public function run()
{
if (strrev($this->input['folder']) !== DIRECTORY_SEPARATOR) {
$this->input['folder'] .= DIRECTORY_SEPARATOR;
}
$files = [];
foreach (['pub', 'key', 'crt', 'csr'] as $extension) {
$files[$extension] = sprintf('%s%s%s.%s', $this->input['folder'], $this->input['prefix'], $this->input['hostname'], $extension);
}
foreach ($files as $file) {
if (file_exists($file)) {
throw new RuntimeException(sprintf('File exist: %s', $file));
}
}
$dn = array("countryName" => $this->input['country'], "stateOrProvinceName" => $this->input['state-or-province-name'], "localityName" => $this->input['locality-name'], "organizationName" => $this->input['organization-name'], "organizationalUnitName" => $this->input['organizational-unit-name'], "commonName" => $this->input['common-name'], "emailAddress" => $this->input['email-address']);
// Create the private and public key
$res = openssl_pkey_new(['digest_alg' => $this->input['alg'], 'private_key_bits' => $this->input['bits'], 'private_key_type' => OPENSSL_KEYTYPE_RSA]);
// Generate a certificate signing request
$csr = openssl_csr_new(array_filter($dn), $res);
// Creates a self-signed cert
$sscert = openssl_csr_sign($csr, null, $res, $this->input['days']);
openssl_csr_export($csr, $out);
file_put_contents($files['csr'], $out);
// Export certfile
openssl_x509_export($sscert, $out);
file_put_contents($files['crt'], $out);
// Extract the private key from $res to $privKey
openssl_pkey_export($res, $out);
file_put_contents($files['key'], $out);
// Extract the public key from $res to $pubKey
$out = openssl_pkey_get_details($res);
file_put_contents($files['pub'], $out["key"]);
}
/**
* @param SigningDetails $dn
* @param null $privateKey
* @param null $privkeypass
* @param int $numberofdays
* @return array
* @throws \Exception
*/
function generate(SigningDetails $dn, $privateKey = null, $privkeypass = null, $numberofdays = 365)
{
if ($privateKey === null) {
$privkey = $this->generatePrivateKey();
} elseif (is_string($privateKey)) {
$privkey = openssl_pkey_get_private($privateKey);
} else {
throw new \Exception('Invalid format for private key');
}
if (!$privkey) {
throw new \Exception('Invalid private key');
}
$csr = @openssl_csr_new($dn->toArray(), $privkey);
if (!$csr) {
throw new \Exception('Failed create signing request. Input likely invalid.');
}
$sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays);
if (!$sscert) {
throw new \Exception('Failed create signing request. Input likely invalid.');
}
openssl_x509_export($sscert, $publickey);
$privatekey = null;
if (!openssl_pkey_export($privkey, $privatekey, $privkeypass)) {
throw new \Exception('Private key generatio failed');
}
/*$csrStr = null;
if(!openssl_csr_export($csr, $csrStr)){
throw new \Exception('CSR generation failed');
}*/
return [$publickey, $privatekey];
}
function generateSslKeypair($commonName, $keyLength)
{
$key = openssl_pkey_new(array("private_key_bits" => $keyLength));
$default = getDefaultConfPath();
if (file_exists($default . "/cert-overrides.ini")) {
$confFile = $default . "/cert-overrides.ini";
} else {
$confFile = $_SERVER["DOCUMENT_ROOT"] . "/conf/cert.ini";
}
$certConf = parse_ini_file($confFile, true);
$dn = $certConf["dn"];
$dn["commonName"] = $commonName;
$cert = openssl_csr_new($dn, $key);
// Creating a new X509 Certificate Signing Request
if ($e = error_get_last()) {
// Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
throw new Exception("Error occured:" . $e["message"]);
}
$signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => $confFile, "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
// Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
if (!$signed) {
throw new Exception("Error occured while signing certificate");
}
openssl_pkey_export($key, $privateKey);
// Export private-key to $privateKey
openssl_x509_export($signed, $clientCert);
