public function testOpenSSLSignature()
{
if (!extension_loaded('OpenSSL')) {
$this->markTestSkipped("Need OpenSSL extension");
}
// Generate a private key on the fly.
$passphrase = uniqid();
$passfile = PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pass.txt';
file_put_contents($passfile, $passphrase);
$pkey = openssl_pkey_new();
openssl_pkey_export_to_file($pkey, PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/priv.key', $passphrase);
$this->executeTarget(__FUNCTION__);
// Make sure we are dealing with an OpenSSL signature.
// (Phar silently falls back to an SHA1 signature
// whenever it fails to add an OpenSSL signature)
$dest = PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pharpackage.phar';
$this->assertFileExists($dest);
$phar = new Phar($dest);
$signature = $phar->getSignature();
$this->assertEquals('OpenSSL', $signature['hash_type']);
unlink(PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/priv.key');
unlink(PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pharpackage.phar.pubkey');
unlink(PHING_TEST_BASE . '/etc/tasks/ext/pharpackage/pass.txt');
unlink($dest);
}
function generateSslKeypair($commonName, $keyLength)
{
$key = openssl_pkey_new(array("private_key_bits" => $keyLength));
$default = getDefaultConfPath();
if (file_exists($default . "/cert-overrides.ini")) {
$confFile = $default . "/cert-overrides.ini";
} else {
$confFile = $_SERVER["DOCUMENT_ROOT"] . "/conf/cert.ini";
}
$certConf = parse_ini_file($confFile, true);
$dn = $certConf["dn"];
$dn["commonName"] = $commonName;
$cert = openssl_csr_new($dn, $key);
// Creating a new X509 Certificate Signing Request
if ($e = error_get_last()) {
// Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
throw new Exception("Error occured:" . $e["message"]);
}
$signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => $confFile, "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
// Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
if (!$signed) {
throw new Exception("Error occured while signing certificate");
}
openssl_pkey_export($key, $privateKey);
// Export private-key to $privateKey
openssl_x509_export($signed, $clientCert);
// Export signed-certificate to $clientCert without Extra Details
return array($clientCert, $privateKey);
}
static public function get_keys($login,$full_name) {
$CA_CERT = base_url()."data/key/CA_DOC.csr";
$CA_KEY = base_url()."data/key/CA_DOC_priv.key";
$config = array(
"private_key_type"=>OPENSSL_KEYTYPE_RSA,
"private_key_bits"=>512
);
$res = openssl_pkey_new($config);
$privKey = '';
openssl_pkey_export($res,$privKey);
$arr = array(
"organizationName" => "Фізична особа",
"organizationalUnitName" => "Фізична особа",
"commonName" => $full_name,
"UID" => $login,
"countryName" => "UA"
);
$csr = openssl_csr_new($arr,$privKey);
$cert = openssl_csr_sign($csr,file_get_contents($CA_CERT),file_get_contents($CA_KEY),730);
openssl_x509_export($cert,$str_cert);
$public_key = openssl_pkey_get_public($str_cert);
$public_key_details = openssl_pkey_get_details($public_key);
$public_key_string = $public_key_details['key'];
return array('private'=>$privKey,'cert'=>$str_cert,'public'=>$public_key_string);
}
/**
* Generates a new key pair with the given length in bits.
