/**
* @test
*
* @uses Lcobucci\JWT\RsaKeys
*
* @covers Lcobucci\JWT\Signer\Keychain::getPublicKey
*/
public function getPublicKeyShouldReturnAValidResource()
{
$keychain = new Keychain();
$publicKey = $keychain->getPublicKey($this->publicRsaContent());
$this->assertInternalType('resource', $publicKey);
$this->assertEquals(openssl_pkey_get_details($publicKey), openssl_pkey_get_details($this->publicRsa()));
}
/**
* @param $data
*
* @throws \Exception
* @throws \FG\ASN1\Exception\ParserException
*
* @return array
*/
private function loadPEM($data)
{
$res = openssl_pkey_get_private($data);
if (false === $res) {
$res = openssl_pkey_get_public($data);
}
if (false === $res) {
throw new \Exception('Unable to load the key');
}
$details = openssl_pkey_get_details($res);
if (!array_key_exists('rsa', $details)) {
throw new \Exception('Unable to load the key');
}
foreach ($details['rsa'] as $key => $value) {
$value = Base64Url::encode($value);
if ($key === 'dmp1') {
$this->dp = $value;
} elseif ($key === 'dmq1') {
$this->dq = $value;
} elseif ($key === 'iqmp') {
$this->qi = $value;
} else {
$this->{$key} = $value;
}
}
}
/**
* @param string $sString
* @param string $sKey = ''
*
* @return string|false
*/
public static function EncryptStringRSA($sString, $sKey = '')
{
$sResult = '';
$sKey = \md5($sKey);
$sPrivateKey = \RainLoop\Utils::RsaPrivateKey();
if (!empty($sPrivateKey)) {
$oPrivKey = \openssl_pkey_get_private($sPrivateKey);
$oKeyDetails = \openssl_pkey_get_details($oPrivKey);
if (!empty($oKeyDetails['key']) && !empty($oKeyDetails['bits'])) {
$oPubKey = \openssl_pkey_get_public($oKeyDetails['key']);
$iC = $oKeyDetails['bits'] / 8 - 15;
$aString = \str_split($sString, $iC);
foreach ($aString as $iIndex => $sLine) {
$sEncrypted = '';
\openssl_public_encrypt($sLine, $sEncrypted, $oPubKey);
$aString[$iIndex] = $sEncrypted;
}
$aString[] = $sKey;
$sResult = @\serialize($aString);
\openssl_free_key($oPubKey);
}
\openssl_free_key($oPrivKey);
}
return $sResult;
}
public function run()
{
if (strrev($this->input['folder']) !== DIRECTORY_SEPARATOR) {
$this->input['folder'] .= DIRECTORY_SEPARATOR;
}
$files = [];
foreach (['pub', 'key', 'crt', 'csr'] as $extension) {
$files[$extension] = sprintf('%s%s%s.%s', $this->input['folder'], $this->input['prefix'], $this->input['hostname'], $extension);
}
foreach ($files as $file) {
if (file_exists($file)) {
throw new RuntimeException(sprintf('File exist: %s', $file));
}
}
$dn = array("countryName" => $this->input['country'], "stateOrProvinceName" => $this->input['state-or-province-name'], "localityName" => $this->input['locality-name'], "organizationName" => $this->input['organization-name'], "organizationalUnitName" => $this->input['organizational-unit-name'], "commonName" => $this->input['common-name'], "emailAddress" => $this->input['email-address']);
// Create the private and public key
