/**
* @inheritDoc
*/
public function generateCsr($fqdn, array $altNames = array())
{
$keys = $this->generateRsaKey(2048);
$privKey = $this->getRsa();
$privKey->loadKey($keys['privatekey']);
$x509 = new X509();
$x509->setPrivateKey($privKey);
$x509->setDNProp('commonName', $fqdn);
$x509->loadCSR($x509->saveCSR($x509->signCSR()));
array_unshift($altNames, $fqdn);
$SAN = array();
foreach ($altNames as $dnsName) {
$SAN[] = array('dNSName' => $dnsName);
}
// Set extension request.
$x509->setExtension('id-ce-subjectAltName', $SAN);
$pem = $x509->signCSR('sha256WithRSAEncryption');
return $x509->saveCSR($pem, X509::FORMAT_DER);
}
/**
* {@inheritdoc }
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$privateKeyPath = $input->getOption('privateKey');
$keyBundlePath = $input->getOption('certificate');
$path = $input->getOption('path');
if (is_null($privateKeyPath) || is_null($keyBundlePath) || is_null($path)) {
$output->writeln('--privateKey, --certificate and --path are required.');
return null;
}
$privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
$keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
if ($privateKey === false) {
$output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
return null;
}
if ($keyBundle === false) {
$output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
return null;
}
$rsa = new RSA();
$rsa->loadKey($privateKey);
$x509 = new X509();
$x509->loadX509($keyBundle);
$x509->setPrivateKey($rsa);
$this->checker->writeCoreSignature($x509, $rsa, $path);
$output->writeln('Successfully signed "core"');
}
public function testSaveSPKAC()
{
$privKey = new RSA();
extract($privKey->createKey());
$x509 = new X509();
$x509->setPrivateKey($privatekey);
$x509->setChallenge('...');
$spkac = $x509->signSPKAC();
$this->assertInternalType('array', $spkac);
$this->assertInternalType('string', $x509->saveSPKAC($spkac));
$x509 = new X509();
$x509->setPrivateKey($privKey);
$spkac = $x509->signSPKAC();
$this->assertInternalType('array', $spkac);
$this->assertInternalType('string', $x509->saveSPKAC($spkac));
}
/**
* @group github705
*/
public function testSaveNullRSAParam()
{
$privKey = new RSA();
$privKey->loadKey('-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDMswfEpAgnUDWA74zZw5XcPsWh1ly1Vk99tsqwoFDkLF7jvXy1
dDLHYfuquvfxCgcp8k/4fQhx4ubR8bbGgEq9B05YRnViK0R0iBB5Ui4IaxWYYhKE
8xqAEH2fL+/7nsqqNFKkEN9KeFwc7WbMY49U2adlMrpBdRjk1DqIEW3QTwIDAQAB
AoGBAJ+83cT/1DUJjJcPWLTeweVbPtJp+3Ku5d1OdaGbmURVs764scbP5Ihe2AuF
V9LLZoe/RdS9jYeB72nJ3D3PA4JVYYgqMOnJ8nlUMNQ+p0yGl5TqQk6EKLI8MbX5
kQEazNqFXsiWVQXubAd5wjtb6g0n0KD3zoT/pWLES7dtUFexAkEA89h5+vbIIl2P
H/NnkPie2NWYDZ1YiMGHFYxPDwsd9KCZMSbrLwAhPg9bPgqIeVNfpwxrzeksS6D9
P98tJt335QJBANbnCe+LhDSrkpHMy9aOG2IdbLGG63MSRUCPz8v2gKPq3kYXDxq6
Y1iqF8N5g0k5iirHD2qlWV5Q+nuGvFTafCMCQQC1wQiC0IkyXEw/Q31RqI82Dlcs
5rhEDwQyQof3LZEhcsdcxKaOPOmKSYX4A3/f9w4YBIEiVQfoQ1Ig1qfgDZklAkAT
TQDJcOBY0qgBTEFqbazr7PScJR/0X8m0eLYS/XqkPi3kYaHLpr3RcsVbmwg9hVtx
aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
4vca9v/F2hGVJuHIMJ8mguwYlNYzh2NqoIDJTtgOkBmt
-----END RSA PRIVATE KEY-----');
$pubKey = new RSA();
$pubKey->loadKey($privKey->getPublicKey());
$pubKey->setPublicKey();
$subject = new X509();
$subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
$subject->setPublicKey($pubKey);
$issuer = new X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());
$x509 = new X509();
$result = $x509->sign($issuer, $subject);
$cert = $x509->saveX509($result);
$cert = $x509->loadX509($cert);
$this->assertArrayHasKey('parameters', $cert['tbsCertificate']['subjectPublicKeyInfo']['algorithm']);
$this->assertArrayHasKey('parameters', $cert['signatureAlgorithm']);
$this->assertArrayHasKey('parameters', $cert['tbsCertificate']['signature']);
}
/**
* {@inheritdoc }
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$path = $input->getOption('path');
$privateKeyPath = $input->getOption('privateKey');
$keyBundlePath = $input->getOption('certificate');
if (is_null($path) || is_null($privateKeyPath) || is_null($keyBundlePath)) {
$documentationUrl = $this->urlGenerator->linkToDocs('developer-code-integrity');
$output->writeln('This command requires the --path, --privateKey and --certificate.');
$output->writeln('Example: ./occ integrity:sign-app --path="/Users/lukasreschke/Programming/myapp/" --privateKey="/Users/lukasreschke/private/myapp.key" --certificate="/Users/lukasreschke/public/mycert.crt"');
$output->writeln('For more information please consult the documentation: ' . $documentationUrl);
return null;
}
$privateKey = $this->fileAccessHelper->file_get_contents($privateKeyPath);
$keyBundle = $this->fileAccessHelper->file_get_contents($keyBundlePath);
if ($privateKey === false) {
$output->writeln(sprintf('Private key "%s" does not exists.', $privateKeyPath));
return null;
}
if ($keyBundle === false) {
$output->writeln(sprintf('Certificate "%s" does not exists.', $keyBundlePath));
return null;
}
$rsa = new RSA();
$rsa->loadKey($privateKey);
$x509 = new X509();
$x509->loadX509($keyBundle);
$x509->setPrivateKey($rsa);
$this->checker->writeAppSignature($path, $x509, $rsa);
$output->writeln('Successfully signed "' . $path . '"');
}