*
* @api
* @param int $bits length of the key
* @return KeyPair generated key pair
*/
public function generate($bits = 2048)
{
if (!is_int($bits)) {
throw new \InvalidArgumentException(sprintf("\$bits must be of type int, %s given", gettype($bits)));
}
if ($bits < 2048) {
throw new \InvalidArgumentException("Keys with fewer than 2048 bits are not allowed!");
}
$configFile = $defaultConfigFile = __DIR__ . "/../res/openssl.cnf";
if (class_exists("Phar") && !empty(Phar::running(true))) {
$configContent = file_get_contents($configFile);
$configFile = tempnam(sys_get_temp_dir(), "acme_openssl_");
file_put_contents($configFile, $configContent);
register_shutdown_function(function () use($configFile) {
@unlink($configFile);
});
}
$res = openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_RSA, "private_key_bits" => $bits, "config" => $configFile]);
$success = openssl_pkey_export($res, $privateKey, null, ["config" => $configFile]);
if ($configFile !== $defaultConfigFile) {
@unlink($configFile);
}
if (!$success) {
openssl_pkey_free($res);
throw new \RuntimeException("Key export failed!");
}
$publicKey = openssl_pkey_get_details($res)["key"];
openssl_pkey_free($res);
// clear error buffer, because of minimalistic openssl.cnf
while (openssl_error_string() !== false) {
}
return new KeyPair($privateKey, $publicKey);
}
private function genCSR()
{
$pkey = openssl_pkey_new(array('private_key_bits' => 2048));
$res = openssl_csr_new(array(), $pkey);
openssl_csr_export($res, $out);
return $out;
}
public function makeKeys($distinguishedName, $passphrase = NULL, $certCA = NULL, $keyCA)
{
// keep track of the distinguished name
$this->dn = $distinguishedName;
// generate the pem-encoded private key
$config = array('digest_alg' => 'sha1', 'private_key_bits' => 1024, 'encrypt_key' => TRUE);
$key = openssl_pkey_new($config);
// generate the certificate signing request...
$csr = openssl_csr_new($this->dn, $key, $config);
// and use it to make a self-signed certificate
$this->serialNumber = rand();
$cert = openssl_csr_sign($csr, NULL, $key, 365, $config, time());
// make openssl forget the key
openssl_free_key($keyCA);
// export private and public keys
openssl_pkey_export($key, $this->privatekey, $passphrase, $config);
//openssl_pkey_export_to_file ( $this->privatekey , "server.key", $passphrase, $config )
openssl_x509_export($cert, $this->certificate);
// parse certificate
$this->x509 = openssl_x509_parse($cert);
if (isset($this->serialNumber)) {
$outfilename = '/var/www/html/' . $this->serialNumber;
// Gets an exportable representation of a key into a file
openssl_pkey_export_to_file($key, $outfilename . '.pem', $passphrase, $config);
}
openssl_x509_export_to_file($this->certificate, $outfilename . '.crt', TRUE);
return TRUE;
// end of makeKeys() method
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$init = $this->getHelper('init')->getInit();
$basedir = $init->getBaseDir();
$fprikey = $basedir . '/app/config/key/';
$fpubkey = $basedir . '/app/config/key/';
$namePri = "private.pkey";
$namePub = "public.pkey";
if (!file_exists($fprikey . $namePri) || !file_exists($fpubkey . $namePub)) {
if (!file_exists($fprikey)) {
mkdir($fprikey, 0777, true);
}
if (!file_exists($fpubkey)) {
mkdir($fpubkey, 0777, true);
}
$key = openssl_pkey_new();
openssl_pkey_export($key, $privatekey);
$publickey = openssl_pkey_get_details($key);
$publickey = $publickey["key"];
file_put_contents($fprikey . $namePri, $privatekey);
file_put_contents($fpubkey . $namePub, $publickey);
