function doGetCertStep2($data) { //todo s=>c enc by aes (privatekey,x509) //是否设置 if (isset($GLOBALS['CAPrivKeyStr'])) { //解密 $decryptData = RSADecrypt($data, $GLOBALS['CAPrivKeyStr']); //分割 $dataArray = preg_split("/,{1,1}/", $decryptData); $key = $dataArray[0]; $iv = $dataArray[1]; //生成证书 $newCert = requestSignCert(); //生成GUID $userGUID = create_guid(); //写入记录进入数据库 $certmodel = new certModel($userGUID, getip(), $newCert['publicX509'], ''); SQLAdopt::insert($certmodel); if (count($dataArray) == 3) { $clientIURL = $dataArray[2]; $acitveServermodel = new activeServerModel($userGUID, $clientIURL, ''); SQLAdopt::insert($acitveServermodel); } //返回数据 $returnStr = $userGUID . "," . $newCert['privateKey'] . "," . $newCert['publicX509'] . "," . getConfig_CAGUID(); //加密 echo AESEncrypt($returnStr, $key, $iv); } else { echo 'It look like is not CA'; } }
function getCertFromCA($CAinterface = null, $CAPem = null) { if (empty(getConfig_TempAESiv())) { setConfig_TempAESiv(create_RandomString()); } if (empty(getConfig_TempAESKey())) { setConfig_TempAESKey(create_RandomString()); } if (empty($CAinterface)) { $CAinterface = getConfig_CAIntertfaceURL(); } if (empty($CAinterface)) { return 'CAinterface is empty'; } if (empty($CAPem)) { $CAPem = getConfig_PublicX509FromCA(); } if (empty($CAPem)) { return 'PublicX509FromCA is empty'; } $getstr = DataTransport::go($CAinterface, 'action=doGetCertStep2&data=' . RSAEncrypt(getConfig_TempAESKey() . ',' . getConfig_TempAESiv() . "," . getConfig_SelfIntertfaceURL(), $CAPem)); //getstr原型$returnStr=$userGUID.",".$newCert['privateKey'].",".$newCert['publicX509']; $decryptGetStr = AESDecrypt($getstr, getConfig_TempAESKey(), getConfig_TempAESiv()); $arr = splitByComma($decryptGetStr); if (count($arr) == 4) { setConfig_SelfGUID($arr[0]); setConfig_SelfPrivateKey($arr[1]); setConfig_SelfPublicX509($arr[2]); setConfig_CAGUID($arr[3]); save_AESKeyIV(getConfig_CAGUID(), getConfig_TempAESKey(), getConfig_TempAESiv(), 'in'); save_AESKeyIV(getConfig_CAGUID(), getConfig_TempAESKey(), getConfig_TempAESiv(), 'out'); return true; } else { return 'error'; } }