// Export signed-certificate to $clientCert without Extra Details
return array($clientCert, $privateKey);
}
function createNewcertificate()
{
global $gbl, $login, $ghtml;
$cerpath = "server.crt";
$keypath = "server.key";
$requestpath = "a.csr";
$ltemp["countryName"] = "IN";
$ltemp["stateOrProvinceName"] = "Bn";
$ltemp["localityName"] = "Bn";
$ltemp["organizationName"] = "LxCenter";
$ltemp["organizationalUnitName"] = "Kloxo";
$ltemp["commonName"] = "Kloxo";
$ltemp["emailAddress"] = "*****@*****.**";
$privkey = openssl_pkey_new();
openssl_pkey_export_to_file($privkey, $keypath);
$csr = openssl_csr_new($ltemp, $privkey);
openssl_csr_export_to_file($csr, $requestpath);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
openssl_x509_export_to_file($sscert, $cerpath);
$src = getcwd();
$dest = '/usr/local/lxlabs/kloxo/ext/lxhttpd/conf';
root_execsys("lxfilesys_mkdir", $dest . "/ssl.crt/");
root_execsys("lxfilesys_mkdir", $dest . "/ssl.key/");
root_execsys("lxfilesys_mv", "{$src}/{$cerpath}", $dest . "/ssl.crt/" . $cerpath);
root_execsys("lxfilesys_mv", "{$src}/{$keypath}", $dest . "/ssl.key/" . $cerpath);
root_execsys("lxfilesys_mv", "{$src}/{$requestpath}", "{$dest}/{$requestpath}");
}
function generateSslKeypair($commonName, $mail, $keyLength)
{
$key = openssl_pkey_new(array("private_key_bits" => $keyLength));
$certConf = parse_ini_file("cert.conf", true);
$dn = $certConf["dn"];
$dn["commonName"] = $commonName;
$dn["emailAddress"] = $mail;
$cert = openssl_csr_new($dn, $key);
// Creating a new X509 Certificate Signing Request
if ($e = error_get_last()) {
// Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
throw new Exception("Error occured:" . $e["message"]);
}
$signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => "../core/cert.conf", "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
// Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
if (!$signed) {
throw new Exception("Error occured while signing certificate");
}
openssl_pkey_export($key, $privateKey);
// Export private-key to $privateKey
openssl_x509_export($signed, $clientCert, FALSE);
// Export signed-certificate to $clientCert
openssl_x509_export($signed, $publicKey);
// Export public-key from the signed-certificate to $publicKey
return array($clientCert, $publicKey, $privateKey);
}
private function getCSRFromFile($file)
{
$rsa = $this->getFile($file);
$csr = openssl_csr_new(array(), $rsa);
openssl_csr_export($csr, $csr_out);
return $csr_out;
}
/**
* Creates a new key pair for the encryption or gets the existing key pair (if one already has been generated).
*
* There should only be one key pair per request because the second private key would overwrites the first private
* key. So the submitting the form with the first public key would not work anymore.
*
* @return \TYPO3\CMS\Rsaauth\Keypair|NULL a key pair or NULL in case of error
*/
public function createNewKeyPair()
{
/** @var $keyPair \TYPO3\CMS\Rsaauth\Keypair */
$keyPair = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Keypair');
if ($keyPair->isReady()) {
return $keyPair;
}
$privateKey = @openssl_pkey_new();
if ($privateKey !== FALSE) {
// Create private key as string
$privateKeyStr = '';
openssl_pkey_export($privateKey, $privateKeyStr);
// Prepare public key information
$exportedData = '';
$csr = openssl_csr_new(array('localityName' => 'foo', 'organizationName' => 'bar'), $privateKey);
openssl_csr_export($csr, $exportedData, FALSE);
// Get public key (in fact modulus) and exponent
$publicKey = $this->extractPublicKeyModulus($exportedData);
$exponent = $this->extractExponent($exportedData);
$keyPair->setExponent($exponent);
$keyPair->setPrivateKey($privateKeyStr);
$keyPair->setPublicKey($publicKey);
// Clean up all resources
openssl_free_key($privateKey);
} else {
$keyPair = NULL;
}
return $keyPair;
}
/**
* Generate a CSR object with SANs from the given distinguishedName and keyPair.