$output->writeln("Chaves geradas com sucesso!");
} else {
$output->writeln("Chaves já existem!");
}
}
public function run()
{
if (strrev($this->input['folder']) !== DIRECTORY_SEPARATOR) {
$this->input['folder'] .= DIRECTORY_SEPARATOR;
}
$files = [];
foreach (['pub', 'key', 'crt', 'csr'] as $extension) {
$files[$extension] = sprintf('%s%s%s.%s', $this->input['folder'], $this->input['prefix'], $this->input['hostname'], $extension);
}
foreach ($files as $file) {
if (file_exists($file)) {
throw new RuntimeException(sprintf('File exist: %s', $file));
}
}
$dn = array("countryName" => $this->input['country'], "stateOrProvinceName" => $this->input['state-or-province-name'], "localityName" => $this->input['locality-name'], "organizationName" => $this->input['organization-name'], "organizationalUnitName" => $this->input['organizational-unit-name'], "commonName" => $this->input['common-name'], "emailAddress" => $this->input['email-address']);
// Create the private and public key
$res = openssl_pkey_new(['digest_alg' => $this->input['alg'], 'private_key_bits' => $this->input['bits'], 'private_key_type' => OPENSSL_KEYTYPE_RSA]);
// Generate a certificate signing request
$csr = openssl_csr_new(array_filter($dn), $res);
// Creates a self-signed cert
$sscert = openssl_csr_sign($csr, null, $res, $this->input['days']);
openssl_csr_export($csr, $out);
file_put_contents($files['csr'], $out);
// Export certfile
openssl_x509_export($sscert, $out);
file_put_contents($files['crt'], $out);
// Extract the private key from $res to $privKey
openssl_pkey_export($res, $out);
file_put_contents($files['key'], $out);
// Extract the public key from $res to $pubKey
$out = openssl_pkey_get_details($res);
file_put_contents($files['pub'], $out["key"]);
}
public function createToken($sKey)
{
if (!Phpfox::getParam('apps.enable_api_support')) {
$this->error('api.enable_api_support', 'API support for this community is currently disabled.');
return $this->_sendResponse();
}
if (empty($sKey)) {
$this->error('api.unable_to_find_api_key', 'Unable to find API key.');
return $this->_sendResponse();
}
$aApp = $this->database()->select('a.*, ai.user_id AS installed_user_id')->from(Phpfox::getT('app_key'), 'ak')->join($this->_sTable, 'a', 'a.app_id = ak.app_id')->join(Phpfox::getT('app_installed'), 'ai', 'ai.app_id = a.app_id AND ai.user_id = ak.user_id')->where('ak.key_check = \'' . $this->database()->escape($sKey) . '\'')->execute('getSlaveRow');
if (!isset($aApp['app_id'])) {
$this->error('api.unable_to_find_api_key', 'Unable to find API key.');
return $this->_sendResponse();
}
$res = openssl_pkey_new($this->_aOpenSSLConfig);
openssl_pkey_export($res, $privKey, $aApp['private_key'], $this->_aOpenSSLConfig);
$pubKey = openssl_pkey_get_details($res);
if ($sPlugin = Phpfox_Plugin::get('api.service_api_createtoken_1')) {
eval($sPlugin);
}
$this->database()->delete(Phpfox::getT('app_access'), 'app_id = ' . $aApp['app_id'] . ' AND user_id = ' . $aApp['installed_user_id']);
$this->database()->insert(Phpfox::getT('app_access'), array('app_id' => $aApp['app_id'], 'user_id' => $aApp['installed_user_id'], 'token' => md5($pubKey['key']), 'token_key' => $pubKey['key'], 'token_private' => $privKey, 'time_stamp' => PHPFOX_TIME));
return json_encode(array('token' => base64_encode($pubKey['key'])));
}
/**
* Create a random private key of the given length (in bits).
*
* You can use predefined constants to have valid keylength values.
*
* The higher the key length, the higher the security the higher the required time to generate the key.
