setup_certstore_form(); break; case "setup_certstore": printHeader('Setup CA Certificate Store'); setup_certstore($_POST['certstore_path']); break; case "create_ca_form": printHeader('Creating new Root CA - Part 1'); create_ca_form(); break; case "create_ca": $_SESSION['my_ca'] = $_POST['cert_dn']['commonName']; include "./include/settings.php"; $_SESSION['config'] = $config; printHeader('Creating new Root CA - Part 2'); create_ca($config['certstore_path'], $_POST['device_type'], $_POST['cert_dn'], $_POST['passphrase']); break; case "delete_ca_form": printHeader('Delete a CA'); delete_ca_form(); break; case "delete_ca": $delete_check['errors'] = FALSE; $delete_check['valid_text'] = TRUE; $delete_check['valid_ca_name'] = TRUE; if (!($_POST['confirm_text'] === 'DELETEME')) { $delete_check['errors'] = TRUE; $delete_check['valid_text'] = FALSE; } if ($page_variables['ca_name'] === 'zzzDELETECAzzz') { $delete_check['errors'] = TRUE;
$contents = file_get_contents($file_contents); openssl_pkcs12_read($pkcs12, $cert, $pass); while ($msg = openssl_error_string()) { echo $msg . "<br />\n"; } openssl_private_decrypt($contents, $decrypted, $cert['pkey']); if ($plain === $decrypted) { echo "+Ok, decrypt succ!\n"; } else { echo "-Err, decrypt fail!(" . __LINE__ . ")\n"; } } if (!is_dir($path)) { mkdir($path, 0775); } else { exec("rm -fr {$path}/*", $out, $ret); } create_ca(); create_cert(); check_cert(); encrypt(); decrypt(); /* * 测试: * (1)CA 证书不过期,用户证书过期 * (2)CA 证书过期,用户证书不过期 * * 结论: * (1)CA 证书过期,则用户证书验证失败 * (2)CA 证书有效,用户证书过期,则验证失败 */