*
* @param CertificateRequest $certificateRequest
*
* @return mixed
*/
protected function createCsrWithSANsObject(CertificateRequest $certificateRequest)
{
$sslConfigTemplate = <<<'EOL'
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @req_subject_alt_name
[ req_subject_alt_name ]
%s
EOL;
$sslConfigDomains = [];
$distinguishedName = $certificateRequest->getDistinguishedName();
$domains = array_merge([$distinguishedName->getCommonName()], $distinguishedName->getSubjectAlternativeNames());
foreach (array_values($domains) as $index => $domain) {
$sslConfigDomains[] = 'DNS.' . ($index + 1) . ' = ' . $domain;
}
$sslConfigContent = sprintf($sslConfigTemplate, implode("\n", $sslConfigDomains));
$sslConfigFile = tempnam(sys_get_temp_dir(), 'acmephp_');
try {
file_put_contents($sslConfigFile, $sslConfigContent);
$resource = $certificateRequest->getKeyPair()->getPrivateKey()->getResource();
$csr = openssl_csr_new($this->getCSRPayload($distinguishedName), $resource, ['digest_alg' => 'sha256', 'config' => $sslConfigFile]);
if (!$csr) {
throw new CSRSigningException(sprintf('OpenSSL CSR signing failed with error: %s', openssl_error_string()));
}
return $csr;
} finally {
unlink($sslConfigFile);
}
}
/**
* Creates a new public/private key pair using PHP OpenSSL extension.
*
* @return tx_rsaauth_keypair A new key pair or null in case of error
* @see tx_rsaauth_abstract_backend::createNewKeyPair()
*/
public function createNewKeyPair()
{
$result = null;
$privateKey = @openssl_pkey_new();
if ($privateKey) {
// Create private key as string
$privateKeyStr = '';
openssl_pkey_export($privateKey, $privateKeyStr);
// Prepare public key information
$exportedData = '';
$csr = openssl_csr_new(array(), $privateKey);
openssl_csr_export($csr, $exportedData, false);
// Get public key (in fact modulus) and exponent
$publicKey = $this->extractPublicKeyModulus($exportedData);
$exponent = $this->extractExponent($exportedData);
// Create result object
$result = t3lib_div::makeInstance('tx_rsaauth_keypair');
/* @var $result tx_rsaauth_keypair */
$result->setExponent($exponent);
$result->setPrivateKey($privateKeyStr);
$result->setPublicKey($publicKey);
// Clean up all resources
openssl_free_key($privateKey);
}
return $result;
}
/**
* {@inheritdoc}
*/
public function generate(KeyPair $keyPair, array $domains)
{
if (!($privateKey = openssl_pkey_get_private($keyPair->getPrivate()))) {
// TODO: Improve error message
throw new AcmeException("Couldn't use private key.");
}
$san = implode(",", array_map(function ($dns) {
return "DNS:{$dns}";
}, $domains));
// http://www.heise.de/netze/rfc/rfcs/rfc7633.shtml
// http://www.heise.de/netze/rfc/rfcs/rfc6066.shtml
$mustStaple = $this->mustStaple ? "tlsfeature = status_request" : "";
$tempFile = tempnam(sys_get_temp_dir(), "acme-openssl-config-");
$tempConf = <<<EOL
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
{$mustStaple}
[ req_distinguished_name ]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation
subjectAltName = {$san}
EOL;
(yield \Amp\File\put($tempFile, $tempConf));
$csr = openssl_csr_new(["CN" => reset($domains)], $privateKey, ["digest_alg" => "sha256", "config" => $tempFile]);
(yield \Amp\File\unlink($tempFile));
if (!$csr) {
// TODO: Improve error message
throw new AcmeException("CSR could not be generated.");
}
(yield new CoroutineResult(openssl_csr_export($csr, $csr)));
}
static public function get_keys($login,$full_name) {
$CA_CERT = base_url()."data/key/CA_DOC.csr";
$CA_KEY = base_url()."data/key/CA_DOC_priv.key";
$config = array(
"private_key_type"=>OPENSSL_KEYTYPE_RSA,
"private_key_bits"=>512
);
$res = openssl_pkey_new($config);
$privKey = '';
openssl_pkey_export($res,$privKey);
$arr = array(
"organizationName" => "Фізична особа",
"organizationalUnitName" => "Фізична особа",
"commonName" => $full_name,
"UID" => $login,
"countryName" => "UA"
);
$csr = openssl_csr_new($arr,$privKey);
$cert = openssl_csr_sign($csr,file_get_contents($CA_CERT),file_get_contents($CA_KEY),730);
openssl_x509_export($cert,$str_cert);
$public_key = openssl_pkey_get_public($str_cert);
$public_key_details = openssl_pkey_get_details($public_key);
$public_key_string = $public_key_details['key'];
return array('private'=>$privKey,'cert'=>$str_cert,'public'=>$public_key_string);
}
public function makeKeys($distinguishedName, $passphrase = NULL, $certCA = NULL, $keyCA)
{
// keep track of the distinguished name
$this->dn = $distinguishedName;
// generate the pem-encoded private key
$config = array('digest_alg' => 'sha1', 'private_key_bits' => 1024, 'encrypt_key' => TRUE);
$key = openssl_pkey_new($config);
// generate the certificate signing request...