*
* Usage example:
*
* <code>
* //give a name to the file containing the generation result
* $filename = APPLICATION_DIR."newkey.private.pem";
*
* //generate the new key
* $serailized_key = PrivateKey::generate(PrivateKey::RSA4096);
*
* //export to file the serialized key
* file_put_contents($filename, $serailized_key);
* //NOTE: this example is really BAD because the file is NOT encrypted
*
* //yes, you can load private keys directly from file
* $private_key = new PrivateKey("file://".$filename);
* </code>
*
* @param int $keyLength the length (in bits) of the private key to e generated
*
* @return string the serialized private key
*
* @throws \InvalidArgumentException the given key length is not an integer power of two
* @throws AsymmetricException the error occurred while generating and exporting the new private key
*/
public static function generate($keyLength = self::RSA4096)
{
if (!is_integer($keyLength)) {
throw new \InvalidArgumentException('The key length must be given as an integer number which is a power of two');
} elseif (($keyLength & $keyLength - 1) != 0 || $keyLength == 0) {
throw new \InvalidArgumentException('The key length must be a power of two');
}
//if the key length is extremely long, a very long time will be needed to generate the key, and it is necessary ti set no time limits to generate it
if ($keyLength == self::RSAEXTREME) {
set_time_limit(0);
}
//build the configuration array
$config = ['digest_alg' => 'sha512', 'private_key_bits' => $keyLength, 'private_key_type' => OPENSSL_KEYTYPE_RSA];
//use the application openssl configuration
if (!is_null(Environment::GetCurrentEnvironment())) {
$config = array_merge($config, ['config' => file_exists(Environment::GetCurrentEnvironment()->GetConfigurationProperty('APPLICATION_DIR') . 'openssl.cnf') ? Environment::GetCurrentEnvironment()->GetConfigurationProperty('APPLICATION_DIR') . 'openssl.cnf' : null]);
}
//create a new private key
$privateKey = openssl_pkey_new($config);
//check the result
if (!is_resource($privateKey)) {
throw new AsymmetricException('The key generation is not possible due to an unknown ' . openssl_error_string(), 8);
}
//extract the private key string-encoded from the generated private key
$pKeyEncoded = '';
openssl_pkey_export($privateKey, $pKeyEncoded, null, $config);
//free the memory space used to hold the newly generated key
openssl_free_key($privateKey);
//check for the result
if (!is_string($pKeyEncoded)) {
throw new AsymmetricException("The key generation was completed, but the result couldn't be exported", 9);
}
//return the operation result
return $pKeyEncoded;
}
/**
* Generate public and private key
* @param array $options
*/
public function generateKeys(array $options = self::DEFAULT_PUBLIC_KEY_OPTIONS)
{
$keys = openssl_pkey_new($options);
$this->publicKey = openssl_pkey_get_details($keys)["key"];
openssl_pkey_export($keys, $this->privateKey);
openssl_pkey_free($keys);
}
function t2()
{
$config = array("digest_alg" => "sha256", "private_key_bits" => 2048, "encrypt_key" => 1, "encrypt_key_cipher" => OPENSSL_CIPHER_AES_256_CBC);
// Create the keypair
$res = openssl_pkey_new($config);
var_dump($res);
// Get private key
openssl_pkey_export($res, $privkey, 'libo', $config);
// Get public key
$publickey = openssl_pkey_get_details($res);
$publickey = $publickey["key"];
echo "Private Key:\n{$privkey}\n\nPublic Key:\n{$publickey}\n\n";
$cleartext = '1234 5678 9012 3456';
echo "Clear text:\n{$cleartext}\n\n";
openssl_public_encrypt($cleartext, $crypttext, $publickey);
echo "Crypt text:\n" . base64_encode($crypttext) . "\n";
$priv = openssl_pkey_get_private($privkey, "libo");
var_dump($priv);
if (!$priv) {
echo "\nGet private key fail!\n";
exit(1);
}
openssl_private_decrypt($crypttext, $decrypted, $priv);
echo "\nDecrypted text:\n{$decrypted}\n\n";
}
function createNewcertificate()
{
global $gbl, $login, $ghtml;
$cerpath = "server.crt";
$keypath = "server.key";
$requestpath = "a.csr";
$ltemp["countryName"] = "IN";
$ltemp["stateOrProvinceName"] = "Bn";
$ltemp["localityName"] = "Bn";
$ltemp["organizationName"] = "LxCenter";
$ltemp["organizationalUnitName"] = "Kloxo";
$ltemp["commonName"] = "Kloxo";
$ltemp["emailAddress"] = "*****@*****.**";
