function createNewcertificate()
{
global $gbl, $login, $ghtml;
$cerpath = "server.crt";
$keypath = "server.key";
$requestpath = "a.csr";
$ltemp["countryName"] = "IN";
$ltemp["stateOrProvinceName"] = "Bn";
$ltemp["localityName"] = "Bn";
$ltemp["organizationName"] = "LxCenter";
$ltemp["organizationalUnitName"] = "Kloxo";
$ltemp["commonName"] = "Kloxo";
$ltemp["emailAddress"] = "*****@*****.**";
$privkey = openssl_pkey_new();
openssl_pkey_export_to_file($privkey, $keypath);
$csr = openssl_csr_new($ltemp, $privkey);
openssl_csr_export_to_file($csr, $requestpath);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
openssl_x509_export_to_file($sscert, $cerpath);
$src = getcwd();
$dest = '/usr/local/lxlabs/kloxo/ext/lxhttpd/conf';
root_execsys("lxfilesys_mkdir", $dest . "/ssl.crt/");
root_execsys("lxfilesys_mkdir", $dest . "/ssl.key/");
root_execsys("lxfilesys_mv", "{$src}/{$cerpath}", $dest . "/ssl.crt/" . $cerpath);
root_execsys("lxfilesys_mv", "{$src}/{$keypath}", $dest . "/ssl.key/" . $cerpath);
root_execsys("lxfilesys_mv", "{$src}/{$requestpath}", "{$dest}/{$requestpath}");
}
function test_openssl_csr_export_to_file()
{
$csr = openssl_csr_new(null, $ignore);
VERIFY($csr != null);
$tmp = tempnam('/tmp', 'vmopenssltest');
unlink($tmp);
VS(file_get_contents($tmp), false);
openssl_csr_export_to_file($csr, $tmp);
VERIFY(strlen(file_get_contents($tmp)) > 400);
unlink($tmp);
}
/**
* @param string $fileName
* @param bool $verbose
*/
public function exportToFile(string $fileName, bool $verbose = false)
{
openssl_csr_export_to_file($this->getHandle(), $fileName, !$verbose);
}
public function paypal_encrypt_wizard_step2()
{
access::verify_csrf();
$form = self::keyGenerationForm();
if (!$form->validate()) {
self::paypal_encrypt_wizard_step1();
return;
}
$ssldir = str_replace('\\', '/', VARPATH . 'certificate');
$ssldir = rtrim($ssldir, '/') . '/';
if (!is_dir($ssldir)) {
// Create the upload directory
mkdir($ssldir, 0777, TRUE);
}
$prkeyfile = $ssldir . "myprvkey.pem";
$pubcertfile = $ssldir . "mypubcert.pem";
$certreqfile = $ssldir . "mycertreq.pem";
$dn = array("countryName" => $form->encrypt->countryName->value, "stateOrProvinceName" => $form->encrypt->stateOrProvinceName->value, "localityName" => $form->encrypt->localityName->value, "organizationName" => $form->encrypt->organizationName->value, "organizationalUnitName" => $form->encrypt->organizationalUnitName->value, "commonName" => $form->encrypt->commonName->value, "emailAddress" => $form->encrypt->emailAddress->value);
$privkeypass = $form->encrypt->privKeyPass->value;
$numberofdays = 365;
$config = array("private_key_bits" => 1024);
$privkey = openssl_pkey_new($config);
$csr = openssl_csr_new($dn, $privkey);
$sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays);
openssl_x509_export($sscert, $publickey);
openssl_pkey_export($privkey, $privatekey, $privkeypass);
openssl_csr_export($csr, $csrStr);
openssl_x509_export_to_file($sscert, $pubcertfile);
openssl_pkey_export_to_file($privkey, $prkeyfile, $privkeypass);
openssl_csr_export_to_file($csr, $certreqfile);
//echo "Your Public Certificate has been saved to " . $pubcertfile . "<br><br>";
//echo "Your Private Key has been saved to " . $prkeyfile . "<br><br>";
//echo "Your Certificate Request has been saved to " . $certreqfile . "<br><br>";
//echo $privatekey; // Will hold the exported PriKey
//echo $publickey; // Will hold the exported PubKey
//echo $csrStr; // Will hold the exported Certificate
}
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new($SSLcnf);
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey, $SSLcnf);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365, $SSLcnf);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
//CERTIFICADO
openssl_csr_export_to_file($csr, $fncert, false);
//CERTIFICADO AUTO-ASSINADO
openssl_x509_export_to_file($sscert, $fnsscert, false);
//CHAVE PRIVADA (private.pem)
openssl_pkey_export_to_file($privkey, $fnprivate, null, $SSLcnf);
//CHAVE PÚBLICA (public.key)
file_put_contents($fnpublic, openssl_pkey_get_details($privkey)['key']);
/**
* @todo Criar rotinas de interceptação de erros
*
*/
// Show any errors that occurred here
//while (($e = openssl_error_string()) !== false) {
// echo "\n".$e."\n";
//}
function export_csr_to_file()
{
$this->clear_debug_buffer();
// Create empty csr file;
$this->set_csr_file();
openssl_csr_export_to_file($this->csr, FILE_LOCATION . $this->csr_resource_file);
$this->debug("export_csr_to_file");
}
private function genCsrCertFile()
{
openssl_csr_export_to_file($this->csrkey, $this->csrKeyFilename);
}
/**
* Takes the Certificate Signing Request represented
* by $csr and saves it as ascii-armoured text into
* the file named by $outfilename.
