예제 #1
0
function doGetCertStep2($data)
{
    //todo s=>c enc by aes (privatekey,x509)
    //是否设置
    if (isset($GLOBALS['CAPrivKeyStr'])) {
        //解密
        $decryptData = RSADecrypt($data, $GLOBALS['CAPrivKeyStr']);
        //分割
        $dataArray = preg_split("/,{1,1}/", $decryptData);
        $key = $dataArray[0];
        $iv = $dataArray[1];
        //生成证书
        $newCert = requestSignCert();
        //生成GUID
        $userGUID = create_guid();
        //写入记录进入数据库
        $certmodel = new certModel($userGUID, getip(), $newCert['publicX509'], '');
        SQLAdopt::insert($certmodel);
        if (count($dataArray) == 3) {
            $clientIURL = $dataArray[2];
            $acitveServermodel = new activeServerModel($userGUID, $clientIURL, '');
            SQLAdopt::insert($acitveServermodel);
        }
        //返回数据
        $returnStr = $userGUID . "," . $newCert['privateKey'] . "," . $newCert['publicX509'] . "," . getConfig_CAGUID();
        //加密
        echo AESEncrypt($returnStr, $key, $iv);
    } else {
        echo 'It look like is not CA';
    }
}
예제 #2
0
function getCertFromCA($CAinterface = null, $CAPem = null)
{
    if (empty(getConfig_TempAESiv())) {
        setConfig_TempAESiv(create_RandomString());
    }
    if (empty(getConfig_TempAESKey())) {
        setConfig_TempAESKey(create_RandomString());
    }
    if (empty($CAinterface)) {
        $CAinterface = getConfig_CAIntertfaceURL();
    }
    if (empty($CAinterface)) {
        return 'CAinterface is empty';
    }
    if (empty($CAPem)) {
        $CAPem = getConfig_PublicX509FromCA();
    }
    if (empty($CAPem)) {
        return 'PublicX509FromCA is empty';
    }
    $getstr = DataTransport::go($CAinterface, 'action=doGetCertStep2&data=' . RSAEncrypt(getConfig_TempAESKey() . ',' . getConfig_TempAESiv() . "," . getConfig_SelfIntertfaceURL(), $CAPem));
    //getstr原型$returnStr=$userGUID.",".$newCert['privateKey'].",".$newCert['publicX509'];
    $decryptGetStr = AESDecrypt($getstr, getConfig_TempAESKey(), getConfig_TempAESiv());
    $arr = splitByComma($decryptGetStr);
    if (count($arr) == 4) {
        setConfig_SelfGUID($arr[0]);
        setConfig_SelfPrivateKey($arr[1]);
        setConfig_SelfPublicX509($arr[2]);
        setConfig_CAGUID($arr[3]);
        save_AESKeyIV(getConfig_CAGUID(), getConfig_TempAESKey(), getConfig_TempAESiv(), 'in');
        save_AESKeyIV(getConfig_CAGUID(), getConfig_TempAESKey(), getConfig_TempAESiv(), 'out');
        return true;
    } else {
        return 'error';
    }
}