/** * Generates a new key pair with the given length in bits. * * @api * @param int $bits length of the key * @return KeyPair generated key pair */ public function generate($bits = 2048) { if (!is_int($bits)) { throw new \InvalidArgumentException(sprintf("\$bits must be of type int, %s given", gettype($bits))); } if ($bits < 2048) { throw new \InvalidArgumentException("Keys with fewer than 2048 bits are not allowed!"); } $configFile = $defaultConfigFile = __DIR__ . "/../res/openssl.cnf"; if (class_exists("Phar") && !empty(Phar::running(true))) { $configContent = file_get_contents($configFile); $configFile = tempnam(sys_get_temp_dir(), "acme_openssl_"); file_put_contents($configFile, $configContent); register_shutdown_function(function () use($configFile) { @unlink($configFile); }); } $res = openssl_pkey_new(["private_key_type" => OPENSSL_KEYTYPE_RSA, "private_key_bits" => $bits, "config" => $configFile]); $success = openssl_pkey_export($res, $privateKey, null, ["config" => $configFile]); if ($configFile !== $defaultConfigFile) { @unlink($configFile); } if (!$success) { openssl_pkey_free($res); throw new \RuntimeException("Key export failed!"); } $publicKey = openssl_pkey_get_details($res)["key"]; openssl_pkey_free($res); // clear error buffer, because of minimalistic openssl.cnf while (openssl_error_string() !== false) { } return new KeyPair($privateKey, $publicKey); }
/** * Generate public and private key * @param array $options */ public function generateKeys(array $options = self::DEFAULT_PUBLIC_KEY_OPTIONS) { $keys = openssl_pkey_new($options); $this->publicKey = openssl_pkey_get_details($keys)["key"]; openssl_pkey_export($keys, $this->privateKey); openssl_pkey_free($keys); }
/** * Frees the resource associated with this private key. * This is automatically done on destruct. */ private function free() { if ($this->keyResource) { openssl_pkey_free($this->keyResource); } $this->keyResource = null; }
function gal_service_account_upgrade(&$option, $gal_option_name, &$existing_sa_options, $gal_sa_option_name) { /* Convert ga_serviceemail ga_keyfilepath * into new separate sa options: * ga_sakey, ga_serviceemail, ga_pkey_print */ if (count($existing_sa_options)) { return; } $existing_sa_options = array('ga_serviceemail' => isset($option['ga_serviceemail']) ? $option['ga_serviceemail'] : '', 'ga_sakey' => '', 'ga_pkey_print' => '<unspecified>'); try { if (version_compare(PHP_VERSION, '5.3.0') >= 0 && function_exists('openssl_x509_read')) { if (isset($option['ga_keyfilepath']) && $option['ga_keyfilepath'] != '' && file_exists($option['ga_keyfilepath'])) { $p12key = @file_get_contents($option['ga_keyfilepath']); $certs = array(); if (openssl_pkcs12_read($p12key, $certs, 'notasecret')) { if (array_key_exists("pkey", $certs) && $certs["pkey"]) { $privateKey = openssl_pkey_get_private($certs['pkey']); $pemString = ''; if (openssl_pkey_export($privateKey, $pemString)) { $existing_sa_options['ga_sakey'] = $pemString; } openssl_pkey_free($privateKey); @unlink($options['ga_keyfilepath']); } } } } } catch (Exception $e) { // Never mind } // Remove redundant parts of regular options unset($option['ga_serviceemail']); unset($option['ga_keyfilepath']); }
function rsa_decrypt($ciphertext, $private_key, $password) { // 암호문을 base64로 디코딩한다. $ciphertext = @base64_decode($ciphertext, true); if ($ciphertext === false) { return false; } // 개인키를 사용하여 복호화한다. $privkey_decoded = @openssl_pkey_get_private($private_key, $password); if ($privkey_decoded === false) { return false; } $plaintext = false; $status = @openssl_private_decrypt($ciphertext, $plaintext, $privkey_decoded); @openssl_pkey_free($privkey_decoded); if (!$status || $plaintext === false) { return false; } // 압축을 해제하여 평문을 얻는다. $plaintext = @gzuncompress($plaintext); if ($plaintext === false) { return false; } // 이상이 없는 경우 평문을 반환한다. return $plaintext; }
public function __destruct() { if (!is_resource($this->handle)) { return; } openssl_pkey_free($this->handle); }
public function removeAll() { foreach ($this->resources as $resource) { openssl_pkey_free($resource); } $this->keys = array(); $this->resources = array(); }