$res = openssl_pkey_new(['digest_alg' => $this->input['alg'], 'private_key_bits' => $this->input['bits'], 'private_key_type' => OPENSSL_KEYTYPE_RSA]);
// Generate a certificate signing request
$csr = openssl_csr_new(array_filter($dn), $res);
// Creates a self-signed cert
$sscert = openssl_csr_sign($csr, null, $res, $this->input['days']);
openssl_csr_export($csr, $out);
file_put_contents($files['csr'], $out);
// Export certfile
openssl_x509_export($sscert, $out);
file_put_contents($files['crt'], $out);
// Extract the private key from $res to $privKey
openssl_pkey_export($res, $out);
file_put_contents($files['key'], $out);
// Extract the public key from $res to $pubKey
$out = openssl_pkey_get_details($res);
file_put_contents($files['pub'], $out["key"]);
}
/**
* Fetches public key from the remote certificate
*
* @param $url
* @return string|false
*/
protected function fetchPublicKey($url)
{
$cache = \Yii::$app->cache;
$cacheKey = 'paypal-public-key-' . md5($url);
$publicKey = $cache->get($cacheKey);
if ($publicKey) {
return $publicKey;
}
// trying to fetch certificate
$cert = @file_get_contents($url);
if (!$cert) {
return false;
}
$key = openssl_pkey_get_public($cert);
if (!$key) {
return false;
}
$keyData = openssl_pkey_get_details($key);
$result = ArrayHelper::getValue($keyData, 'key', false);
if (!$result) {
return false;
}
$cache->add($cacheKey, $result);
return $result;
}
public function createToken($sKey)
{
if (!Phpfox::getParam('apps.enable_api_support')) {
$this->error('api.enable_api_support', 'API support for this community is currently disabled.');
return $this->_sendResponse();
}
if (empty($sKey)) {
$this->error('api.unable_to_find_api_key', 'Unable to find API key.');
return $this->_sendResponse();
}
$aApp = $this->database()->select('a.*, ai.user_id AS installed_user_id')->from(Phpfox::getT('app_key'), 'ak')->join($this->_sTable, 'a', 'a.app_id = ak.app_id')->join(Phpfox::getT('app_installed'), 'ai', 'ai.app_id = a.app_id AND ai.user_id = ak.user_id')->where('ak.key_check = \'' . $this->database()->escape($sKey) . '\'')->execute('getSlaveRow');
if (!isset($aApp['app_id'])) {
$this->error('api.unable_to_find_api_key', 'Unable to find API key.');
return $this->_sendResponse();
}
$res = openssl_pkey_new($this->_aOpenSSLConfig);
openssl_pkey_export($res, $privKey, $aApp['private_key'], $this->_aOpenSSLConfig);
$pubKey = openssl_pkey_get_details($res);
if ($sPlugin = Phpfox_Plugin::get('api.service_api_createtoken_1')) {
eval($sPlugin);
}
$this->database()->delete(Phpfox::getT('app_access'), 'app_id = ' . $aApp['app_id'] . ' AND user_id = ' . $aApp['installed_user_id']);
$this->database()->insert(Phpfox::getT('app_access'), array('app_id' => $aApp['app_id'], 'user_id' => $aApp['installed_user_id'], 'token' => md5($pubKey['key']), 'token_key' => $pubKey['key'], 'token_private' => $privKey, 'time_stamp' => PHPFOX_TIME));
return json_encode(array('token' => base64_encode($pubKey['key'])));
}
/**
* Generates a new key pair with the given length in bits.