$csr = openssl_csr_new($this->dn, $key, $config);
// and use it to make a self-signed certificate
$this->serialNumber = rand();
$cert = openssl_csr_sign($csr, NULL, $key, 365, $config, time());
// make openssl forget the key
openssl_free_key($keyCA);
// export private and public keys
openssl_pkey_export($key, $this->privatekey, $passphrase, $config);
//openssl_pkey_export_to_file ( $this->privatekey , "server.key", $passphrase, $config )
openssl_x509_export($cert, $this->certificate);
// parse certificate
$this->x509 = openssl_x509_parse($cert);
if (isset($this->serialNumber)) {
$outfilename = '/var/www/html/' . $this->serialNumber;
// Gets an exportable representation of a key into a file
openssl_pkey_export_to_file($key, $outfilename . '.pem', $passphrase, $config);
}
openssl_x509_export_to_file($this->certificate, $outfilename . '.crt', TRUE);
return TRUE;
// end of makeKeys() method
}
/**
* Creates a new public/private key pair using PHP OpenSSL extension.
*
* @return \TYPO3\CMS\Rsaauth\Keypair A new key pair or NULL in case of error
* @see tx_rsaauth_abstract_backend::createNewKeyPair()
*/
public function createNewKeyPair()
{
$result = NULL;
$privateKey = @openssl_pkey_new();
if ($privateKey) {
// Create private key as string
$privateKeyStr = '';
openssl_pkey_export($privateKey, $privateKeyStr);
// Prepare public key information
$exportedData = '';
$csr = openssl_csr_new(array(), $privateKey);
openssl_csr_export($csr, $exportedData, FALSE);
// Get public key (in fact modulus) and exponent
$publicKey = $this->extractPublicKeyModulus($exportedData);
$exponent = $this->extractExponent($exportedData);
// Create result object
$result = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Keypair');
/** @var $result \TYPO3\CMS\Rsaauth\Keypair */
$result->setExponent($exponent);
$result->setPrivateKey($privateKeyStr);
$result->setPublicKey($publicKey);
// Clean up all resources
openssl_free_key($privateKey);
}
return $result;
}
public static function setUpBeforeClass()
{
self::$pKey = openssl_pkey_new();
$csr = openssl_csr_new([], self::$pKey);
$x509 = openssl_csr_sign($csr, null, self::$pKey, 1);
openssl_x509_export($x509, self::$certificate);
openssl_x509_free($x509);
}
/**
*
*/
private function generate()
{
if ($this->request === null) {
$commonName = iconv("UTF-8", "ASCII//TRANSLIT", $this->commonName);
$privateKeyResource = $this->privateKey->asResource();
$csr = openssl_csr_new(['CN' => substr($commonName, 0, 64), 'emailAddress' => $this->emailAddress], $privateKeyResource);
$this->request = $csr;
}
}
public function createHandle()
{
$this->validate();
$result = openssl_csr_new($this->information, $this->privateKey, $this->getInternalOptions());
if (!$result) {
throw new OpenSslException("Failed to create CSR handle");
}
return $result;
}
private function createSSLCert()
{
$privKey = openssl_pkey_new();
$cert = openssl_csr_new(self::$pemDN, $privKey);
$cert = openssl_csr_sign($cert, null, $privKey, 365);
$pem = [];
openssl_x509_export($cert, $pem[0]);
openssl_pkey_export($privKey, $pem[1], self::PEM_PASSPHRASE);
$pem = implode($pem);
file_put_contents($this->pemFile, $pem);
chmod($this->pemFile, 0600);
}
/**
* @param array $dn
* @param null $passPhrase
*
* @return string
*/
public function create(array $dn, $passPhrase = null)
{
$config = $this->getConfig();
$key = openssl_pkey_new($config);
$crt = openssl_csr_new($dn, $key, $config);
$crt = openssl_csr_sign($crt, null, $key, 365, $config);