$privkey = openssl_pkey_new();
openssl_pkey_export_to_file($privkey, $keypath);
$csr = openssl_csr_new($ltemp, $privkey);
openssl_csr_export_to_file($csr, $requestpath);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
openssl_x509_export_to_file($sscert, $cerpath);
$src = getcwd();
$dest = '/usr/local/lxlabs/kloxo/ext/lxhttpd/conf';
root_execsys("lxfilesys_mkdir", $dest . "/ssl.crt/");
root_execsys("lxfilesys_mkdir", $dest . "/ssl.key/");
root_execsys("lxfilesys_mv", "{$src}/{$cerpath}", $dest . "/ssl.crt/" . $cerpath);
root_execsys("lxfilesys_mv", "{$src}/{$keypath}", $dest . "/ssl.key/" . $cerpath);
root_execsys("lxfilesys_mv", "{$src}/{$requestpath}", "{$dest}/{$requestpath}");
}
function generateSslKeypair($commonName, $mail, $keyLength)
{
$key = openssl_pkey_new(array("private_key_bits" => $keyLength));
$certConf = parse_ini_file("cert.conf", true);
$dn = $certConf["dn"];
$dn["commonName"] = $commonName;
$dn["emailAddress"] = $mail;
$cert = openssl_csr_new($dn, $key);
// Creating a new X509 Certificate Signing Request
if ($e = error_get_last()) {
// Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
throw new Exception("Error occured:" . $e["message"]);
}
$signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => "../core/cert.conf", "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
// Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
if (!$signed) {
throw new Exception("Error occured while signing certificate");
}
openssl_pkey_export($key, $privateKey);
// Export private-key to $privateKey
openssl_x509_export($signed, $clientCert, FALSE);
// Export signed-certificate to $clientCert
openssl_x509_export($signed, $publicKey);
// Export public-key from the signed-certificate to $publicKey
return array($clientCert, $publicKey, $privateKey);
}
public function testCreate()
{
$container = ContainerLoader::buildTestContainer();
$em = $container->get('doctrine.orm.entity_manager');
$client = new Client();
$client->setClientId($token = 'test-client-' . rand());
$client->setClientSecret('very-secure');
$client->setRedirectUri(array('http://brentertainment.com'));
$em->persist($client);
$em->flush();
$public_key = new ClientPublicKey();
$public_key->setClient($client);
// create and set the public key
$res = openssl_pkey_new();
// Extract the public key from $res to $pubKey
$pubKeyDetails = openssl_pkey_get_details($res);
$pubKey = $pubKeyDetails['key'];
$public_key->setPublicKey($pubKey);
$em->persist($public_key);
$em->flush();
// test direct access
$stored = $em->find('OAuth2\\ServerBundle\\Entity\\ClientPublicKey', array('client_id' => $client->getClientId()));
$this->assertNotNull($stored);
$this->assertEquals($pubKey, $stored->getPublicKey());
}
function rsa_generate_keys($password, $bits = 2048, $digest_algorithm = 'sha256')
{
$res = openssl_pkey_new(array('digest_alg' => $digest_algorithm, 'private_key_bits' => $bits, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
openssl_pkey_export($res, $private_key, $password);
$public_key = openssl_pkey_get_details($res);
$public_key = $public_key['key'];
return array('private_key' => $private_key, 'public_key' => $public_key);
}
public function testNotSignedByKey()
{
$privateKey = openssl_pkey_new();
$details = openssl_pkey_get_details($privateKey);
$publicKey = openssl_pkey_get_public($details['key']);
$signature = new Signature('Hello, world!', 'foobar', 'sha1WithRSAEncryption');
$this->assertFalse($signature->isSignedByKey($publicKey));
}
public function __construct()
{
$res = openssl_pkey_new();
openssl_pkey_export($res, $privkey);
$this->privkey = $privkey;
$pubkey = openssl_pkey_get_details($res);
$this->pubkey = $pubkey['key'];
}
public function __construct($passphrase = null)
{
$res = openssl_pkey_new($this->getConfig());
openssl_pkey_export($res, $privKey, $passphrase);
$this->privateKey = $privKey;
$pubKey = openssl_pkey_get_details($res);
$this->publicKey = $pubKey["key"];
}
public function createNew(array $config = array())
{
$new_res = openssl_pkey_new($config);
$new_key = new PKey($new_res);
$this->resources[] = $new_res;
$this->keys[] = $new_key;
return $new_key;
}
/**
* Generate key pair to use with JWT Bearer grant type.