* (PHP 4 >= 4.2.0, PHP 5)
*
* @param resource
* @param string
* @param bool
* @return bool
*/
public final function saveCSRtoFile($csr, $outfilename, $notext = true)
{
if (!is_resource($csr)) {
return false;
}
return openssl_csr_export_to_file($csr, $outfilename, $notext);
}
$comN = stripslashes($_POST['commonName']);
$on = stripslashes($_POST['organizationName']);
$oun = stripslashes($_POST['organizationUnitName']);
$mail = stripslashes($_POST['emailAdress']);
$ln = stripslashes($_POST['localityName']);
$sopn = stripslashes($_POST['stateOrProvinceName']);
$cn = stripslashes($_POST['countryName']);
if (isset($cn) && isset($sopn) && isset($ln) && isset($on) && isset($oun) && isset($comN) && isset($mail)) {
//récupération des informations du certificat principal
$CAcrt = "certificat.crt";
$CAkey = array("cles.txt", "monmot2passe");
// Assigne les valeurs du nom distingué à utiliser avec le certificat.
$dn = array("countryName" => $cn, "stateOrProvinceName" => $sopn, "localityName" => $ln, "organizationName" => $on, "organizationalUnitName" => $oun, "commonName" => $comN, "emailAddress" => $mail);
// Génère les clés privée et publique
$privkey = openssl_pkey_new();
// Génère la requête de signature de certificat
$csr = openssl_csr_new($dn, $privkey);
// Cette commande crée une certificat signer par l'autorité supérieur valide 1 ans soit 365 jours
$sscert = openssl_csr_sign($csr, $CAcrt, $CAkey, 365);
// préserver la clé privée, la CSR et le certificat auto-signé,
//de façon à ce qu'ils puissent être installés sur le site internet.
// éléments dans des fichiers.
// Typiquement, l'autorité de certification émettra un "vrai" certificat.
openssl_csr_export_to_file($csr, "requeteSignaturePerso" . $comN . ".txt");
openssl_x509_export_to_file($sscert, "certificatPerso" . $comN . ".txt");
openssl_pkey_export_to_file($privkey, "clesPerso" . $comN . ".txt");
// Affiche les erreurs qui sont survenues
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
}
public static function keygen(&$userid, $info = false)
{
$userid = !$userid ? config::$accountId : $userid;
if (!$userid) {
return false;
}
$dn = is_array($info) ? $info : array("countryName" => strtoupper(gio::input("Country code", "string")), "stateOrProvinceName" => strtoupper(gio::input("State code", "string")), "localityName" => gio::input("City", "string"), "organizationName" => gio::input("Your Name/Your Company Name in Full", "string"), "organizationalUnitName" => 'Digicoin', "commonName" => config::$bankId, "emailAddress" => gio::input("Contact Email Address", "string"));
$privkeypass = config::$privateKeyPassword;
if (!self::cryptoInstalled()) {
gio::log("... Could not generate cryptographic keys for {$userid} ...", E_USER_ERROR);
return false;
}
gio::log("Generating cryptographic keys for {$userid}...", VERBOSE);
try {
$privkey = @openssl_pkey_new(self::$keyOpts);
$privateKey = "";
$csr = @openssl_csr_new($dn, $privkey, self::$keyOpts);
if ($csr) {
openssl_csr_export_to_file($csr, self::getcert($userid));
openssl_pkey_export($privkey, $privatekey, $privkeypass, self::$keyOpts);
gio::savetofile($privatekey, self::getkey($userid, true), config::$privateKeyFileMode);
gio::savetofile($userid, config::$accountIdFile);
config::$accountId = $userid;
} else {
return false;
}
} catch (Exception $e) {
gio::log("Error while generating cryptographic keys for {$userid}: " . $e->message, E_USER_ERROR);
return false;
}
gio::log("... Done generating cryptographic keys for {$userid}", VERBOSE);
return true;
}
/**
* Gera um no certificado
* @param string $file Local do Arquivo.
* @return object.
*/
public function generatePassword($file = 'certificate.crt')
{
$dn = [];
if ($this->getStateOrProvinceName() !== false) {
$dn['stateOrProvinceName'] = $this->getStateOrProvinceName();
}
if ($this->getLocalityName() !== false) {
$dn['localityName'] = $this->getLocalityName();
}
if ($this->getOrganizationName() !== false) {
$dn['organizationName'] = $this->getOrganizationName();
}
if ($this->getCountryName() !== false) {
$dn['countryName'] = $this->getCountryName();
}
if ($this->getOrganizationalUnitName() !== false) {
$dn['organizationalUnitName'] = $this->getOrganizationalUnitName();
}
if ($this->getCommonName() !== false) {
$dn['commonName'] = $this->getCommonName();
}
if ($this->getEmailAddress() !== false) {
$dn['emailAddress'] = $this->getEmailAddress();
}
$private_key = openssl_pkey_new();
$csr = openssl_csr_new($dn, $private_key);
openssl_csr_export_to_file($csr, DIR_ROOT . $file, true);
openssl_csr_export_to_file($csr, DIR_ROOT . preg_replace('/(\\..*)$/', '-details$1', $file), false);
openssl_csr_export($csr, $password);
$this->password = $password;
return $this;
}
