function get_signed_url($url, $private_key, $key_pair_id, $expires, $client_ip = null)
{
$policy = '{' . '"Statement":[' . '{' . '"Resource":"' . $url . '",' . '"Condition":{';
if (!is_null($client_ip)) {
$policy .= '"IpAddress":{"AWS:SourceIp":"' . $client_ip . '/32"},';
}
$policy .= '"DateLessThan":{"AWS:EpochTime":' . $expires . '}' . '}' . '}' . ']' . '}';
// the policy contains characters that cannot be part of a URL, so we base64 encode it
$encoded_policy = url_safe_base64_encode($policy);
// sign the original policy, not the encoded version
$signature = '';
$pkeyid = openssl_get_privatekey($private_key);
// compute signature
openssl_sign($policy, $signature, $pkeyid);
// free the key from memory
openssl_free_key($pkeyid);
// make the signature is safe to be included in a url
$encoded_signature = url_safe_base64_encode($signature);
// combine the above into a signed url
// if the signed url already contains query parameters, attach the new query parameters to the end
// otherwise, add the query parameters
$separator = strpos($url, '?') == FALSE ? '?' : '&';
// no IP restriction means we are using a canned policy
if (!is_null($client_ip)) {
$url .= $separator . "Expires=" . $expires . "&Signature=" . $encoded_signature . "&Key-Pair-Id=" . $key_pair_id;
} else {
$url .= $separator . "Policy=" . $encoded_policy . "&Signature=" . $encoded_signature . "&Key-Pair-Id=" . $key_pair_id;
}
// new lines would break us, so remove them
return str_replace('\\n', '', $url);
}
/**
* @param string $keyFile - path to key file
* @param string $certFile - path to certificate chain file
* @throws \Exception
*/
private function initialize($keyFile, $certFile)
{
if (false === file_exists($keyFile)) {
throw new \InvalidArgumentException('Private key file does not exist');
}
if (false === file_exists($certFile)) {
throw new \InvalidArgumentException('Certificate file does not exist');
}
if ('x509+sha256' === $this->type && !$this->supportsSha256()) {
throw new \Exception('Server does not support x.509+SHA256');
}
$chain = $this->fetchChain($certFile);
if (!is_array($chain) || count($chain) === 0) {
throw new \RuntimeException('Certificate file contains no certificates');
}
foreach ($chain as $cert) {
$this->certificates->addCertificate($cert);
}
$pkeyid = openssl_get_privatekey(file_get_contents($keyFile));
if (false === $pkeyid) {
throw new \InvalidArgumentException('Private key is invalid');
}
$this->privateKey = $pkeyid;
$this->algoConst = $this->type === 'x509+sha256' ? OPENSSL_ALGO_SHA256 : OPENSSL_ALGO_SHA1;
}
function validate_priv_key($priv_key)
{
$key = @openssl_get_privatekey($priv_key);
if($key === false)
throw new invalid_private_key_exception();
}
function getSignedURL($resource, $timeout)
{
//This comes from key pair you generated for cloudfront
$keyPairId = $this->config->item('cloudfront_keyPairId');
$key = $this->config->item('cloudfront_key');
//IMPORTANT: Keep private and not in a web-accessible location
//Set privateKey location based on web url (dev or production)
$privateKey = $this->config->item('cloudfront_keyLocation') . $key;
$expires = time() + $timeout;
//Time out in seconds
$json = '{"Statement":[{"Resource":"' . $resource . '","Condition":{"DateLessThan":{"AWS:EpochTime":' . $expires . '}}}]}';
//Read Cloudfront Private Key Pair
$fp = fopen($privateKey, "r");
$priv_key = fread($fp, 8192);
fclose($fp);
//Create the private key
$key = openssl_get_privatekey($priv_key);
if (!$key) {
echo "<p>Failed to load private key!</p>";
return;
}
//Sign the policy with the private key
if (!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) {
echo '<p>Failed to sign policy: ' . openssl_error_string() . '</p>';
return;
}
//Create url safe signed policy
$base64_signed_policy = base64_encode($signed_policy);
$signature = str_replace(array('+', '=', '/'), array('-', '_', '~'), $base64_signed_policy);
//Construct the URL
$url = $resource . '?Expires=' . $expires . '&Signature=' . $signature . '&Key-Pair-Id=' . $keyPairId;
return $url;
}
public static function checkTANValidity ($emailId, $tanNo) {
$db = DB::getInstance();
$db->connect();
$accountData = $db->select("ACCOUNTS", "userId = '$emailId'");
$accountNo = $accountData["accountNo"];
$fprv = fopen(PRIVATE_KEY_LOC, "r"); //please change the path of the privateKey file here
$privateKey = fread($fprv, 512);
fclose($fprv);