/** * Generate a key pair (public / private key) with optional passphrase * that protects the private key. * * @param string $passphrase * @return KeyPair */ public function generateKeyPair($passphrase = null) { $privateKey = null; $encrypted = $passphrase !== null; $keyPair = openssl_pkey_new(); openssl_pkey_export($keyPair, $privateKey, $passphrase); $keyDetails = openssl_pkey_get_details($keyPair); $publicKey = $keyDetails['key']; openssl_pkey_free($keyPair); return new KeyPair($privateKey, $publicKey, $encrypted); }
/** * Generate a key pair (public / private key) with optional passphrase * that protects the private key. * * @param string $passphrase * @return \TYPO3\Deploy\Encryption\KeyPair * @author Christopher Hlubek <*****@*****.**> */ public function generateKeyPair($passphrase = NULL) { $privateKey = NULL; $encrypted = $passphrase !== NULL; $keyPair = openssl_pkey_new(); openssl_pkey_export($keyPair, $privateKey, $passphrase); $keyDetails = openssl_pkey_get_details($keyPair); $publicKey = $keyDetails['key']; openssl_pkey_free($keyPair); return new \TYPO3\Deploy\Encryption\KeyPair($privateKey, $publicKey, $encrypted); }
/** * @param Signature $signature * * @return boolean Whether the signature has been signed by this certificate */ public function hasSigned(Signature $signature) { $key = openssl_pkey_get_public($this->x509Cert); try { $hasSigned = $signature->isSignedByKey($key); } catch (\Excetpion $e) { openssl_pkey_free($key); throw $e; } openssl_pkey_free($key); return $hasSigned; }
/** * Sign a string using the configured private key * * @param string $str The string to calculate a signature for */ private function base64_signature($str) { $key = openssl_pkey_get_private($this->private_key); if ($key === false) { throw new SimpleSAML_Error_Exception("Unable to load private key: " . openssl_error_string()); } if (!openssl_sign($str, $sig, $key)) { throw new SimpleSAML_Error_Exception("Unable to create signature: " . openssl_error_string()); } openssl_pkey_free($key); return base64_encode($sig); }
protected function load() { if (false == is_file($this->filename)) { throw new \RuntimeException(sprintf("Specified private key file '%s' does not exist", $this->filename)); } $this->loadedContent = file_get_contents($this->filename); $resource = openssl_pkey_get_private($this->loadedContent); if (false == $resource) { $this->loadedContent = null; throw new \RuntimeException(sprintf("Specified private key '%s' is invalid", $this->filename)); } openssl_pkey_free($resource); }
/** * Function to generate a new RSA keypair. This is not * used for point derivation or for generating signatures. * Only used for assymetric data encryption, as needed. * * @param int * @param string * @return array|boolean array of keys on success, boolean false on failure */ public final function generateKeypair($keybits = 512, $digest_alg = 'sha512') { try { /* see: http://www.php.net/manual/en/function.openssl-pkey-new.php */ if (function_exists('openssl_pkey_new')) { $keypair = array(); /* openssl keysize can't be smaller than 384 bits */ if ((int) $keybits < 384) { $keybits = 384; } if (!isset($digest_alg) || trim($digest_alg) == '') { $digest_alg = 'sha512'; } /* * RSA is the only supported key type at this time * http://www.php.net/manual/en/function.openssl-csr-new.php */ $config = array('digest_alg' => $digest_alg, 'private_key_bits' => (int) $keybits, 'private_key_type' => OPENSSL_KEYTYPE_RSA); $resource = openssl_pkey_new($config); if (!$resource) { throw new \Exception('Error in generateOpenSSLKeypair: Could not create new OpenSSL resource.'); /* with the openssl extension, you also have it's own errors returned */ while ($msg = openssl_error_string()) { throw new \Exception('Error in generateOpenSSLKeypair: OpenSSL reported error: ' . $msg); } return false; } if (openssl_pkey_export($resource, $keypair['pri'])) { $publickey = openssl_pkey_get_details($resource); $keypair['pub'] = $publickey['key']; } else { throw new \Exception('Error in generateOpenSSLKeypair: Private key could not be determined from OpenSSL key resource.'); while ($msg = openssl_error_string()) { throw new \Exception('Error in generateOpenSSLKeypair: OpenSSL reported error: ' . $msg); } return false; } openssl_pkey_free($resource); return $keypair; } else { throw new \Exception('Error in generateOpenSSLKeypair: OpenSSL PHP extension missing. Cannot continue.'); return false; } } catch (Exception $e) { while ($msg = openssl_error_string()) { throw new \Exception('Error in generateOpenSSLKeypair: OpenSSL reported error: ' . $msg); } throw $e; return false; } }
