setup_certstore_form();
break;
case "setup_certstore":
printHeader('Setup CA Certificate Store');
setup_certstore($_POST['certstore_path']);
break;
case "create_ca_form":
printHeader('Creating new Root CA - Part 1');
create_ca_form();
break;
case "create_ca":
$_SESSION['my_ca'] = $_POST['cert_dn']['commonName'];
include "./include/settings.php";
$_SESSION['config'] = $config;
printHeader('Creating new Root CA - Part 2');
create_ca($config['certstore_path'], $_POST['device_type'], $_POST['cert_dn'], $_POST['passphrase']);
break;
case "delete_ca_form":
printHeader('Delete a CA');
delete_ca_form();
break;
case "delete_ca":
$delete_check['errors'] = FALSE;
$delete_check['valid_text'] = TRUE;
$delete_check['valid_ca_name'] = TRUE;
if (!($_POST['confirm_text'] === 'DELETEME')) {
$delete_check['errors'] = TRUE;
$delete_check['valid_text'] = FALSE;
}
if ($page_variables['ca_name'] === 'zzzDELETECAzzz') {
$delete_check['errors'] = TRUE;
$contents = file_get_contents($file_contents);
openssl_pkcs12_read($pkcs12, $cert, $pass);
while ($msg = openssl_error_string()) {
echo $msg . "<br />\n";
}
openssl_private_decrypt($contents, $decrypted, $cert['pkey']);
if ($plain === $decrypted) {
echo "+Ok, decrypt succ!\n";
} else {
echo "-Err, decrypt fail!(" . __LINE__ . ")\n";
}
}
if (!is_dir($path)) {
mkdir($path, 0775);
} else {
exec("rm -fr {$path}/*", $out, $ret);
}
create_ca();
create_cert();
check_cert();
encrypt();
decrypt();
/*
* 测试:
* (1)CA 证书不过期,用户证书过期
* (2)CA 证书过期,用户证书不过期
*
* 结论:
* (1)CA 证书过期,则用户证书验证失败
* (2)CA 证书有效,用户证书过期,则验证失败
*/
