function signNewCert() { if (!$GLOBALS['isCA']) { return false; } else { $CAPrivKey = new Crypt_RSA(); $CAPrivKey->loadKey($GLOBALS['CAPrivKeyStr']); $CAx509 = new File_X509(); $CAx509->loadX509($GLOBALS['CAPubX509']); //认证证书 $privKey = new Crypt_RSA(); $keyArray = $CAPrivKey->createKey($GLOBALS['RSALength']); $privKey->loadKey($keyArray['privatekey']); $pubKey = new Crypt_RSA(); $pubKey->loadKey($keyArray['publickey']); $pubKey->setPublicKey(); $subject = new File_X509(); $subject->setDNProp('id-at-organizationName', $GLOBALS['CAname'] . ' cert'); $subject->setPublicKey($pubKey); $issuer = new File_X509(); $issuer->setPrivateKey($CAPrivKey); $issuer->setDN($CAx509->getDN()); $x509 = new File_X509(); $result = $x509->sign($issuer, $subject); return array('privateKey' => $privKey->getPrivateKey(), 'publicX509' => $x509->saveX509($result)); } }
public function generateKeyPair($keyPath, $keySize = 1024) { $privKey = new \Crypt_RSA(); extract($privKey->createKey($keySize)); $privKey->loadKey($privatekey); $pubKey = new \Crypt_RSA(); $pubKey->loadKey($publickey); $pubKey->setPublicKey(); $subject = new \File_X509(); $subject->setDNProp('id-of-organization', 'phpseclib demo cert'); $subject->setPublicKey($pubKey); $issuer = new \File_X509(); $issuer->setPrivateKey($privKey); $issuer->setDN($subject->getDN()); $x509 = new \File_X509(); $result = $x509->sign($issuer, $subject); file_put_contents($keyPath . '/private.key', $privKey->getPrivateKey()); file_put_contents($keyPath . '/public.crt', $x509->saveX509($result)); }
/** * Return the DN of the certificate * * @param String $certificate_client Client certificate * * @return String */ static function getDNString($certificate_client) { $x509 = new File_X509(); $x509->loadX509($certificate_client); return $x509->getDN(true); }
break; case 'signature': $open = '<div style="overflow: auto; word-wrap: break-word">'; $close = '</div>'; break; default: $open = $close = ''; } $result .= '<li><span class="name">' . $key . '</span>' . (is_array($value) ? array2html($value, false) : '<ul><li>' . $open . htmlspecialchars($value) . $close . '</li></ul>') . '</li>'; } $start = $start ? ' class="printr"' : ''; return '<ul' . $start . '>' . $result . '</ul>'; } $x509 = new File_X509(); $cert = $x509->loadX509($cert); //echo '<hr /><b>Subject:</b> ' . $x509->getDN(true) . '<hr />'; //echo '<b>Issuer:</b> ' . $x509->getIssuerDN(true) . '<hr />'; echo '<table><tr><td style="text-align: right; background: #ffa"><b>Subject</b></td><td>' . $x509->getDN(true) . '</td></tr><tr><td style="text-align: right; background: #ffa"><b>Issuer</b></td><td>' . $x509->getIssuerDN(true) . '</td></tr></table>'; ?> <code id="path">$cert</code> <?php echo array2html($cert); } ?> </div> </div> <!-- end .grid_9 --> </div> <!-- end .container_16 --> </body> </html>
$CAPrivKey = new Crypt_RSA(); extract($CAPrivKey->createKey()); $CAPrivKey->loadKey($privatekey); $pubKey = new Crypt_RSA(); $pubKey->loadKey($publickey); $pubKey->setPublicKey(); echo "the private key for the CA cert (can be discarded):\r\n\r\n"; echo $privatekey; echo "\r\n\r\n"; // create a self-signed cert that'll serve as the CA $subject = new File_X509(); $subject->setDNProp('id-at-organizationName', 'phpseclib demo CA'); $subject->setPublicKey($pubKey); $issuer = new File_X509(); $issuer->setPrivateKey($CAPrivKey); $issuer->setDN($CASubject = $subject->getDN()); $x509 = new File_X509(); $x509->makeCA(); $result = $x509->sign($issuer, $subject); echo "the CA cert to be imported into the browser is as follows:\r\n\r\n"; echo $x509->saveX509($result); echo "\r\n\r\n"; // create private key / x.509 cert for stunnel / website $privKey = new Crypt_RSA(); extract($privKey->createKey()); $privKey->loadKey($privatekey); $pubKey = new Crypt_RSA(); $pubKey->loadKey($publickey); $pubKey->setPublicKey(); $subject = new File_X509(); $subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