/** * Returns a usable private and public key from a PEM encoded string. * * @param string $key The private key. * @param string $pass The private key passphrase. * * @return array The private ([0]) and public ([1]) key. * * @throws InvalidArgumentException If a passphrase is required. * @throws RuntimeException If the file could not be parsed. */ public function parsePem($key, $pass = null) { $this->clearErrors(); if (false === ($resource = openssl_pkey_get_private($key, $pass))) { $error = openssl_error_string(); if (preg_match('/(bad password|bad decrypt)/', $error)) { throw new InvalidArgumentException('The private key passphrase is invalid.'); } throw new RuntimeException("The private key could not be parsed: {$error}"); } openssl_pkey_export($resource, $private); $details = openssl_pkey_get_details($resource); openssl_pkey_free($resource); return array($private, $details['key']); }
public function onPasswordChange(FormEvent $event) { // Get new password /** @var User $user */ $user = $event->getForm()->getData(); $password = $user->getPlainPassword(); // Get pkey from session $privKey = $event->getRequest()->getSession()->get('pkey'); // Secure pkey with new password $res = openssl_pkey_get_private($privKey); openssl_pkey_export($res, $privKey, $password); // Store pkey in user $user->setPrivateKey($privKey); unset($password); openssl_pkey_free($res); unset($privKey); }
/** * Check if signature is correct * @param string SSH formatted public key * @param string * @param string * @return bool */ function verify($key, $data, $signature) { if (($pkeyid = @openssl_pkey_get_public(ssh2pem($key))) === FALSE) { throw new Error('Cannot get public key.'); } $details = openssl_pkey_get_details($pkeyid); list($keytype, $blob) = parse('ss', $signature); if ($details['type'] === OPENSSL_KEYTYPE_DSA && $keytype !== 'ssh-dss' || $details['type'] === OPENSSL_KEYTYPE_RSA && $keytype !== 'ssh-rsa') { throw new Error('Key/signature type mismatch.'); } if ($keytype !== 'ssh-rsa') { throw new Error('FIXME: currently only ssh-rsa implemented'); } $verified = @openssl_verify($data, $blob, $pkeyid); openssl_pkey_free($pkeyid); return $verified === 1; }
/** * Post install hook implementation for the quizaccess_offlinemode plugin. */ function xmldb_quizaccess_offlinemode_install() { global $OUTPUT; // If OpenSSL is available, generate a public/private key pair. if (function_exists('openssl_pkey_new')) { $privatekey = openssl_pkey_new(array('digest_alg' => 'sha512', 'private_key_bits' => 1024, 'private_key_type' => OPENSSL_KEYTYPE_RSA)); if ($privatekey) { openssl_pkey_export($privatekey, $privatekeystring); $publickeydata = openssl_pkey_get_details($privatekey); openssl_pkey_free($privatekey); set_config('privatekey', $privatekeystring, 'quizaccess_offlinemode'); set_config('publickey', $publickeydata['key'], 'quizaccess_offlinemode'); } else { echo $OUTPUT->notification('Failed to generate an public/private key pair.'); while ($message = openssl_error_string()) { echo $OUTPUT->notification($message); } } } }