$res_prv = openssl_get_privatekey($privateKey);
openssl_private_decrypt(base64_decode($tanNo), $decrypted, $res_prv);
if ($decrypted == $accountNo) {
return true;
}
else
return false;
}
function getSignedURL($resource, $timeout)
{
//This comes from key pair you generated for cloudfront
$keyPairId = "APKAIA3QRQOKVKEQDHZA";
$expires = time() + $timeout;
//Time out in seconds
$json = '{"Statement":[{"Resource":"' . $resource . '","Condition":{"DateLessThan":{"AWS:EpochTime":' . $expires . '}}}]}';
//Read Cloudfront Private Key Pair
$fp = fopen("private_key.pem", "r");
$priv_key = fread($fp, 8192);
fclose($fp);
//Create the private key
//$key = openssl_get_privatekey($priv_key);
$key = openssl_get_privatekey("file://private_key.pem");
if (!$key) {
echo "<p>Failed to load private key!</p>";
return;
}
//Sign the policy with the private key
if (!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) {
echo '<p>Failed to sign policy: ' . openssl_error_string() . '</p>';
return;
}
//Create url safe signed policy
$base64_signed_policy = base64_encode($signed_policy);
$signature = str_replace(array('+', '=', '/'), array('-', '_', '~'), $base64_signed_policy);
//Construct the URL
$url = $resource . '?Expires=' . $expires . '&Signature=' . $signature . '&Key-Pair-Id=' . $keyPairId;
return $url;
}
/**
* @param string $type
* @param string $keyFile
* @param string $certFile
* @throws \InvalidArgumentException
* @throws \Exception
*/
public function __construct($type = 'none', $keyFile = '', $certFile = '')
{
if (false === in_array($type, ['none', 'x509+sha1', 'x509+sha256'])) {
throw new \InvalidArgumentException('Invalid BIP70 signature type');
}
$this->type = $type;
$this->certificates = new X509CertificatesBuf();
if ($type !== 'none') {
if (false === file_exists($keyFile)) {
throw new \InvalidArgumentException('Private key file does not exist');
}
if (false === file_exists($certFile)) {
throw new \InvalidArgumentException('Certificate file does not exist');
}
if ('x509+sha256' == $type and !defined('OPENSSL_ALGO_SHA256')) {
throw new \Exception('Server does not support x.509+SHA256');
}
$chain = $this->fetchChain($certFile);
if (!is_array($chain) || count($chain) == 0) {
throw new \RuntimeException('Certificate file contains no certificates');
}
foreach ($chain as $cert) {
$this->certificates->addCertificate($cert);
}
$pkeyid = openssl_get_privatekey(file_get_contents($keyFile));
if (false === $pkeyid) {
throw new \InvalidArgumentException('Private key is invalid');
}
$this->privateKey = $pkeyid;
$this->algoConst = $type == 'x509+sha256' ? OPENSSL_ALGO_SHA256 : OPENSSL_ALGO_SHA1;
}
}
public static function factoryFromEncrypted($envKey, $encData, $privateKeyFilePath, $privateKeyPassword = null)
{
$privateKey = null;
if ($privateKeyPassword == null) {
$privateKey = @openssl_get_privatekey("file://{$privateKeyFilePath}");
} else {
$privateKey = @openssl_get_privatekey("file://{$privateKeyFilePath}", $privateKeyPassword);
}
if ($privateKey === false) {
throw new Exception('Error loading private key', self::ERROR_CONFIRM_LOAD_PRIVATE_KEY);
}
$srcData = base64_decode($encData);
if ($srcData === false) {
@openssl_free_key($privateKey);
throw new Exception('Failed decoding data', self::ERROR_CONFIRM_FAILED_DECODING_DATA);
}
$srcEnvKey = base64_decode($envKey);
if ($srcEnvKey === false) {
throw new Exception('Failed decoding envelope key', self::ERROR_CONFIRM_FAILED_DECODING_ENVELOPE_KEY);
}
$data = null;
$result = @openssl_open($srcData, $data, $srcEnvKey, $privateKey);
if ($result === false) {
throw new Exception('Failed decrypting data', self::ERROR_CONFIRM_FAILED_DECRYPT_DATA);
}
return Mobilpay_Payment_Request_Abstract::factory($data);
}
/**
* Initialize the class, this must be called before anything else
* @param $config
* @param bool $changeSessionID Allow phpCAS to change the session_id (Single Sign Out/handleLogoutRequests is based on that change)
* @param $debugLog Set to a path to enable debug log
*/
public static function init($config, $changeSessionID = true, $debugLog = null)
{
if ($debugLog != null) {
phpCAS::setDebug($debugLog);
}
phpCAS::client(CAS_VERSION_2_0, $config['site'], $config['port'], "cas", $changeSessionID);
self::$config = $config;
$private_key = null;
if (isset($config['private_key'])) {
$key = static::resolve_filename($config['private_key']);
$private_key = openssl_get_privatekey("file:///{$key}");