*
* @api
* @param int $bits length of the key
* @return KeyPair generated key pair
*/
public function generate($bits = 2048)
{
if (!is_int($bits)) {
throw new \InvalidArgumentException(sprintf("\$bits must be of type int, %s given", gettype($bits)));
}
if ($bits < 2048) {
throw new \InvalidArgumentException("Keys with fewer than 2048 bits are not allowed!");
}
$configFile = $defaultConfigFile = __DIR__ . "/../res/openssl.cnf";
if (class_exists("Phar") && !empty(Phar::running(true))) {
$configContent = file_get_contents($configFile);
$configFile = tempnam(sys_get_temp_dir(), "acme_openssl_");
file_put_contents($configFile, $configContent);
register_shutdown_function(function () use($configFile) {
@unlink($configFile);
});
}
$res = openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_RSA, "private_key_bits" => $bits, "config" => $configFile]);
$success = openssl_pkey_export($res, $privateKey, null, ["config" => $configFile]);
if ($configFile !== $defaultConfigFile) {
@unlink($configFile);
}
if (!$success) {
openssl_pkey_free($res);
throw new \RuntimeException("Key export failed!");
}
$publicKey = openssl_pkey_get_details($res)["key"];
openssl_pkey_free($res);
// clear error buffer, because of minimalistic openssl.cnf
while (openssl_error_string() !== false) {
}
return new KeyPair($privateKey, $publicKey);
}
public static function setUpBeforeClass()
{
$keyResource = openssl_pkey_new();
openssl_pkey_export($keyResource, $privateKey);
self::$publicKey = openssl_pkey_get_details($keyResource)['key'];
self::$privateKey = $privateKey;
}
public function build($filename, $stub)
{
if (file_exists($filename)) {
unlink($filename);
}
$phar = new \Phar($filename, 0, $this->aliasName != '' ? $this->aliasName : basename($filename));
$phar->startBuffering();
$phar->setStub($stub);
if ($this->key !== NULL) {
$privateKey = '';
openssl_pkey_export($this->key, $privateKey);
$phar->setSignatureAlgorithm(\Phar::OPENSSL, $privateKey);
$keyDetails = openssl_pkey_get_details($this->key);
file_put_contents($filename . '.pubkey', $keyDetails['key']);
} else {
$phar->setSignatureAlgorithm($this->selectSignatureType($phar));
}
$basedir = $this->basedir ? $this->basedir : $this->directories[0];
foreach ($this->directories as $directory) {
$phar->buildFromIterator($this->scanner->__invoke($directory), $basedir);
}
if ($this->compression !== \Phar::NONE) {
$phar->compressFiles($this->compression);
}
$phar->stopBuffering();
}
/**
* Parse the key.
*
* @param Key $key
*
* @return ParsedKey
*/
public function parse(Key $key)
{
try {
$resource = $key->getResource();
} catch (KeyFormatException $e) {
throw new KeyParsingException('Fail to load resource for key', 0, $e);
}
$rawData = openssl_pkey_get_details($resource);
if (!is_array($rawData)) {
throw new KeyParsingException(sprintf('Fail to parse key with error: %s', openssl_error_string()));
}
foreach (['type', 'key', 'bits'] as $requiredKey) {
if (!isset($rawData[$requiredKey])) {
throw new KeyParsingException(sprintf('Missing expected key "%s" in OpenSSL key', $requiredKey));
}
}
$details = [];
if ($rawData['type'] === OPENSSL_KEYTYPE_RSA) {
$details = $rawData['rsa'];
} elseif ($rawData['type'] === OPENSSL_KEYTYPE_DSA) {
$details = $rawData['dsa'];
} elseif ($rawData['type'] === OPENSSL_KEYTYPE_DH) {
$details = $rawData['dh'];
}
return new ParsedKey($key, $rawData['key'], $rawData['bits'], $rawData['type'], $details);
}
function t2()
{
$config = array("digest_alg" => "sha256", "private_key_bits" => 2048, "encrypt_key" => 1, "encrypt_key_cipher" => OPENSSL_CIPHER_AES_256_CBC);
// Create the keypair
$res = openssl_pkey_new($config);
var_dump($res);
// Get private key
openssl_pkey_export($res, $privkey, 'libo', $config);
// Get public key
$publickey = openssl_pkey_get_details($res);
$publickey = $publickey["key"];
echo "Private Key:\n{$privkey}\n\nPublic Key:\n{$publickey}\n\n";
$cleartext = '1234 5678 9012 3456';
echo "Clear text:\n{$cleartext}\n\n";