public function testKeyGen() { $fileName = 'testfile_ssl_id_rsa_' . date('Ymd_His') . '_' . uniqid('', true); $sslConfig = array('digest_alg' => 'sha512', 'private_key_bits' => 4096, 'private_key_type' => OPENSSL_KEYTYPE_RSA); $ssl = openssl_pkey_new($sslConfig); $this->assertTrue($ssl ? true : false); openssl_pkey_export_to_file($ssl, 'test_data/' . $fileName . '.prv'); #fwrite(STDOUT, 'SSL ERROR: '.openssl_error_string()."\n"); openssl_pkey_export_to_file($ssl, 'test_data/' . $fileName . '_pass.prv', 'my_password'); #fwrite(STDOUT, 'SSL ERROR: '.openssl_error_string()."\n"); $keyPub = openssl_pkey_get_details($ssl); #ve($keyPub); $keyPub = $keyPub['key']; file_put_contents('test_data/' . $fileName . '.pub', $keyPub); openssl_public_encrypt('test my keys', $encrypted, $keyPub); #fwrite(STDOUT, 'SSL ERROR: '.openssl_error_string()."\n"); openssl_private_decrypt($encrypted, $decrypted, $ssl); #fwrite(STDOUT, 'SSL ERROR: '.openssl_error_string()."\n"); $this->assertEquals('test my keys', $decrypted); openssl_pkey_free($ssl); }
/** * Generate public/private keys and store in the config table * * Use the distinguished name provided to create a CSR, and then sign that CSR * with the same credentials. Store the keypair you create in the config table. * If a distinguished name is not provided, create one using the fullname of * 'the course with ID 1' as your organization name, and your hostname (as * detailed in $CFG->wwwroot). * * @param array $dn The distinguished name of the server * @return string The signature over that text */ function mnet_generate_keypair($dn = null, $days = 28) { global $CFG, $USER; // check if lifetime has been overriden if (!empty($CFG->mnetkeylifetime)) { $days = $CFG->mnetkeylifetime; } $host = strtolower($CFG->wwwroot); $host = ereg_replace("^http(s)?://", '', $host); $break = strpos($host . '/', '/'); $host = substr($host, 0, $break); if ($result = get_record_select('course', " id ='" . SITEID . "' ")) { $organization = $result->fullname; } else { $organization = 'None'; } $keypair = array(); $country = 'NZ'; $province = 'Wellington'; $locality = 'Wellington'; $email = $CFG->noreplyaddress; if (!empty($USER->country)) { $country = $USER->country; } if (!empty($USER->city)) { $province = $USER->city; $locality = $USER->city; } if (!empty($USER->email)) { $email = $USER->email; } if (is_null($dn)) { $dn = array("countryName" => $country, "stateOrProvinceName" => $province, "localityName" => $locality, "organizationName" => $organization, "organizationalUnitName" => 'Moodle', "commonName" => $CFG->wwwroot, "emailAddress" => $email); } $dnlimits = array('countryName' => 2, 'stateOrProvinceName' => 128, 'localityName' => 128, 'organizationName' => 64, 'organizationalUnitName' => 64, 'commonName' => 64, 'emailAddress' => 128); foreach ($dnlimits as $key => $length) { $dn[$key] = substr($dn[$key], 0, $length); } // ensure we remove trailing slashes $dn["commonName"] = preg_replace(':/$:', '', $dn["commonName"]); if (!empty($CFG->opensslcnf)) { //allow specification of openssl.cnf especially for Windows installs $new_key = openssl_pkey_new(array("config" => $CFG->opensslcnf)); $csr_rsc = openssl_csr_new($dn, $new_key, array("config" => $CFG->opensslcnf)); $selfSignedCert = openssl_csr_sign($csr_rsc, null, $new_key, $days, array("config" => $CFG->opensslcnf)); } else { $new_key = openssl_pkey_new(); $csr_rsc = openssl_csr_new($dn, $new_key, array('private_key_bits', 2048)); $selfSignedCert = openssl_csr_sign($csr_rsc, null, $new_key, $days); } unset($csr_rsc); // Free up the resource // We export our self-signed certificate to a string. openssl_x509_export($selfSignedCert, $keypair['certificate']); openssl_x509_free($selfSignedCert); // Export your public/private key pair as a PEM encoded string. You // can protect it with an optional passphrase if you wish. if (!empty($CFG->opensslcnf)) { //allow specification of openssl.cnf especially for Windows installs $export = openssl_pkey_export($new_key, $keypair['keypair_PEM'], null, array("config" => $CFG->opensslcnf)); } else { $export = openssl_pkey_export($new_key, $keypair['keypair_PEM']); } openssl_pkey_free($new_key); unset($new_key); // Free up the resource return $keypair; }
