예제 #1
0
function signNewCert()
{
    if (!$GLOBALS['isCA']) {
        return false;
    } else {
        $CAPrivKey = new Crypt_RSA();
        $CAPrivKey->loadKey($GLOBALS['CAPrivKeyStr']);
        $CAx509 = new File_X509();
        $CAx509->loadX509($GLOBALS['CAPubX509']);
        //认证证书
        $privKey = new Crypt_RSA();
        $keyArray = $CAPrivKey->createKey($GLOBALS['RSALength']);
        $privKey->loadKey($keyArray['privatekey']);
        $pubKey = new Crypt_RSA();
        $pubKey->loadKey($keyArray['publickey']);
        $pubKey->setPublicKey();
        $subject = new File_X509();
        $subject->setDNProp('id-at-organizationName', $GLOBALS['CAname'] . ' cert');
        $subject->setPublicKey($pubKey);
        $issuer = new File_X509();
        $issuer->setPrivateKey($CAPrivKey);
        $issuer->setDN($CAx509->getDN());
        $x509 = new File_X509();
        $result = $x509->sign($issuer, $subject);
        return array('privateKey' => $privKey->getPrivateKey(), 'publicX509' => $x509->saveX509($result));
    }
}
예제 #2
0
 public function testSaveSPKAC()
 {
     $privKey = new Crypt_RSA();
     extract($privKey->createKey());
     $privKey->loadKey($privatekey);
     $x509 = new File_X509();
     $x509->setPrivateKey($privKey);
     $x509->setChallenge('...');
     $spkac = $x509->signSPKAC();
     $this->assertInternalType('array', $spkac);
     $this->assertInternalType('string', $x509->saveSPKAC($spkac));
     $x509 = new File_X509();
     $x509->setPrivateKey($privKey);
     $spkac = $x509->signSPKAC();
     $this->assertInternalType('array', $spkac);
     $this->assertInternalType('string', $x509->saveSPKAC($spkac));
 }
예제 #3
0
 public function generateKeyPair($keyPath, $keySize = 1024)
 {
     $privKey = new \Crypt_RSA();
     extract($privKey->createKey($keySize));
     $privKey->loadKey($privatekey);
     $pubKey = new \Crypt_RSA();
     $pubKey->loadKey($publickey);
     $pubKey->setPublicKey();
     $subject = new \File_X509();
     $subject->setDNProp('id-of-organization', 'phpseclib demo cert');
     $subject->setPublicKey($pubKey);
     $issuer = new \File_X509();
     $issuer->setPrivateKey($privKey);
     $issuer->setDN($subject->getDN());
     $x509 = new \File_X509();
     $result = $x509->sign($issuer, $subject);
     file_put_contents($keyPath . '/private.key', $privKey->getPrivateKey());
     file_put_contents($keyPath . '/public.crt', $x509->saveX509($result));
 }
예제 #4
0
 /**
  * @param string $certPem
  * @param array $keyPairPems
  *   Pair of PEM-encoded keys.
  * @param string $caCertPem
  * @return \File_X509
  */
 public static function loadCert($certPem, $keyPairPems = NULL, $caCertPem = NULL)
 {
     $certObj = new \File_X509();
     if (isset($caCertPem)) {
         $certObj->loadCA($caCertPem);
     }
     if ($certPem) {
         $certObj->loadX509($certPem);
     }
     if (isset($keyPairPems['privatekey'])) {
         $privKey = new \Crypt_RSA();
         $privKey->loadKey($keyPairPems['privatekey']);
         $certObj->setPrivateKey($privKey);
     }
     if (isset($keyPairPems['publickey'])) {
         $pubKey = new \Crypt_RSA();
         $pubKey->loadKey($keyPairPems['publickey']);
         $pubKey->setPublicKey();
         $certObj->setPublicKey($pubKey);
     }
     return $certObj;
 }
예제 #5
0
 /**
  * @param array $caKeyPair
  * @param string $caCert
  *   PEM-encoded cert.
  * @param string $csr
  *   PEM-encoded CSR.
  * @param int $serialNumber
  * @return string
  *   PEM-encoded cert.
  */
 public static function signCSR($caKeyPair, $caCert, $csr, $serialNumber = 1)
 {
     $privKey = new \Crypt_RSA();
     $privKey->loadKey($caKeyPair['privatekey']);
     $subject = new \File_X509();
     $subject->loadCSR($csr);
     $issuer = new \File_X509();
     $issuer->loadX509($caCert);
     $issuer->setPrivateKey($privKey);
     $x509 = new \File_X509();
     $x509->setSerialNumber($serialNumber, 10);
     $x509->setEndDate(date('c', strtotime(Constants::APP_DURATION, Time::getTime())));
     $result = $x509->sign($issuer, $subject, Constants::CERT_SIGNATURE_ALGORITHM);
     return $x509->saveX509($result);
 }
예제 #6
0
<?php

require_once 'Crypt/RSA.php';
require_once 'File/X509.php';
// Load the CA and its private key.