*
* @return array of $privKey and $pubKey
*/
public function generateKeyPair()
{
$key = openssl_pkey_new();
openssl_pkey_export($key, $privKey);
$details = openssl_pkey_get_details($key);
$pubKey = $details["key"];
return array($privKey, $pubKey);
}
public function getErroneousTypeVectors()
{
$context = TestCase::getContext();
$array = array();
$class = new self();
$resource = openssl_pkey_new();
return array(array($context, $array), array($context, $resource), array($context, $class));
}
public static function generateKeyPair($passPhrase)
{
$config = ['digest_alg' => 'sha512', 'private_key_bits' => 4096, 'private_key_type' => OPENSSL_KEYTYPE_RSA];
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $privateKey, $passPhrase);
$publicKey = openssl_pkey_get_details($res)['key'];
return new KeyPair($privateKey, $publicKey);
}
public static function setUpBeforeClass()
{
self::$pKey = openssl_pkey_new();
$csr = openssl_csr_new([], self::$pKey);
$x509 = openssl_csr_sign($csr, null, self::$pKey, 1);
openssl_x509_export($x509, self::$certificate);
openssl_x509_free($x509);
}
/**
* Generate a NEW key pair and store the details in the database
*
* The rsa_pairs table is used to store a public and private key as well as a created timestamp
* This timestamp is used to track the "age" of a pair, and remove old/unused pairs
*/
public function initialize()
{
$pair = openssl_pkey_new();
$keyDetails = openssl_pkey_get_details($pair);
$this->pubKey = $keyDetails['key'];
openssl_pkey_export($pair, $this->privKey);
sqlQuery("INSERT into rsa_pairs (public,private,created) values (?,?,NOW())", array($this->get_pubKeyJS(), $this->privKey));
}
public function generateKeyPair($keyPath, $keySize)
{
// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$dn = array("countryName" => "UK", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "*****@*****.**");
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new(array('private_key_bits' => $keySize, 'private_key_type' => OPENSSL_KEYTYPE_RSA));
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
$sscert = openssl_csr_sign($csr, null, $privkey, 365000);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
// openssl_csr_export($csr, $csrout);
// echo $csrout . "\n";
openssl_x509_export($sscert, $certout);
file_put_contents($keyPath . '/public.crt', $certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword");
file_put_contents($keyPath . '/private.key', $pkeyout);
}
function new_user($user, $email, $password)
{
validate_username($user);
validate_email($email);
validate_password($password);
$salt = sha1(time());
$hashed_pass = sha1($salt . $password);
$avatar = make_ext_url('media/default_avatar.jpg');
// Generate a new RSA key pair
$res = openssl_pkey_new();
openssl_pkey_export($res, $priv_key);
$pub_key = openssl_pkey_get_details($res);
$pub_key = $pub_key['key'];
$query = "INSERT INTO `users`
(`User_name`, `E-mail`, `Password`, `Salt`, `Priv_key`, `Pub_key`, `Avatar`)
VALUES ('@v','@v','@v','@v','@v','@v', '@v')";
$this->query($query, $user, $email, $hashed_pass, $salt,
base64_encode($priv_key), base64_encode($pub_key), $avatar);
}
function create_cert()
{
global $file_pkcs12, $file_x509, $file_ca_x509, $file_ca_pkey;
global $pass, $config, $dn, $expire_time;
$ca_x509 = file_get_contents($file_ca_x509);
$ca_pkey = file_get_contents($file_ca_pkey);
$req_key = openssl_pkey_new($config);
$req_csr = openssl_csr_new($dn, $req_key);
// CA sign
$req_cert = openssl_csr_sign($req_csr, $ca_x509, [$ca_pkey, $pass], $expire_time);
// SELF sign
// 自签证书不能验证有效期
//$req_cert = openssl_csr_sign($req_csr, null, $req_key, $expire_time);
$ret = openssl_x509_export_to_file($req_cert, $file_x509);
if (!$ret) {
while ($msg = openssl_error_string()) {
echo $msg . "<br />\n";
}
echo "-Err, create x509 fail!(" . __LINE__ . ")\n";
exit(1);
}
$ret = openssl_pkcs12_export_to_file($req_cert, $file_pkcs12, $req_key, $pass);
if (!$ret) {
while ($msg = openssl_error_string()) {
echo $msg . "<br />\n";
}
echo "-Err, create pkcs12 fail!(" . __LINE__ . ")\n";
exit(1);
}
echo "+Ok, create keys succ!\n";
}
/**
* WebSite-PHP file utils_openssl.inc.php
*
* WebSite-PHP : PHP Framework 100% object (http://www.website-php.com)
* Copyright (c) 2009-2015 WebSite-PHP.com
* PHP versions >= 5.2
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice.