$x509 = null;
$pKey = null;
openssl_x509_export($crt, $x509);
openssl_pkey_export($key, $pKey, $passPhrase, $config);
return $x509 . $pKey;
}
function create_ssl_cert($pem_file, $pem_passphrase, $pem_dn)
{
$privkey = openssl_pkey_new();
$cert = openssl_csr_new($pem_dn, $privkey);
$cert = openssl_csr_sign($cert, null, $privkey, 365);
$pem = array();
openssl_x509_export($cert, $pem[0]);
openssl_pkey_export($privkey, $pem[1], $pem_passphrase);
$pem = implode($pem);
file_put_contents($pem_file, $pem);
chmod($pem_file, 0600);
}
/**
* Generates a new PEM File given the informations
*
* @param string $pem_file the path of the PEM file to create
* @param string $pem_passphrase the passphrase to protect the PEM
* file or if you don't want to
* use a passphrase
* @param string $country_name the country code of the new PEM file. e.g.: EN
* @param string $state_or_province_name the state or province name of the new PEM file
* @param string $locality_name the name of the locality
* @param string $organization_name the name of the organisation. e.g.: MyCompany
* @param string $organizational_unit_name the organisation unit name
* @param string $common_name the common name
* @param string $email_address the email address
*/
public static function generatePemFile($pem_file, $pem_passphrase, $country_name, $state_or_province_name, $locality_name, $organization_name, $organizational_unit_name, $common_name, $email_address)
{
// Generate PEM file
$dn = array('countryName' => $country_name, 'stateOrProvinceName' => $state_or_province_name, 'localityName' => $locality_name, 'organizationName' => $organization_name, 'organizationalUnitName' => $organizational_unit_name, 'commonName' => $common_name, 'emailAddress' => $email_address);
$privkey = openssl_pkey_new();
$cert = openssl_csr_new($dn, $privkey);
$cert = openssl_csr_sign($cert, null, $privkey, 365);
$pem = array();
openssl_x509_export($cert, $pem[0]);
openssl_pkey_export($privkey, $pem[1], $pem_passphrase);
$pem = implode($pem);
file_put_contents($pem_file, $pem);
}
function generateKeys($passphrase)
{
$identity = Zend_Auth::getInstance()->getIdentity();
$dn = array("countryName" => $this->_config->countryName, "stateOrProvinceName" => $this->_config->stateOrProvinceName, "localityName" => $this->_config->localityName, "organizationName" => $this->_config->organizationName, "organizationalUnitName" => $this->_config->organizationUnitName, "commonName" => $identity->firstName . " " . $identity->lastName . "(" . $identity->username . ")", "emailAddress" => $this->_config->emailAddress);
$privkey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privkey);
$sscert = openssl_csr_sign($csr, null, $privkey, $this->_config->numberOfDays);
openssl_x509_export($sscert, $publickey);
openssl_pkey_export($privkey, $privatekey);
openssl_csr_export($csr, $csrStr);
$this->publicKey = $publickey;
$this->privateKey = $this->_encryptPrivateKey($privatekey, $passphrase);
}
public function signCertificate($cacert = null, $days = 365)
{
\debug("OpenSSL CSR: Signing certificate (cacert=%s, days=%d)", $cacert ? 'yes' : 'no', $days);
$this->csr = openssl_csr_new($this->dn, $this->pkey);
// Default serial to 0
if ($this->serial) {
$serial = $this->serial;
} else {
$serial = 0;
}
$this->signed = openssl_csr_sign($this->csr, $cacert, $this->pkey, $days, [], $serial);
// Return true on success
return true;
}
/**
* Generate a pkcs12 file and private key to use with remote desktoping.
