Ejemplos de File_X509::makeCA en PHP

Ejemplo n.º 1

Archivo: CASignCert.php Proyecto: abcdlzy/webshell-manager

function CreateNewCA()
{
    if (!$GLOBALS['isCA']) {
        return false;
    }
    // CA私钥
    $CAPrivKey = new Crypt_RSA();
    $keyArray = $CAPrivKey->createKey($GLOBALS['RSALength']);
    $CAPrivKey->loadKey($keyArray['privatekey']);
    $pubKey = new Crypt_RSA();
    $pubKey->loadKey($keyArray['publickey']);
    $pubKey->setPublicKey();
    // CA 公钥 x509
    $subject = new File_X509();
    $subject->setDNProp('id-at-organizationName', $GLOBALS['CAname'] . ' CA');
    $subject->setPublicKey($pubKey);
    $issuer = new File_X509();
    $issuer->setPrivateKey($CAPrivKey);
    $issuer->setDN($CASubject = $subject->getDN());
    $x509 = new File_X509();
    $x509->makeCA();
    $result = $x509->sign($issuer, $subject);
    setConfig_CAPublishX509($x509->saveX509($result));
    setConfig_CAPrivateKey($keyArray['privatekey']);
    return true;
}

Ejemplo n.º 2

Archivo: CA.php Proyecto: riyadennis/my_civicrm

 /**
  * @param array $keyPair
  *   Array with elements:
  *   - privatekey: string.
  *   - publickey: string.
  * @param string $dn
  *   Distinguished name (e.g. "/O=TestOrg").
  * @return string
  *   Certificate data.
  */
 public static function create($keyPair, $dn)
 {
     $privKey = new \Crypt_RSA();
     $privKey->loadKey($keyPair['privatekey']);
     $pubKey = new \Crypt_RSA();
     $pubKey->loadKey($keyPair['publickey']);
     $pubKey->setPublicKey();
     $subject = new \File_X509();
     $subject->setDN($dn);
     $subject->setPublicKey($pubKey);
     $issuer = new \File_X509();
     $issuer->setPrivateKey($privKey);
     $issuer->setDN($dn);
     $x509 = new \File_X509();
     $x509->makeCA();
     $x509->setEndDate(date('c', strtotime(Constants::CA_DURATION, Time::getTime())));
     $result = $x509->sign($issuer, $subject, Constants::CERT_SIGNATURE_ALGORITHM);
     return $x509->saveX509($result);
 }

Ejemplo n.º 3

Archivo: 1.php Proyecto: abcdlzy/webshell-manager

$CAPrivKey->loadKey($privatekey);
$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();
echo "the private key for the CA cert (can be discarded):\r\n\r\n";
echo $privatekey;
echo "\r\n\r\n";
// create a self-signed cert that'll serve as the CA
$subject = new File_X509();
$subject->setDNProp('id-at-organizationName', 'phpseclib demo CA');
$subject->setPublicKey($pubKey);
$issuer = new File_X509();
$issuer->setPrivateKey($CAPrivKey);
$issuer->setDN($CASubject = $subject->getDN());
$x509 = new File_X509();
$x509->makeCA();
$result = $x509->sign($issuer, $subject);
echo "the CA cert to be imported into the browser is as follows:\r\n\r\n";
echo $x509->saveX509($result);
echo "\r\n\r\n";
// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);
$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();
$subject = new File_X509();
$subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
$subject->setPublicKey($pubKey);
$issuer = new File_X509();

