
openssl_pkey_export($ssl, $keyPrv);
openssl_pkey_export_to_file($ssl, $settings->data['node']['sslKeyPrvPath'], $settings->data['node']['sslKeyPrvPass']);
if ($keyPrv) {
$keyPub = openssl_pkey_get_details($ssl);
if ($keyPub && isset($keyPub['key'])) {
$keyPub = $keyPub['key'];
openssl_public_encrypt('test my keys', $encrypted, $keyPub);
openssl_private_decrypt($encrypted, $decrypted, $ssl);
if ($decrypted == 'test my keys') {
$log->info('SSL: test keys ok');
file_put_contents($settings->data['node']['sslKeyPubPath'], $keyPub);
$filesystem->chmod($settings->data['node']['sslKeyPubPath'], 0400);
} else {
$log->critical('SSL: test keys failed');
exit(1);
}
} else {
/**
*
* https://www.mail-tester.com/spf-dkim-check
* http://dkimvalidator.com/
* @return bool
*/
private function generateDKIM()
{
$privatekeyfile = e_SYSTEM . 'dkim_private.key';
$tp = e107::getParser();
if (file_exists($privatekeyfile)) {
e107::getMessage()->addInfo("DKIM keys already exists (" . $privatekeyfile . ")");
$text = $this->getDKIMPublicKey();
e107::getMessage()->addInfo("Add the following to your " . e_DOMAIN . " DNS Zone records:" . print_a($text, true));
e107::getMessage()->addinfo("Consider testing it using this website: http://dkimvalidator.com");
return false;
}
$keyLength = 1024;
// Any higher and cPanel < 11.50 will refuse it.
$pk = openssl_pkey_new(array("digest_alg" => "sha1", 'private_key_bits' => $keyLength, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
openssl_pkey_export_to_file($pk, $privatekeyfile);
// $contents = file_get_contents($privatekeyfile);
$tmp = openssl_pkey_get_details($pk);
$pubKey = $tmp['key'];
file_put_contents(e_SYSTEM . "dkim_public.key", $pubKey);
// e107::getMessage()->addInfo(nl2br($pubKey));
$pubString = str_replace(array('-----BEGIN PUBLIC KEY-----', '-----END PUBLIC KEY-----', "\n"), "", $pubKey);
// $dnsEntry = 'phpmailer._domainkey IN TXT "v=DKIM1; k=rsa; g=*; s=email; h=sha1; t=s; p=[x];"';
$dnsEntry = 'phpmailer._domainkey IN TXT "v=DKIM1; k=rsa; p=[x];"';
$text = $tp->lanVars($dnsEntry, $pubString);
e107::getMessage()->addInfo("Add the following " . $keyLength . " bit key to your " . e_DOMAIN . " DNS Zone records:" . print_a($text, true));
e107::getMessage()->addinfo("Consider testing it using this website: http://dkimvalidator.com");
}
public function paypal_encrypt_wizard_step2()
{
access::verify_csrf();
$form = self::keyGenerationForm();
if (!$form->validate()) {
self::paypal_encrypt_wizard_step1();
return;
}
$ssldir = str_replace('\\', '/', VARPATH . 'certificate');
$ssldir = rtrim($ssldir, '/') . '/';
if (!is_dir($ssldir)) {
// Create the upload directory
mkdir($ssldir, 0777, TRUE);
}
$prkeyfile = $ssldir . "myprvkey.pem";
$pubcertfile = $ssldir . "mypubcert.pem";
$certreqfile = $ssldir . "mycertreq.pem";
$dn = array("countryName" => $form->encrypt->countryName->value, "stateOrProvinceName" => $form->encrypt->stateOrProvinceName->value, "localityName" => $form->encrypt->localityName->value, "organizationName" => $form->encrypt->organizationName->value, "organizationalUnitName" => $form->encrypt->organizationalUnitName->value, "commonName" => $form->encrypt->commonName->value, "emailAddress" => $form->encrypt->emailAddress->value);
$privkeypass = $form->encrypt->privKeyPass->value;
$numberofdays = 365;