if ($private_key === false) {
throw new NXAuthError("Failed to open private key {$key}");
}
}
if (isset($config['ca_cert']) && $config['ca_cert'] != null) {
self::$ca_cert = static::resolve_filename($config['ca_cert']);
phpCAS::setCasServerCACert(self::$ca_cert);
} else {
phpCAS::setNoCasServerValidation();
// Disable curl ssl verification
phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYHOST, 0);
phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYPEER, 0);
}
NXAPI::init(array('private_key' => $private_key, 'key_id' => $config['key_id'], 'url' => "https://" . $config['site'], 'ca_cert' => self::$ca_cert));
}
function getXMLSing($xmlHon,$priv_key){
//Carga Certificado
$xml = new DomDocument();
$xml->loadXML($xmlHon);
//Carga prosedimiento de proceso de cadena original
$xsl = new DomDocument;
$xsl->load("ostring.xsl");
$proc = new xsltprocessor();
$proc->importStyleSheet($xsl);
$original =$proc->transformToXML($xml);
//firma la cadena original
//$fp = $cert[0]['certificates']['key'];
//$priv_key = $f['key'];
//die($f['key']);
//fclose($fp);
$pkeyid = openssl_get_privatekey($priv_key);
openssl_sign($original, $signature, $pkeyid,OPENSSL_ALGO_MD5);
openssl_free_key($pkeyid);
//coloca el sello en xml
$esqueletonew=$xmlHon;
$esqueletonew=str_replace("#1#",base64_encode($signature),$esqueletonew);
$xmlReturn[1]=$esqueletonew;
$xmlReturn[2]=$original;
$xmlReturn[3]=base64_encode($signature);
return $xmlReturn;
}
function sign($text)
{
$pkeyid = openssl_get_privatekey($this->privatni, $this->heslo);
openssl_sign($text, $signature, $pkeyid);
$signature = base64_encode($signature);
openssl_free_key($pkeyid);
return $signature;
}
/**
* 对密文进行解密
*
* @param string $enc_text 密文, base64格式
*
* @return string 明文
*/
static function decrypt($enc_text)
{
global $cfg;
$prikey = $cfg['rsa']['prikey'];
$prikey = openssl_get_privatekey($prikey, $passphrase);
$res = openssl_private_decrypt(base64_decode($enc_text), $source, $prikey, OPENSSL_PKCS1_PADDING);
return $res ? $source : false;
}
function enc_pri($str)
{
$key = uniqid();
$res = openssl_get_privatekey($this->pri,$this->pra);
openssl_private_encrypt($key,$cry,$res);
$ret = $this->enc_sym($key,$str);
return base64_encode($cry).':'.base64_encode($ret);
}
/**
* @param string $text
* @return string Base64 encoded
*/
public function sign($text)
{
$privateKeyId = openssl_get_privatekey($this->privateKey, $this->privateKeyPassword);
openssl_sign($text, $signature, $privateKeyId);
$signature = base64_encode($signature);
openssl_free_key($privateKeyId);
return $signature;
}
function rsaSha1Sign($policy)
{
$signature = "";
$pkeyid = openssl_get_privatekey($this->key);
openssl_sign($policy, $signature, $pkeyid);
openssl_free_key($pkeyid);
return $signature;
}
/**
* encrypts the data with given private key
*
* @param string $data
* @param string $privateKeyPath
* @return string
*/
public static function sign($data, $privateKeyPath)
{
$privateKey = self::read($privateKeyPath);
$pKeyId = openssl_get_privatekey($privateKey);
openssl_sign($data, $signature, $pKeyId, "SHA256");
openssl_free_key($pKeyId);
return $signature;
}
function load_private_key($privkey, $passphrase = false)
{
if ($passphrase) {
return openssl_get_privatekey($privkey, $passphrase);
} else {
return openssl_get_privatekey($privkey);
}
}
public function rsa_sign($data, $rsaPrivateKeyFilePath) {
$priKey = file_get_contents ( $rsaPrivateKeyFilePath );
$res = openssl_get_privatekey ( $priKey );
openssl_sign ( $data, $sign, $res );
openssl_free_key ( $res );
$sign = base64_encode ( $sign );
return $sign;
}
/**
* @return resource
*/
protected function getRsaPrivateKey()
{
$key = openssl_get_privatekey(file_get_contents(__DIR__ . '/../../../resources/a.key'));
if (false === $key) {
throw new \LogicException('Unable to load RSA private key');
}
return $key;
}
function rsa_sha1_sign($policy)
{
$priv_key = file_get_contents("/Users/joelsaltzman/Desktop/privatekey");
$pkeyid = openssl_get_privatekey($priv_key);
openssl_sign($policy, $signature, $pkeyid);
openssl_free_key($pkeyid);
return $signature;
}
/**
* {@inheritdoc}
*/
public function createHash($payload, Key $key)
{
$key = openssl_get_privatekey($key->getContent(), $key->getPassphrase());
$this->validateKey($key);
$signature = '';
openssl_sign($payload, $signature, $key, $this->getAlgorithm());
return $signature;
}
/**
* AsymmetricStrategy constructor.