Ejemplo n.º 4

Archivo: CertificateGenerateCommand.php Proyecto: Tanklong/openvj

 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $helper = $this->getHelper('question');
     // ask fields
     $options = ['countryName' => 'CN', 'stateOrProvinceName' => 'Shanghai', 'localityName' => 'Shanghai'];
     if (!$input->getOption('default')) {
         foreach ($options as $ask => $default) {
             $q = new Question($ask . '[' . $default . ']: ', $default);
             $options[$ask] = $helper->ask($input, $output, $q);
         }
     }
     $output->writeln('Generating CA private key...');
     $CAPrivKey = new \Crypt_RSA();
     $key = $CAPrivKey->createKey(2048);
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-ca.key', $key['privatekey']);
     $output->writeln('Generating self-signed CA certificate...');
     $CAPrivKey->loadKey($key['privatekey']);
     $pubKey = new \Crypt_RSA();
     $pubKey->loadKey($key['publickey']);
     $pubKey->setPublicKey();
     $subject = new \File_X509();
     $subject->setDNProp('id-at-organizationName', 'OpenVJ Certificate Authority');
     foreach ($options as $prop => $val) {
         $subject->setDNProp('id-at-' . $prop, $val);
     }
     $subject->setPublicKey($pubKey);
     $issuer = new \File_X509();
     $issuer->setPrivateKey($CAPrivKey);
     $issuer->setDN($CASubject = $subject->getDN());
     $x509 = new \File_X509();
     $x509->setStartDate('-1 month');
     $x509->setEndDate('+3 year');
     $x509->setSerialNumber(chr(1));
     $x509->makeCA();
     $result = $x509->sign($issuer, $subject, 'sha256WithRSAEncryption');
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-ca.crt', $x509->saveX509($result));
     $output->writeln('Generating background service SSL private key...');
     $privKey = new \Crypt_RSA();
     $key = $privKey->createKey(2048);
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-server.key', $key['privatekey']);
     $privKey->loadKey($key['privatekey']);
     $output->writeln('Generating background service SSL certificate...');
     $pubKey = new \Crypt_RSA();
     $pubKey->loadKey($key['publickey']);
     $pubKey->setPublicKey();
     $subject = new \File_X509();
     $subject->setPublicKey($pubKey);
     $subject->setDNProp('id-at-organizationName', 'OpenVJ Background Service Certificate');
     foreach ($options as $prop => $val) {
         $subject->setDNProp('id-at-' . $prop, $val);
     }
     $subject->setDomain('127.0.0.1');
     $issuer = new \File_X509();
     $issuer->setPrivateKey($CAPrivKey);
     $issuer->setDN($CASubject);
     $x509 = new \File_X509();
     $x509->setStartDate('-1 month');
     $x509->setEndDate('+3 year');
     $x509->setSerialNumber(chr(1));
     $result = $x509->sign($issuer, $subject, 'sha256WithRSAEncryption');
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-server.crt', $x509->saveX509($result));
     $output->writeln('Generating background service client private key...');
     $privKey = new \Crypt_RSA();
     $key = $privKey->createKey(2048);
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-client.key', $key['privatekey']);
     $privKey->loadKey($key['privatekey']);
     $output->writeln('Generating background service client certificate...');
     $pubKey = new \Crypt_RSA();
     $pubKey->loadKey($key['publickey']);
     $pubKey->setPublicKey();
     $subject = new \File_X509();
     $subject->setPublicKey($pubKey);
     $subject->setDNProp('id-at-organizationName', 'OpenVJ Background Service Client Certificate');
     foreach ($options as $prop => $val) {
         $subject->setDNProp('id-at-' . $prop, $val);
     }
     $issuer = new \File_X509();
     $issuer->setPrivateKey($CAPrivKey);
     $issuer->setDN($CASubject);
     $x509 = new \File_X509();
     $x509->setStartDate('-1 month');
     $x509->setEndDate('+3 year');
     $x509->setSerialNumber(chr(1));
     $x509->loadX509($x509->saveX509($x509->sign($issuer, $subject, 'sha256WithRSAEncryption')));
     $x509->setExtension('id-ce-keyUsage', array('digitalSignature', 'keyEncipherment', 'dataEncipherment'));
     $x509->setExtension('id-ce-extKeyUsage', array('id-kp-serverAuth', 'id-kp-clientAuth'));
     $result = $x509->sign($issuer, $x509, 'sha256WithRSAEncryption');
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-client.crt', $x509->saveX509($result));
 }