openssl_public_encrypt($cleartext, $crypttext, $publickey);
echo "Crypt text:\n" . base64_encode($crypttext) . "\n";
$priv = openssl_pkey_get_private($privkey, "libo");
var_dump($priv);
if (!$priv) {
echo "\nGet private key fail!\n";
exit(1);
}
openssl_private_decrypt($crypttext, $decrypted, $priv);
echo "\nDecrypted text:\n{$decrypted}\n\n";
}
/**
* return PublicKey
*/
public function getPublicKey()
{
$res = \openssl_pkey_get_private($this->keyMaterial);
$pubkey = \openssl_pkey_get_details($res);
$public = \rtrim(\str_replace("\n", "\r\n", $pubkey['key']), "\r\n");
return new PublicKey($public);
}
function webid_claim()
{
$r = array('uri' => array());
if (isset($_SERVER['SSL_CLIENT_CERT'])) {
$pem = $_SERVER['SSL_CLIENT_CERT'];
if ($pem) {
$x509 = openssl_x509_read($pem);
$pubKey = openssl_pkey_get_public($x509);
$keyData = openssl_pkey_get_details($pubKey);
if (isset($keyData['rsa'])) {
if (isset($keyData['rsa']['n'])) {
$r['m'] = strtolower(array_pop(unpack("H*", $keyData['rsa']['n'])));
}
if (isset($keyData['rsa']['e'])) {
$r['e'] = hexdec(array_shift(unpack("H*", $keyData['rsa']['e'])));
}
}
$d = openssl_x509_parse($x509);
if (isset($d['extensions']) && isset($d['extensions']['subjectAltName'])) {
foreach (explode(', ', $d['extensions']['subjectAltName']) as $elt) {
if (substr($elt, 0, 4) == 'URI:') {
$r['uri'][] = substr($elt, 4);
}
}
}
}
}
return $r;
}
/**
* Generate public and private key
* @param array $options
*/
public function generateKeys(array $options = self::DEFAULT_PUBLIC_KEY_OPTIONS)
{
$keys = openssl_pkey_new($options);
$this->publicKey = openssl_pkey_get_details($keys)["key"];
openssl_pkey_export($keys, $this->privateKey);
openssl_pkey_free($keys);
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$init = $this->getHelper('init')->getInit();
$basedir = $init->getBaseDir();
$fprikey = $basedir . '/app/config/key/';
$fpubkey = $basedir . '/app/config/key/';
$namePri = "private.pkey";
$namePub = "public.pkey";
if (!file_exists($fprikey . $namePri) || !file_exists($fpubkey . $namePub)) {
if (!file_exists($fprikey)) {
mkdir($fprikey, 0777, true);
}
if (!file_exists($fpubkey)) {
mkdir($fpubkey, 0777, true);
}
$key = openssl_pkey_new();
openssl_pkey_export($key, $privatekey);
$publickey = openssl_pkey_get_details($key);
$publickey = $publickey["key"];
file_put_contents($fprikey . $namePri, $privatekey);
file_put_contents($fpubkey . $namePub, $publickey);
$output->writeln("Chaves geradas com sucesso!");
} else {
$output->writeln("Chaves já existem!");
}
}
static public function get_keys($login,$full_name) {
$CA_CERT = base_url()."data/key/CA_DOC.csr";
$CA_KEY = base_url()."data/key/CA_DOC_priv.key";
$config = array(
"private_key_type"=>OPENSSL_KEYTYPE_RSA,
"private_key_bits"=>512
);
$res = openssl_pkey_new($config);
$privKey = '';
openssl_pkey_export($res,$privKey);
$arr = array(
"organizationName" => "Фізична особа",
"organizationalUnitName" => "Фізична особа",
"commonName" => $full_name,
"UID" => $login,
"countryName" => "UA"
);
$csr = openssl_csr_new($arr,$privKey);
$cert = openssl_csr_sign($csr,file_get_contents($CA_CERT),file_get_contents($CA_KEY),730);
openssl_x509_export($cert,$str_cert);
$public_key = openssl_pkey_get_public($str_cert);
$public_key_details = openssl_pkey_get_details($public_key);
$public_key_string = $public_key_details['key'];
return array('private'=>$privKey,'cert'=>$str_cert,'public'=>$public_key_string);
}
/**
* Returns if the key type is equals with expected type
*
* @param resource $key
*
* @return boolean
*/
private function validateKey($key)
{
$details = openssl_pkey_get_details($key);
if (!isset($details['key']) || $details['type'] !== $this->getType()) {
throw new InvalidArgumentException('The type of given key does not match with this signer');
}
}
public function testCreate()
{
$container = ContainerLoader::buildTestContainer();
$em = $container->get('doctrine.orm.entity_manager');
$client = new Client();
$client->setClientId($token = 'test-client-' . rand());