$pemcakey = file_get_contents('certs/rootCA.key');
$cakey = new Crypt_RSA();
$cakey->loadKey($pemcakey);
$pemca = file_get_contents('certs/rootCA.pem');
$ca = new File_X509();
$ca->loadX509($pemca);
$ca->setPrivateKey($cakey);
$csr = '-----BEGIN CERTIFICATE REQUEST-----
MIIBxDCCAS0CAQAwgYMxLTArBgNVBAMTJDczN0YwRjMzLTdBNjMtNDI5MC1BQkRG
LUE3QUE5NkVFNDc4QzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQH
EwlDdXBlcnRpbm8xEzARBgNVBAoTCkFwcGxlIEluYy4xDzANBgNVBAsTBmlQaG9u
ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAp+pWUbIk+mTyQp2hT95RMAFX
pC83IckQckh6FoXGj9n5CVNW1U1tAcj0bi+zVrF2yPX0AjuYLMBIS9bRtrJ6Cu/P
fhyqfgkK4XFOdTcvupegXZi5QakmcQOFotubpuD5Z+6FnhDsJz57bORcznCzu60Y
Ers/c3NjwSCFFi/IyPMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAE2zL2HLSCPE
8XsFKrB1J7w7pKxjf64QVHjp5aK3HtOUL89TRJFzHdpXMG58GrKibRWK19+kTQg4
zXyNVXEc4CnOFO2U5vPbdFmpgHc5IXFZZJgHrQo+JD39EJ5O0rtchKeYnePbK+X4
5fcixklRySJ06YthmX3FHitD3ExjaI8p
-----END CERTIFICATE REQUEST-----
';
$vectxq = openssl_pkey_get_details(openssl_csr_get_public_key($csr));
$pkeyxq = $vectxq['key'];
file_put_contents('certs/pubkey.pem', $pkeyxq);
// Load the certificate public key.
$pubkey = new Crypt_RSA();
$pubkey->loadKey(file_get_contents('certs/pubkey.pem'));
예제 #7
0
$subject->setDNProp('id-at-organizationName', 'phpseclib demo CA');
$subject->setPublicKey($pubKey);
$issuer = new File_X509();
$issuer->setPrivateKey($CAPrivKey);
$issuer->setDN($CASubject = $subject->getDN());
$x509 = new File_X509();
$x509->makeCA();
$result = $x509->sign($issuer, $subject);
echo "the CA cert to be imported into the browser is as follows:\r\n\r\n";
echo $x509->saveX509($result);
echo "\r\n\r\n";
// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);
$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();
$subject = new File_X509();
$subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
$subject->setPublicKey($pubKey);
$issuer = new File_X509();
$issuer->setPrivateKey($CAPrivKey);
$issuer->setDN($CASubject);
$x509 = new File_X509();
$result = $x509->sign($issuer, $subject);
echo "the stunnel.pem contents are as follows:\r\n\r\n";
echo $privKey->getPrivateKey();
echo "\r\n";
echo $x509->saveX509($result);
echo "\r\n";
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $helper = $this->getHelper('question');
     // ask fields
     $options = ['countryName' => 'CN', 'stateOrProvinceName' => 'Shanghai', 'localityName' => 'Shanghai'];
     if (!$input->getOption('default')) {
         foreach ($options as $ask => $default) {
             $q = new Question($ask . '[' . $default . ']: ', $default);
             $options[$ask] = $helper->ask($input, $output, $q);
         }
     }
     $output->writeln('Generating CA private key...');
     $CAPrivKey = new \Crypt_RSA();
     $key = $CAPrivKey->createKey(2048);
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-ca.key', $key['privatekey']);
     $output->writeln('Generating self-signed CA certificate...');
     $CAPrivKey->loadKey($key['privatekey']);
     $pubKey = new \Crypt_RSA();
     $pubKey->loadKey($key['publickey']);
     $pubKey->setPublicKey();
     $subject = new \File_X509();
     $subject->setDNProp('id-at-organizationName', 'OpenVJ Certificate Authority');
     foreach ($options as $prop => $val) {
         $subject->setDNProp('id-at-' . $prop, $val);
     }
     $subject->setPublicKey($pubKey);
     $issuer = new \File_X509();
     $issuer->setPrivateKey($CAPrivKey);
     $issuer->setDN($CASubject = $subject->getDN());
     $x509 = new \File_X509();
     $x509->setStartDate('-1 month');
     $x509->setEndDate('+3 year');
     $x509->setSerialNumber(chr(1));
     $x509->makeCA();
     $result = $x509->sign($issuer, $subject, 'sha256WithRSAEncryption');
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-ca.crt', $x509->saveX509($result));
     $output->writeln('Generating background service SSL private key...');
     $privKey = new \Crypt_RSA();
     $key = $privKey->createKey(2048);
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-server.key', $key['privatekey']);