*
* @param string $password
* @return RemoteDesktopCertificate
*/
public static function generate()
{
if (!extension_loaded('openssl')) {
throw new \RuntimeException("Can only generate a remote desktop certificate when OpenSSL PHP extension is installed.");
}
// Generate a new private (and public) key pair
$config = array('config' => __DIR__ . '/../Resources/config/openssl.cnf');
$privkey = openssl_pkey_new($config);
// Generate a certificate signing request
$dn = array("commonName" => "AzureDistributionBundle for Symfony Tools");
$csr = openssl_csr_new($dn, $privkey, $config);
$sscert = openssl_csr_sign($csr, null, $privkey, 365, $config);
return new self($privkey, $sscert);
}
/**
* Generates a new key pair and returns it as an array, which has
* 0 => Public Key
* 1 => Exponent
* 3 => Private Key
*
* @return array
*/
public function createKeys()
{
// Initialize
$keyResource = openssl_pkey_new();
$csr = openssl_csr_new(array(), $keyResource);
// Export the private key
openssl_pkey_export($keyResource, $privateKey);
// Export the public key
openssl_csr_export($csr, $data, FALSE);
preg_match('/Modulus:\\n?(?P<publicKey>[a-f0-9:\\s]+)\\s*Exponent:\\s*(?P<exponent>[0-9]+)/', $data, $matches);
$publicKey = trim(strtoupper(substr(preg_replace('/[\\s\\n\\r:]+/', '', $matches['publicKey']), 2)));
$exponent = (int) $matches['exponent'];
openssl_free_key($keyResource);
return array($publicKey, $exponent, $privateKey);
}
protected function execute($arguments = array(), $options = array())
{
if (!extension_loaded('openssl')) {
throw Exception('this task requires the openssl php extension, see http://www.php.net/openssl');
}
$days = null;
while (!is_numeric($days)) {
$days = $this->ask('The Days of Validity (default:365)');
if (!$days) {
$days = 365;
}
}
while (!($phrase = $this->ask('Private Key Phrase'))) {
}
$country = null;
while (!($country = strtoupper($this->ask('Country Name (2 letter code)'))) || strlen($country) != 2) {
$this->logBlock('invalid format.', 'ERROR');
}
while (!($state = $this->ask('State or Province Name (full name)'))) {
}
while (!($locality = $this->ask('Locality Name (eg,city)'))) {
}
while (!($org = $this->ask('Organization Name(eg,company)'))) {
}
while (!($orgUnit = $this->ask('Organization Unit Name(eg,section)'))) {
}
while (!($common = $this->ask('Common Name(eg,Your name)'))) {
}
while (!($email = $this->ask('Email Address'))) {
}
$dn = array('countryName' => $country, 'stateOrProvinceName' => $state, 'localityName' => $locality, 'organizationName' => $org, 'organizationalUnitName' => $orgUnit, 'commonName' => $common, 'emailAddress' => $email);
$dirname = sfConfig::get('sf_plugins_dir') . '/opOpenSocialPlugin/certs';
$filesystem = new sfFilesystem($this->dispatcher, $this->formatter);
$filesystem->mkdirs($dirname);
$privatekey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privatekey);
$sscert = openssl_csr_sign($csr, null, $privatekey, $days);
openssl_x509_export($sscert, $certout);
openssl_pkey_export($privatekey, $pkeyout, $phrase);
$cert_filename = $dirname . '/public.crt';
file_put_contents($cert_filename, $certout);
$this->logSection('file+', $cert_filename);
$pkey_filename = $dirname . '/private.key';
file_put_contents($pkey_filename, $pkeyout);
$this->logSection('file+', $pkey_filename);
$databaseManager = new sfDatabaseManager($this->configuration);
Doctrine::getTable('SnsConfig')->set('shindig_private_key_phrase', $phrase);
}
public function createUserCert($filename)
{
$dn = (array) $this;
$privateKeyPass = $this->generate_password();
//$filename = dirname(__FILE__) . '/certificate.pfx';
$numberOfDays = 365 * 3;
$privateKey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privateKey);
$sscert = openssl_csr_sign($csr, null, $privateKey, $numberOfDays);
//create a csr file, change null to a filename to save it if you need to
$key = openssl_pkey_get_private($privateKey, $privateKeyPass);
//parses the $privateKey and prepares it for use by openssl_pkcs12_export_to_file.