$config = array("private_key_bits" => 1024);
$privkey = openssl_pkey_new($config);
$csr = openssl_csr_new($dn, $privkey);
$sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays);
openssl_x509_export($sscert, $publickey);
openssl_pkey_export($privkey, $privatekey, $privkeypass);
openssl_csr_export($csr, $csrStr);
openssl_x509_export_to_file($sscert, $pubcertfile);
openssl_pkey_export_to_file($privkey, $prkeyfile, $privkeypass);
openssl_csr_export_to_file($csr, $certreqfile);
//echo "Your Public Certificate has been saved to " . $pubcertfile . "<br><br>";
//echo "Your Private Key has been saved to " . $prkeyfile . "<br><br>";
//echo "Your Certificate Request has been saved to " . $certreqfile . "<br><br>";
//echo $privatekey; // Will hold the exported PriKey
//echo $publickey; // Will hold the exported PubKey
//echo $csrStr; // Will hold the exported Certificate
}
/**
* DKIM Signing tests
*/
public function testDKIM()
{
$this->Mail->Subject .= ': DKIM signing';
$this->Mail->Body = 'This message is DKIM signed.';
$this->buildBody();
$privatekeyfile = 'dkim_private.key';
//Make a new key pair
//(2048 bits is the recommended minimum key length -
//gmail won't accept less than 1024 bits)
$pk = openssl_pkey_new(array('private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
openssl_pkey_export_to_file($pk, $privatekeyfile);
$this->Mail->DKIM_domain = 'example.com';
$this->Mail->DKIM_private = $privatekeyfile;
$this->Mail->DKIM_selector = 'phpmailer';
$this->Mail->DKIM_passphrase = '';
//key is not encrypted
$this->assertTrue($this->Mail->send(), 'DKIM signed mail failed');
unlink($privatekeyfile);
}
$comN = stripslashes($_POST['commonName']);
$on = stripslashes($_POST['organizationName']);
$oun = stripslashes($_POST['organizationUnitName']);
$mail = stripslashes($_POST['emailAdress']);
$ln = stripslashes($_POST['localityName']);
$sopn = stripslashes($_POST['stateOrProvinceName']);
$cn = stripslashes($_POST['countryName']);
if (isset($cn) && isset($sopn) && isset($ln) && isset($on) && isset($oun) && isset($comN) && isset($mail)) {
//récupération des informations du certificat principal
$CAcrt = "certificat.crt";
$CAkey = array("cles.txt", "monmot2passe");
// Assigne les valeurs du nom distingué à utiliser avec le certificat.
$dn = array("countryName" => $cn, "stateOrProvinceName" => $sopn, "localityName" => $ln, "organizationName" => $on, "organizationalUnitName" => $oun, "commonName" => $comN, "emailAddress" => $mail);
// Génère les clés privée et publique
$privkey = openssl_pkey_new();
// Génère la requête de signature de certificat
$csr = openssl_csr_new($dn, $privkey);
// Cette commande crée une certificat signer par l'autorité supérieur valide 1 ans soit 365 jours
$sscert = openssl_csr_sign($csr, $CAcrt, $CAkey, 365);
// préserver la clé privée, la CSR et le certificat auto-signé,
//de façon à ce qu'ils puissent être installés sur le site internet.
// éléments dans des fichiers.
// Typiquement, l'autorité de certification émettra un "vrai" certificat.
openssl_csr_export_to_file($csr, "requeteSignaturePerso" . $comN . ".txt");
openssl_x509_export_to_file($sscert, "certificatPerso" . $comN . ".txt");
openssl_pkey_export_to_file($privkey, "clesPerso" . $comN . ".txt");
// Affiche les erreurs qui sont survenues
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
}