     $privKey->loadKey($key['privatekey']);
     $output->writeln('Generating background service SSL certificate...');
     $pubKey = new \Crypt_RSA();
     $pubKey->loadKey($key['publickey']);
     $pubKey->setPublicKey();
     $subject = new \File_X509();
     $subject->setPublicKey($pubKey);
     $subject->setDNProp('id-at-organizationName', 'OpenVJ Background Service Certificate');
     foreach ($options as $prop => $val) {
         $subject->setDNProp('id-at-' . $prop, $val);
     }
     $subject->setDomain('127.0.0.1');
     $issuer = new \File_X509();
     $issuer->setPrivateKey($CAPrivKey);
     $issuer->setDN($CASubject);
     $x509 = new \File_X509();
     $x509->setStartDate('-1 month');
     $x509->setEndDate('+3 year');
     $x509->setSerialNumber(chr(1));
     $result = $x509->sign($issuer, $subject, 'sha256WithRSAEncryption');
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-server.crt', $x509->saveX509($result));
     $output->writeln('Generating background service client private key...');
     $privKey = new \Crypt_RSA();
     $key = $privKey->createKey(2048);
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-client.key', $key['privatekey']);
     $privKey->loadKey($key['privatekey']);
     $output->writeln('Generating background service client certificate...');
     $pubKey = new \Crypt_RSA();
     $pubKey->loadKey($key['publickey']);
     $pubKey->setPublicKey();
     $subject = new \File_X509();
     $subject->setPublicKey($pubKey);
     $subject->setDNProp('id-at-organizationName', 'OpenVJ Background Service Client Certificate');
     foreach ($options as $prop => $val) {
         $subject->setDNProp('id-at-' . $prop, $val);
     }
     $issuer = new \File_X509();
     $issuer->setPrivateKey($CAPrivKey);
     $issuer->setDN($CASubject);
     $x509 = new \File_X509();
     $x509->setStartDate('-1 month');
     $x509->setEndDate('+3 year');
     $x509->setSerialNumber(chr(1));
     $x509->loadX509($x509->saveX509($x509->sign($issuer, $subject, 'sha256WithRSAEncryption')));
     $x509->setExtension('id-ce-keyUsage', array('digitalSignature', 'keyEncipherment', 'dataEncipherment'));
     $x509->setExtension('id-ce-extKeyUsage', array('id-kp-serverAuth', 'id-kp-clientAuth'));
     $result = $x509->sign($issuer, $x509, 'sha256WithRSAEncryption');
     file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-client.crt', $x509->saveX509($result));
 }
예제 #9
0
$TokenSignature = "";
openssl_sign($Token, $TokenSignature, $iPhoneActivationPrivateKey);
// Re-Encode the Tokens to the Correct Base64 Format.
$AccountTokenCertificate = base64_encode($TokenCertificate);
$AccountTokenSignature = base64_encode($TokenSignature);
$AccountToken = base64_encode($Token);
// Check if Token Signature is Okay.
$AccountTokenSignatureCheck = Check_Signature($FakeAccountTokenCertificate, $AccountTokenSignature, $AccountToken);
$Message .= $AccountTokenSignatureCheck . "\n";
// Load iPhoneDeviceCA Certificate & It's Private Key.
$iPhoneDeviceCA_private = file_get_contents($iPhoneDeviceCA_privateFile);
$CA_Key = new Crypt_RSA();
$CA_Key->loadKey($iPhoneDeviceCA_private);
$iPhoneDeviceCA = file_get_contents($iPhoneDeviceCAFile);
$CA_Certificate = new File_X509();
$CA_Certificate->setPrivateKey($CA_Key);
$CA_Certificate->loadX509($iPhoneDeviceCA);
// $CA_Certificate->setExtension( 'id-ce-authorityKeyIdentifier',
// $CA_Certificate->setKeyIdentifier ( base64_decode (
// 'sv4hI0SGlWp51YEmjnMQ2KdMjnQ=' ) ), false );
// Get And Store DeviceCertRequest Public Key.
$DeviceCertRequest = base64_decode($DeviceCertRequest);
$iPhoneDeviceVect = openssl_pkey_get_details(openssl_csr_get_public_key($DeviceCertRequest));
$iPhoneDevicePublicKey = $iPhoneDeviceVect['key'];
file_put_contents($DeviceCertRequest_PublicFile, $iPhoneDevicePublicKey);
// Load DeviceCertRequest Public Key.
$DeviceCertRequest_PublicKey = new Crypt_RSA();
$DeviceCertRequest_PublicKey->loadKey(file_get_contents($DeviceCertRequest_PublicFile));
$DeviceCertRequest_PublicKey->setPublicKey();
// Load CSR And get DN.
$DeviceCertRequest_CR = new File_X509();