openssl_pkcs12_export_to_file($sscert, $filename, $key, $privateKeyPass);
//Save the pfx file to $filename
return $privateKeyPass;
}
function gen_new_keypair($expired = false)
{
$config = array('private_key_bits' => 384, 'digest_alg' => 'sha1', 'private_key_type' => OPENSSL_KEYTYPE_RSA);
$privkey = openssl_pkey_new($config);
$pw = "c0nfusa";
$dn = array("countryName" => 'NO', "localityName" => 'Drammen', "organizationName" => 'Austad IT', "commonName" => 'austad.us', "emailAddress" => '*****@*****.**');
$csr = openssl_csr_new($dn, $privkey);
if ($expired) {
$cert = openssl_csr_sign($csr, null, $privkey, -1);
} else {
$cert = openssl_csr_sign($csr, null, $privkey, 14);
}
openssl_pkey_export($privkey, $privkeystr, $pw);
openssl_x509_export($cert, $certstr);
openssl_csr_export($csr, $csrstr);
return array('key' => $privkeystr, 'cert' => $certstr, 'csr' => $csrstr, 'pw' => $pw);
}
/**
* Gera um no certificado
* @param string $file Local do Arquivo.
* @return object.
*/
public function generatePassword($file = 'certificate.crt')
{
$dn = [];
if ($this->getStateOrProvinceName() !== false) {
$dn['stateOrProvinceName'] = $this->getStateOrProvinceName();
}
if ($this->getLocalityName() !== false) {
$dn['localityName'] = $this->getLocalityName();
}
if ($this->getOrganizationName() !== false) {
$dn['organizationName'] = $this->getOrganizationName();
}
if ($this->getCountryName() !== false) {
$dn['countryName'] = $this->getCountryName();
}
if ($this->getOrganizationalUnitName() !== false) {
$dn['organizationalUnitName'] = $this->getOrganizationalUnitName();
}
if ($this->getCommonName() !== false) {
$dn['commonName'] = $this->getCommonName();
}
if ($this->getEmailAddress() !== false) {
$dn['emailAddress'] = $this->getEmailAddress();
}
$private_key = openssl_pkey_new();
$csr = openssl_csr_new($dn, $private_key);
openssl_csr_export_to_file($csr, DIR_ROOT . $file, true);
openssl_csr_export_to_file($csr, DIR_ROOT . preg_replace('/(\\..*)$/', '-details$1', $file), false);
openssl_csr_export($csr, $password);
$this->password = $password;
return $this;
}
function create_cert()
{
global $file_pkcs12, $file_x509, $file_ca_x509, $file_ca_pkey;
global $pass, $config, $dn, $expire_time;
$ca_x509 = file_get_contents($file_ca_x509);
$ca_pkey = file_get_contents($file_ca_pkey);
$req_key = openssl_pkey_new($config);
$req_csr = openssl_csr_new($dn, $req_key);
// CA sign
$req_cert = openssl_csr_sign($req_csr, $ca_x509, [$ca_pkey, $pass], $expire_time);
// SELF sign
// 自签证书不能验证有效期
//$req_cert = openssl_csr_sign($req_csr, null, $req_key, $expire_time);
$ret = openssl_x509_export_to_file($req_cert, $file_x509);
if (!$ret) {
while ($msg = openssl_error_string()) {
echo $msg . "<br />\n";
}
echo "-Err, create x509 fail!(" . __LINE__ . ")\n";
exit(1);
}
$ret = openssl_pkcs12_export_to_file($req_cert, $file_pkcs12, $req_key, $pass);
if (!$ret) {
while ($msg = openssl_error_string()) {
echo $msg . "<br />\n";
}
echo "-Err, create pkcs12 fail!(" . __LINE__ . ")\n";
exit(1);
}
echo "+Ok, create keys succ!\n";
}
public function generateKeyPair($keyPath, $keySize)
{
// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$dn = array("countryName" => "UK", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "*****@*****.**");
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new(array('private_key_bits' => $keySize, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
$sscert = openssl_csr_sign($csr, null, $privkey, 365000);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
// openssl_csr_export($csr, $csrout);
// echo $csrout . "\n";
openssl_x509_export($sscert, $certout);
file_put_contents($keyPath . '/public.crt', $certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword");
file_put_contents($keyPath . '/private.key', $pkeyout);
}