$client->setClientSecret('very-secure');
$client->setRedirectUri(array('http://brentertainment.com'));
$em->persist($client);
$em->flush();
$public_key = new ClientPublicKey();
$public_key->setClient($client);
// create and set the public key
$res = openssl_pkey_new();
// Extract the public key from $res to $pubKey
$pubKeyDetails = openssl_pkey_get_details($res);
$pubKey = $pubKeyDetails['key'];
$public_key->setPublicKey($pubKey);
$em->persist($public_key);
$em->flush();
// test direct access
$stored = $em->find('OAuth2\\ServerBundle\\Entity\\ClientPublicKey', array('client_id' => $client->getClientId()));
$this->assertNotNull($stored);
$this->assertEquals($pubKey, $stored->getPublicKey());
}
/**
* Raise an exception when the key type is not the expected type
*
* @param resource $key
*
* @expectedException InvalidArgumentException
*/
private function validateKey($key)
{
$details = openssl_pkey_get_details($key);
if (!isset($details['key']) || $details['type'] !== OPENSSL_KEYTYPE_RSA) {
throw new InvalidArgumentException('This key is not compatible with RSA signatures');
}
}
public static function generateKeyPair($passPhrase)
{
$config = ['digest_alg' => 'sha512', 'private_key_bits' => 4096, 'private_key_type' => OPENSSL_KEYTYPE_RSA];
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privateKey, $passPhrase);
$publicKey = openssl_pkey_get_details($res)['key'];
return new KeyPair($privateKey, $publicKey);
}
/**
* Generate a NEW key pair and store the details in the database
*
* The rsa_pairs table is used to store a public and private key as well as a created timestamp
* This timestamp is used to track the "age" of a pair, and remove old/unused pairs
*/
public function initialize()
{
$pair = openssl_pkey_new();
$keyDetails = openssl_pkey_get_details($pair);
$this->pubKey = $keyDetails['key'];
openssl_pkey_export($pair, $this->privKey);
sqlQuery("INSERT into rsa_pairs (public,private,created) values (?,?,NOW())", array($this->get_pubKeyJS(), $this->privKey));
}
public function __construct()
{
$res = openssl_pkey_new();
openssl_pkey_export($res, $privkey);
$this->privkey = $privkey;
$pubkey = openssl_pkey_get_details($res);
$this->pubkey = $pubkey['key'];
}
public function __construct($passphrase = null)
{
$res = openssl_pkey_new($this->getConfig());
openssl_pkey_export($res, $privKey, $passphrase);
$this->privateKey = $privKey;
$pubKey = openssl_pkey_get_details($res);
$this->publicKey = $pubKey["key"];
}
function rsa_generate_keys($password, $bits = 2048, $digest_algorithm = 'sha256')
{
$res = openssl_pkey_new(array('digest_alg' => $digest_algorithm, 'private_key_bits' => $bits, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
openssl_pkey_export($res, $private_key, $password);
$public_key = openssl_pkey_get_details($res);
$public_key = $public_key['key'];
return array('private_key' => $private_key, 'public_key' => $public_key);
}
public function testNotSignedByKey()
{
$privateKey = openssl_pkey_new();
$details = openssl_pkey_get_details($privateKey);
$publicKey = openssl_pkey_get_public($details['key']);
$signature = new Signature('Hello, world!', 'foobar', 'sha1WithRSAEncryption');
$this->assertFalse($signature->isSignedByKey($publicKey));
}
/**
* @param resource $private_or_public_key_resource
* @return bool
* @throws \Cyh\Jose\Encryption\Exception\UnexpectedValueException
*/
protected function validateKey($private_or_public_key_resource)
{
$details = openssl_pkey_get_details($private_or_public_key_resource);
if (!is_array($details) || !isset($details['type']) || OPENSSL_KEYTYPE_RSA !== $details['type']) {
throw new UnexpectedValueException('Invalid key. : ' . openssl_error_string());
}
return true;
}
function guardarLlavePublica($ruta){
// get the public key $keyDetails['key'] from the private key;
$keyDetails = openssl_pkey_get_details($this->llave);
file_put_contents($ruta.'/llavePublica.pem', $keyDetails['key']);
return true;
}
/**
* Generate key pair to use with JWT Bearer grant type.