/** * Generate a DKIM signature. * @access public * @param string $signHeader * @throws phpmailerException * @return string The DKIM signature value */ public function DKIM_Sign($signHeader) { if (!defined('PKCS7_TEXT')) { if ($this->exceptions) { throw new phpmailerException($this->lang('extension_missing') . 'openssl'); } return ''; } $privKeyStr = file_get_contents($this->DKIM_private); if ('' != $this->DKIM_passphrase) { $privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase); } else { $privKey = openssl_pkey_get_private($privKeyStr); } //Workaround for missing digest algorithms in old PHP & OpenSSL versions //@link http://stackoverflow.com/a/11117338/333340 if (version_compare(PHP_VERSION, '5.3.0') >= 0 and in_array('sha256WithRSAEncryption', openssl_get_md_methods(true))) { if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) { openssl_pkey_free($privKey); return base64_encode($signature); } } else { $pinfo = openssl_pkey_get_details($privKey); $hash = hash('sha256', $signHeader); //'Magic' constant for SHA256 from RFC3447 //@link https://tools.ietf.org/html/rfc3447#page-43 $t = '3031300d060960864801650304020105000420' . $hash; $pslen = $pinfo['bits'] / 8 - (strlen($t) / 2 + 3); $eb = pack('H*', '0001' . str_repeat('FF', $pslen) . '00' . $t); if (openssl_private_encrypt($eb, $signature, $privKey, OPENSSL_NO_PADDING)) { openssl_pkey_free($privKey); return base64_encode($signature); } } openssl_pkey_free($privKey); return ''; }
/** * Verifies the signature of the document and that the signing certificate * stems from a trusted root CA. * * Returns the CN of the signing certificate if valid. * * @param str $xml XML doc to verify * @param str $signature_value Base64 encoded signature to verify against. * @returns str */ function verify($xml, $signature_value) { $doc = $this->parse_doc($xml); $xp = $this->get_xpath($doc); $certs = $this->parse_certificates($xp); if ($signature_value == null && empty($certs)) { // Doc unsigned and no signature expected return null; } $valid = $this->validate_xml($xp); $cert = openssl_x509_read($certs[0]); $parsed_certificate = openssl_x509_parse($cert); if ($pubkey = openssl_pkey_get_public($cert)) { $valid = openssl_verify($xml, base64_decode($signature_value), $pubkey); openssl_pkey_free($pubkey); openssl_x509_free($cert); $cert = null; $signed_by = null; if (!$valid) { throw new GApps_Discovery_Exception("Signature verification failed."); } } else { error_log('/lib/openid/Auth/OpenID/google_discovery.php: error getting certificate public key.'); } $trusted = $this->validate_chain($certs); if (!empty($cert)) { openssl_x509_free($cert); } if (!$trusted) { throw new GApps_Discovery_Exception("Can not verify trust chain."); } $subject = $parsed_certificate["subject"]; $signed_by = strtolower($subject["CN"]); return $signed_by; }
function test_openssl_pkey_free() { $fkey = file_get_contents(__DIR__ . "/test_public.pem"); $k = openssl_pkey_get_public($fkey); VERIFY($k != false); VERIFY($k != null); openssl_pkey_free($k); }
/** * Generate a DKIM signature. * @access public * @param string $signHeader * @throws phpmailerException * @return string */ public function DKIM_Sign($signHeader) { if (!defined('PKCS7_TEXT')) { if ($this->exceptions) { throw new phpmailerException($this->lang('extension_missing') . 'openssl'); } return ''; } $privKeyStr = file_get_contents($this->DKIM_private); if ($this->DKIM_passphrase != '') { $privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase); } else { $privKey = openssl_pkey_get_private($privKeyStr); } if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) { //sha1WithRSAEncryption openssl_pkey_free($privKey); return base64_encode($signature); } openssl_pkey_free($privKey); return ''; }