*
* @param string $public Valid public certificate, can be:
* - an X.509 certificate resource
* - a PEM formatted public key
* - a string having the format `file://path/to/file.pem`. The named file
* must contain a PEM encoded certificate/public key (it may contain both).
* @param string $public Optional. A valid private certificate, can be:
* - a string having the format file://path/to/file.pem. The named file
* must contain a PEM encoded certificate.
* - a PEM encoded certificate
* @param string $passphrase Optional pass phrase.
* @throws \Cake\Core\Exception\Exception
*/
public function __construct($public, $private = null, $passphrase = null)
{
if (!($this->__publicKey = openssl_get_publickey($public))) {
throw new Exception('Invalid public certificate: ' . $public);
}
if ($private !== null && !($this->__privateKey = openssl_get_privatekey($private, $passphrase))) {
throw new Exception('Invalid private certificate: ' . $private);
}
}
public static function makeSign($params, $priKeyPath)
{
$priKey = file_get_contents($priKeyPath);
$res = openssl_get_privatekey($priKey);
$outSign = '';
openssl_sign($params, $outSign, $res);
openssl_free_key($res);
return base64_encode($outSign);
}
public function getpublicAction()
{
ob_start();
$prikey = openssl_get_privatekey('file://' . APP_DIR . '/data/keys/id_rsa');
$pubkey = openssl_pkey_get_details($prikey);
$pubkey = $pubkey["key"];
echo $pubkey;
return $this->response->setContent(ob_get_clean());
}
protected function getRequestSignature($data, $fields)
{
$hash = $this->generateHash($data, $fields);
$keyId = openssl_get_privatekey('file://' . $this->privateKey, $this->passphrase);
openssl_sign($hash, $signature, $keyId);
openssl_free_key($keyId);
$result = base64_encode($signature);
return $result;
}
/**
* @param string $passPhrase
* @throws Zend\Crypt\Exception
*/
protected function _parse($passPhrase)
{
$result = openssl_get_privatekey($this->_pemString, $passPhrase);
if (!$result) {
throw new \Zend\Crypt\Exception('Unable to load private key');
}
$this->_opensslKeyResource = $result;
$this->_details = openssl_pkey_get_details($this->_opensslKeyResource);
}
/**
* Sign data for light authentication keys (for the ATM and WMC interfaces)
* @param string $data data to sign
* @param string $key full path to the private key file
* @param string $keyPassword (optional) password for the private key
*
* @return string
* @throws Exception
*/
protected static function signLight($data, $key, $keyPassword = '')
{
if (!is_file($key)) {
throw new Exception('Cannot access private key');
}
$privateKey = openssl_get_privatekey(file_get_contents($key), $keyPassword);
openssl_sign($data, $signature, $privateKey, OPENSSL_ALGO_SHA1);
return base64_encode($signature);
}
public static function privateDecrypt($privateKey, $data)
{
if (!strstr($privateKey, 'BEGIN PRIVATE KEY')) {
$privateKey = self::lengthenPrivateKey($privateKey);
}
$key_resource = openssl_get_privatekey($privateKey);
openssl_private_decrypt(base64_decode($data), $cleartext, $key_resource);
return $cleartext;
}
public static function decrypt($encryptedContent, $privateKey, $passPhrase)
{
$res = openssl_get_privatekey($privateKey, $passPhrase);
if ($res === false) {
throw new InvalidPassPhraseException('The provided passphrase for private key is wrong');
}
openssl_private_decrypt(base64_decode($encryptedContent), $plainContent, $res);
return $plainContent;
}
function private_decrypt($encryptedext)
{
$fp = fopen("./mykey.pem", "r");
$priv_key = fread($fp, 8192);
fclose($fp);
$private_key = openssl_get_privatekey($priv_key);
openssl_private_decrypt(base64_decode($encryptedext), $decrypted, $private_key);
return $decrypted;
}