*
* @return array of $privKey and $pubKey
*/
public function generateKeyPair()
{
$key = openssl_pkey_new();
openssl_pkey_export($key, $privKey);
$details = openssl_pkey_get_details($key);
$pubKey = $details["key"];
return array($privKey, $pubKey);
}
function new_user($user, $email, $password)
{
validate_username($user);
validate_email($email);
validate_password($password);
$salt = sha1(time());
$hashed_pass = sha1($salt . $password);
$avatar = make_ext_url('media/default_avatar.jpg');
// Generate a new RSA key pair
$res = openssl_pkey_new();
openssl_pkey_export($res, $priv_key);
$pub_key = openssl_pkey_get_details($res);
$pub_key = $pub_key['key'];
$query = "INSERT INTO `users`
(`User_name`, `E-mail`, `Password`, `Salt`, `Priv_key`, `Pub_key`, `Avatar`)
VALUES ('@v','@v','@v','@v','@v','@v', '@v')";
$this->query($query, $user, $email, $hashed_pass, $salt,
base64_encode($priv_key), base64_encode($pub_key), $avatar);
}
/**
* WebSite-PHP file utils_openssl.inc.php
*
* WebSite-PHP : PHP Framework 100% object (http://www.website-php.com)
* Copyright (c) 2009-2015 WebSite-PHP.com
* PHP versions >= 5.2
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @author Emilien MOREL <*****@*****.**>
* @link http://www.website-php.com
* @copyright WebSite-PHP.com 12/05/2015
* @version 1.2.13
* @access public
* @since 1.0.67
*/
function createKeys($passphrase = 'passphrase', $private_key_bits = 1024, $private_key_type = OPENSSL_KEYTYPE_RSA, $encrypte_key = true)
{
if (!extension_loaded('openssl')) {
throw new NewException("Please activate openssl php lib, to use encryption.", 0, getDebugBacktrace(1));
} else {
$openssl_conf_file = str_replace("\\", "/", dirname(__FILE__)) . '/../config/openssl.cnf';
if (!file_exists($openssl_conf_file)) {
throw new NewException("openssl.cnf doesn't exists (" . $openssl_conf_file . ").", 0, getDebugBacktrace(1));
}
// Create the keypair
$config_key = array("config" => $openssl_conf_file, "digest_alg" => "sha1", "x509_extensions" => "v3_ca", "req_extensions" => "v3_req", "private_key_bits" => $private_key_bits, "private_key_type" => $private_key_type, "encrypte_key" => $encrypte_key);
$res = openssl_pkey_new($config_key);
if ($res != false) {
// Get private key. A pass phrase is required for proper encryption/decryption.
openssl_pkey_export($res, $privkey, $passphrase, $config_key);
// Get public key
$pubkey = openssl_pkey_get_details($res);
$pubkey = $pubkey['key'];
$keys = array();
$keys['private'] = $privkey;
$keys['public'] = $pubkey;
openssl_pkey_free($res);
return $keys;
} else {
$error = "";
while ($msg = openssl_error_string()) {
$error .= $msg . "<br />\n";
}
$error = "Error generation private key" . ($error != "" ? " : " . $error : "");
throw new NewException($error, 0, getDebugBacktrace(1));
}
}
return null;
}