/** * Takes the body of the message and processes it with S/MIME * * @param string $to The recipients being sent to * @param string $subject The subject of the email * @param string $headers The headers for the message * @param string $body The message body * @return array `0` => The message headers, `1` => The message body */ private function createSMIMEBody($to, $subject, $headers, $body) { if (!$this->smime_encrypt && !$this->smime_sign) { return array($headers, $body); } $plaintext_file = tempnam('', '__fEmail_'); $ciphertext_file = tempnam('', '__fEmail_'); $headers_array = array('To' => $to, 'Subject' => $subject); preg_match_all('#^([\\w\\-]+):\\s+([^\\n]+\\n( [^\\n]+\\n)*)#im', $headers, $header_matches, PREG_SET_ORDER); foreach ($header_matches as $header_match) { $headers_array[$header_match[1]] = trim($header_match[2]); } $body_headers = ""; if (isset($headers_array['Content-Type'])) { $body_headers .= 'Content-Type: ' . $headers_array['Content-Type'] . "\r\n"; } if (isset($headers_array['Content-Transfer-Encoding'])) { $body_headers .= 'Content-Transfer-Encoding: ' . $headers_array['Content-Transfer-Encoding'] . "\r\n"; } if ($body_headers) { $body = $body_headers . "\r\n" . $body; } file_put_contents($plaintext_file, $body); file_put_contents($ciphertext_file, ''); // Set up the neccessary S/MIME resources if ($this->smime_sign) { $senders_smime_cert = file_get_contents($this->senders_smime_cert_file); $senders_private_key = openssl_pkey_get_private(file_get_contents($this->senders_smime_pk_file), $this->senders_smime_pk_password); if ($senders_private_key === FALSE) { throw new fValidationException("The sender's S/MIME private key password specified does not appear to be valid for the private key"); } } if ($this->smime_encrypt) { $recipients_smime_cert = file_get_contents($this->recipients_smime_cert_file); } // If we are going to sign and encrypt, the best way is to sign, encrypt and then sign again if ($this->smime_encrypt && $this->smime_sign) { openssl_pkcs7_sign($plaintext_file, $ciphertext_file, $senders_smime_cert, $senders_private_key, array()); openssl_pkcs7_encrypt($ciphertext_file, $plaintext_file, $recipients_smime_cert, array(), NULL, OPENSSL_CIPHER_RC2_128); openssl_pkcs7_sign($plaintext_file, $ciphertext_file, $senders_smime_cert, $senders_private_key, $headers_array); } elseif ($this->smime_sign) { openssl_pkcs7_sign($plaintext_file, $ciphertext_file, $senders_smime_cert, $senders_private_key, $headers_array); } elseif ($this->smime_encrypt) { openssl_pkcs7_encrypt($plaintext_file, $ciphertext_file, $recipients_smime_cert, $headers_array, NULL, OPENSSL_CIPHER_RC2_128); } // It seems that the contents of the ciphertext is not always \r\n line breaks $message = file_get_contents($ciphertext_file); $message = str_replace("\r\n", "\n", $message); $message = str_replace("\r", "\n", $message); $message = str_replace("\n", "\r\n", $message); list($new_headers, $new_body) = explode("\r\n\r\n", $message, 2); $new_headers = preg_replace('#^To:[^\\n]+\\n( [^\\n]+\\n)*#mi', '', $new_headers); $new_headers = preg_replace('#^Subject:[^\\n]+\\n( [^\\n]+\\n)*#mi', '', $new_headers); $new_headers = preg_replace("#^MIME-Version: 1.0\r?\n#mi", '', $new_headers, 1); $new_headers = preg_replace('#^Content-Type:\\s+' . preg_quote($headers_array['Content-Type'], '#') . "\r?\n#mi", '', $new_headers); $new_headers = preg_replace('#^Content-Transfer-Encoding:\\s+' . preg_quote($headers_array['Content-Transfer-Encoding'], '#') . "\r?\n#mi", '', $new_headers); unlink($plaintext_file); unlink($ciphertext_file); if ($this->smime_sign) { openssl_pkey_free($senders_private_key); } return array($new_headers, $new_body); }
public function __destruct() { if ($this->privateKey) { openssl_pkey_free($this->privateKey); } }
public static function tearDownAfterClass() { openssl_pkey_free(self::$pKey); }
/** * Generates the JWT signature according to the private key file and the JWT content. * * @param string $jsonWebToken The JWT content. * * @throws \Widop\GoogleAnalytics\Exception\GoogleAnalyticsException If an error occured when generating the signature. * * @return string The JWT signature. */ protected function generateSignature($jsonWebToken) { if (!function_exists('openssl_x509_read')) { throw GoogleAnalyticsException::invalidOpenSslExtension(); } $certificate = file_get_contents($this->privateKeyFile); $certificates = array(); if (!openssl_pkcs12_read($certificate, $certificates, 'notasecret')) { throw GoogleAnalyticsException::invalidPKCS12File(); } if (!isset($certificates['pkey']) || !$certificates['pkey']) { throw GoogleAnalyticsException::invalidPKCS12Format(); } $ressource = openssl_pkey_get_private($certificates['pkey']); if (!$ressource) { throw GoogleAnalyticsException::invalidPKCS12PKey(); } $signature = null; if (!openssl_sign($jsonWebToken, $signature, $ressource, 'sha256')) { throw GoogleAnalyticsException::invalidPKCS12Signature(); } openssl_pkey_free($ressource); return $signature; }
