/** * @param CertificateSerializer $subjectSerializer * @param CertificateInfo $certificateInfo * @param PrivateKeyInterface $privateKey * @return Certificate */ public function createCertificate(CertificateSerializer $subjectSerializer, CertificateInfo $certificateInfo, PrivateKeyInterface $privateKey) { $domain = $this->domain; $dataHex = $subjectSerializer->getSignatureData($certificateInfo); $hash = $domain->getHasher()->hashDec($dataHex); $rng = RandomGeneratorFactory::getUrandomGenerator(); $k = $rng->generate($domain->getGenerator()->getOrder()); $signature = $this->domain->getSigner()->sign($privateKey, $hash, $k); return new Certificate($certificateInfo, $this->domain->getSigAlgorithm(), $signature); }
public function testIsConsistent() { $math = new Gmp(); $rbg = RandomGeneratorFactory::getUrandomGenerator(); $serializer = new DerSignatureSerializer(); for ($i = 2; $i <= 521; $i++) { $max = $math->sub($math->pow(2, $i), 1); $r = $rbg->generate($max); $s = $rbg->generate($max); $signature = new Signature($r, $s); $serialized = $serializer->serialize($signature); $parsed = $serializer->parse($serialized); $this->assertEquals($signature, $parsed); } }
<?php require "../vendor/autoload.php"; use Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer; use Mdanter\X509\Serializer\Certificates\CertificateSubjectSerializer; use Mdanter\X509\Serializer\Signature\DerSignatureSerializer; $curveName = 'secp256k1'; $hasherName = 'sha512'; $serialNo = 0; $math = \Mdanter\Ecc\EccFactory::getAdapter(); $f = new \Mdanter\X509\Factory(); $domain = $f->getDomain($math, $curveName, $hasherName); $G = $domain->getGenerator(); $randomInt = \Mdanter\Ecc\Random\RandomGeneratorFactory::getUrandomGenerator()->generate($G->getOrder()); $k = $G->getPrivateKeyFrom($randomInt); $issuerDetails = ['commonName' => 'test CA']; $issuerSubject = new \Mdanter\X509\Certificates\CertificateSubject($issuerDetails); $ca = $f->getCA($math, $domain, $issuerSubject); $serializer = new \Mdanter\X509\Serializer\Certificates\CertificateSerializer(new CertificateSubjectSerializer(), new DerPublicKeySerializer(), new DerSignatureSerializer()); $validityStart = new DateTime('now'); $validityEnd = new DateTime('now'); $validityEnd->modify("+1 year"); $info = new \Mdanter\X509\Certificates\CertificateInfo(0, $domain->getSigAlgorithm(), $issuerSubject, $issuerSubject, $k->getPublicKey(), $validityStart, $validityEnd); $usage = new \Mdanter\X509\Extensions\Extension\KeyUsage(null); $usage->addKeyUsage(0); $usage->addKeyUsage(1); $usage->addKeyUsage(5); var_dump($usage->getBitString()); $certificate = $ca->createCertificate($serializer, $info, $k); echo $serializer->serialize($certificate);
public function getAdaptersWithRand() { $rngs = array(array(RandomGeneratorFactory::getUrandomGenerator())); if (!defined('HHVM_VERSION')) { $rngs[] = array(RandomGeneratorFactory::getGmpRandomGenerator(false, true)); } return $this->_getAdapters($rngs); }
<?php require "../vendor/autoload.php"; $curveName = 'nist-p521'; $hashAlgo = 'sha256'; $factory = new Mdanter\X509\Factory(); $adapter = \Mdanter\Ecc\EccFactory::getAdapter(); $domain = $factory->getDomain($adapter, $curveName, $hashAlgo); $rbg = \Mdanter\Ecc\Random\RandomGeneratorFactory::getUrandomGenerator(); $G = \Mdanter\Ecc\Curves\CurveFactory::getGeneratorByName($curveName); $randomInt = $rbg->generate($G->getOrder()); $k = $G->getPrivateKeyFrom($randomInt); $Q = $k->getPublicKey(); $subjectDetails = ['commonName' => '127.0.0.1']; $subject = new Mdanter\X509\Certificates\CertificateSubject($subjectDetails); $csr = $factory->getCsr($domain, $subject, $k); $csrSerializer = new \Mdanter\X509\Serializer\Certificates\CsrSerializer(new \Mdanter\X509\Serializer\Certificates\CertificateSubjectSerializer(), new \Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer($adapter), new \Mdanter\X509\Serializer\Signature\DerSignatureSerializer()); $serialized = $csrSerializer->serialize($csr); echo $serialized;
/** * @param EcDomain $domain * @param CertificateSubject $subject * @param PrivateKeyInterface $privateKey * @return Csr */ public static function getCsr(EcDomain $domain, CertificateSubject $subject, PrivateKeyInterface $privateKey) { $subjectSerializer = new CertificateSubjectSerializer(); $serialized = $subjectSerializer->serialize($subject); return new Csr($domain, $subject, $privateKey->getPublicKey(), $domain->getSigner()->sign($privateKey, $domain->getHasher()->hashDec($serialized), RandomGeneratorFactory::getUrandomGenerator()->generate($domain->getGenerator()->getOrder()))); }