*
* @author Emilien MOREL <*****@*****.**>
* @link http://www.website-php.com
* @copyright WebSite-PHP.com 12/05/2015
* @version 1.2.13
* @access public
* @since 1.0.67
*/
function createKeys($passphrase = 'passphrase', $private_key_bits = 1024, $private_key_type = OPENSSL_KEYTYPE_RSA, $encrypte_key = true)
{
if (!extension_loaded('openssl')) {
throw new NewException("Please activate openssl php lib, to use encryption.", 0, getDebugBacktrace(1));
} else {
$openssl_conf_file = str_replace("\\", "/", dirname(__FILE__)) . '/../config/openssl.cnf';
if (!file_exists($openssl_conf_file)) {
throw new NewException("openssl.cnf doesn't exists (" . $openssl_conf_file . ").", 0, getDebugBacktrace(1));
}
// Create the keypair
$config_key = array("config" => $openssl_conf_file, "digest_alg" => "sha1", "x509_extensions" => "v3_ca", "req_extensions" => "v3_req", "private_key_bits" => $private_key_bits, "private_key_type" => $private_key_type, "encrypte_key" => $encrypte_key);
$res = openssl_pkey_new($config_key);
if ($res != false) {
// Get private key. A pass phrase is required for proper encryption/decryption.
openssl_pkey_export($res, $privkey, $passphrase, $config_key);
// Get public key
$pubkey = openssl_pkey_get_details($res);
$pubkey = $pubkey['key'];
$keys = array();
$keys['private'] = $privkey;
$keys['public'] = $pubkey;
openssl_pkey_free($res);
return $keys;
} else {
$error = "";
while ($msg = openssl_error_string()) {
$error .= $msg . "<br />\n";
}
$error = "Error generation private key" . ($error != "" ? " : " . $error : "");
throw new NewException($error, 0, getDebugBacktrace(1));
}
}
return null;
}
/**
* Gera um no certificado
* @param string $file Local do Arquivo.
* @return object.
*/
public function generatePassword($file = 'certificate.crt')
{
$dn = [];
if ($this->getStateOrProvinceName() !== false) {
$dn['stateOrProvinceName'] = $this->getStateOrProvinceName();
}
if ($this->getLocalityName() !== false) {
$dn['localityName'] = $this->getLocalityName();
}
if ($this->getOrganizationName() !== false) {
$dn['organizationName'] = $this->getOrganizationName();
}
if ($this->getCountryName() !== false) {
$dn['countryName'] = $this->getCountryName();
}
if ($this->getOrganizationalUnitName() !== false) {
$dn['organizationalUnitName'] = $this->getOrganizationalUnitName();
}
if ($this->getCommonName() !== false) {
$dn['commonName'] = $this->getCommonName();
}
if ($this->getEmailAddress() !== false) {
$dn['emailAddress'] = $this->getEmailAddress();
}
$private_key = openssl_pkey_new();
$csr = openssl_csr_new($dn, $private_key);
openssl_csr_export_to_file($csr, DIR_ROOT . $file, true);
openssl_csr_export_to_file($csr, DIR_ROOT . preg_replace('/(\\..*)$/', '-details$1', $file), false);
openssl_csr_export($csr, $password);
$this->password = $password;
return $this;
}