for ($i = 1, $c = $pkey_pair_num; $i <= $c; $i++) { $cert->create_private(); $pub_key = $cert->get_pubkey(); $priv_key = $cert->get_privkey(); printf("+Ok, Set up %d key pair succ!\r", $i); } echo "\n"; echo microtime(true)-$t; echo "\n"; */ $t = 0; for ($i = 1, $c = $pkey_pair_num; $i <= $c; $i++) { $t1 = microtime(true); $cert->create_private(); $cert->free(); $t2 = microtime(true); $t += $t2 - $t1; printf("%d\r", $i); } echo $t / $pkey_pair_num . "\n"; $config = em_config::get2('openssl_config'); $t = 0; for ($i = 1, $c = $pkey_pair_num; $i <= $c; $i++) { $t1 = microtime(true); $res = openssl_pkey_new($config); openssl_pkey_free($res); $t2 = microtime(true); $t += $t2 - $t1; printf("%d\r", $i); } echo $t / $pkey_pair_num . "\n";
/** * Verifies the signature of the document and that the signing certificate * stems from a trusted root CA. * * Returns the CN of the signing certificate if valid. * * @param str $xml XML doc to verify * @param str $signature_value Base64 encoded signature to verify against. * @returns str */ function verify($xml, $signature_value) { $doc = $this->parse_doc($xml); $xp = $this->get_xpath($doc); $valid = $this->validate_xml($xp); $certs = $this->parse_certificates($xp); $cert = openssl_x509_read($certs[0]); $parsed_certificate = openssl_x509_parse($cert); $pubkey = openssl_pkey_get_public($cert); $valid = openssl_verify($xml, base64_decode($signature_value), $pubkey); openssl_pkey_free($pubkey); openssl_x509_free($cert); $signed_by = null; if (!$valid) { throw new GApps_Discovery_Exception("Signature verification failed."); } $trusted = $this->validate_chain($certs); if (!$trusted) { throw new GApps_Discovery_Exception("Can not verify trust chain."); } $subject = $parsed_certificate["subject"]; $signed_by = strtolower($subject["CN"]); return $signed_by; }
/** * WebSite-PHP file utils_openssl.inc.php * * WebSite-PHP : PHP Framework 100% object (http://www.website-php.com) * Copyright (c) 2009-2015 WebSite-PHP.com * PHP versions >= 5.2 * * Licensed under The MIT License * Redistributions of files must retain the above copyright notice. * * @author Emilien MOREL <*****@*****.**> * @link http://www.website-php.com * @copyright WebSite-PHP.com 12/05/2015 * @version 1.2.13 * @access public * @since 1.0.67 */ function createKeys($passphrase = 'passphrase', $private_key_bits = 1024, $private_key_type = OPENSSL_KEYTYPE_RSA, $encrypte_key = true) { if (!extension_loaded('openssl')) { throw new NewException("Please activate openssl php lib, to use encryption.", 0, getDebugBacktrace(1)); } else { $openssl_conf_file = str_replace("\\", "/", dirname(__FILE__)) . '/../config/openssl.cnf'; if (!file_exists($openssl_conf_file)) { throw new NewException("openssl.cnf doesn't exists (" . $openssl_conf_file . ").", 0, getDebugBacktrace(1)); } // Create the keypair $config_key = array("config" => $openssl_conf_file, "digest_alg" => "sha1", "x509_extensions" => "v3_ca", "req_extensions" => "v3_req", "private_key_bits" => $private_key_bits, "private_key_type" => $private_key_type, "encrypte_key" => $encrypte_key); $res = openssl_pkey_new($config_key); if ($res != false) { // Get private key. A pass phrase is required for proper encryption/decryption. openssl_pkey_export($res, $privkey, $passphrase, $config_key); // Get public key $pubkey = openssl_pkey_get_details($res); $pubkey = $pubkey['key']; $keys = array(); $keys['private'] = $privkey; $keys['public'] = $pubkey; openssl_pkey_free($res); return $keys; } else { $error = ""; while ($msg = openssl_error_string()) { $error .= $msg . "<br />\n"; } $error = "Error generation private key" . ($error != "" ? " : " . $error : ""); throw new NewException($error, 0, getDebugBacktrace(1)); } } return null; }