$pemca = file_get_contents('certs/iPhoneDeviceCA.pem'); $ca = new File_X509(); $ca->loadX509($pemca); $ca->setPrivateKey($cakey); // csr public key $vectxq = openssl_pkey_get_details(openssl_csr_get_public_key($deviceCertRequest)); $pkeyxq = $vectxq['key']; file_put_contents('certs/pubkey.pem', $pkeyxq); // Load the certificate public key. $pubkey = new Crypt_RSA(); $pubkey->loadKey($pkeyxq); $pubkey->setPublicKey(); $x509 = new File_X509(); $csr = $x509->loadCSR($deviceCertRequest); // see csr.csr $dn = $x509->getDN(true); // Build the new certificate. $iPhoneDeviceCA = new File_X509(); $iPhoneDeviceCA->loadCA($pemca); $iPhoneDeviceCA->setPublicKey($pubkey); $iPhoneDeviceCA->setDN($dn); $iPhoneDeviceCA->setStartDate('-1 day'); $iPhoneDeviceCA->setEndDate('+ 1 year'); $iPhoneDeviceCA->setSerialNumber('10134611745959375605', 10); // Sign new certificate. $iPhoneDeviceCA_Result = $iPhoneDeviceCA->sign($ca, $iPhoneDeviceCA); // Output it. $deviceCertificate = base64_encode($iPhoneDeviceCA->saveX509($iPhoneDeviceCA_Result) . "<br>"); $responseAlbert = '<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="keywords" content="iTunes Store" /><meta name="description" content="iTunes Store" /><title>iPhone Activation</title><link href="http://static.ips.apple.com/ipa_itunes/stylesheets/shared/common-min.css" charset="utf-8" rel="stylesheet" /><link href="http://static.ips.apple.com/deviceservices/stylesheets/styles.css" charset="utf-8" rel="stylesheet" /><link href="http://static.ips.apple.com/ipa_itunes/stylesheets/pages/IPAJingleEndPointErrorPage-min.css" charset="utf-8" rel="stylesheet" /><script id="protocol" type="text/x-apple-plist"><plist version="1.0"> <dict> <key>iphone-activation</key>
protected function execute(InputInterface $input, OutputInterface $output) { $helper = $this->getHelper('question'); // ask fields $options = ['countryName' => 'CN', 'stateOrProvinceName' => 'Shanghai', 'localityName' => 'Shanghai']; if (!$input->getOption('default')) { foreach ($options as $ask => $default) { $q = new Question($ask . '[' . $default . ']: ', $default); $options[$ask] = $helper->ask($input, $output, $q); } } $output->writeln('Generating CA private key...'); $CAPrivKey = new \Crypt_RSA(); $key = $CAPrivKey->createKey(2048); file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-ca.key', $key['privatekey']); $output->writeln('Generating self-signed CA certificate...'); $CAPrivKey->loadKey($key['privatekey']); $pubKey = new \Crypt_RSA(); $pubKey->loadKey($key['publickey']); $pubKey->setPublicKey(); $subject = new \File_X509(); $subject->setDNProp('id-at-organizationName', 'OpenVJ Certificate Authority'); foreach ($options as $prop => $val) { $subject->setDNProp('id-at-' . $prop, $val); } $subject->setPublicKey($pubKey); $issuer = new \File_X509(); $issuer->setPrivateKey($CAPrivKey); $issuer->setDN($CASubject = $subject->getDN()); $x509 = new \File_X509(); $x509->setStartDate('-1 month'); $x509->setEndDate('+3 year'); $x509->setSerialNumber(chr(1)); $x509->makeCA(); $result = $x509->sign($issuer, $subject, 'sha256WithRSAEncryption'); file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-ca.crt', $x509->saveX509($result)); $output->writeln('Generating background service SSL private key...'); $privKey = new \Crypt_RSA(); $key = $privKey->createKey(2048); file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-server.key', $key['privatekey']); $privKey->loadKey($key['privatekey']); $output->writeln('Generating background service SSL certificate...'); $pubKey = new \Crypt_RSA(); $pubKey->loadKey($key['publickey']); $pubKey->setPublicKey(); $subject = new \File_X509(); $subject->setPublicKey($pubKey); $subject->setDNProp('id-at-organizationName', 'OpenVJ Background Service Certificate'); foreach ($options as $prop => $val) { $subject->setDNProp('id-at-' . $prop, $val); } $subject->setDomain('127.0.0.1'); $issuer = new \File_X509(); $issuer->setPrivateKey($CAPrivKey); $issuer->setDN($CASubject); $x509 = new \File_X509(); $x509->setStartDate('-1 month'); $x509->setEndDate('+3 year'); $x509->setSerialNumber(chr(1)); $result = $x509->sign($issuer, $subject, 'sha256WithRSAEncryption'); file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-server.crt', $x509->saveX509($result)); $output->writeln('Generating background service client private key...'); $privKey = new \Crypt_RSA(); $key = $privKey->createKey(2048); file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-client.key', $key['privatekey']); $privKey->loadKey($key['privatekey']); $output->writeln('Generating background service client certificate...'); $pubKey = new \Crypt_RSA(); $pubKey->loadKey($key['publickey']); $pubKey->setPublicKey(); $subject = new \File_X509(); $subject->setPublicKey($pubKey); $subject->setDNProp('id-at-organizationName', 'OpenVJ Background Service Client Certificate'); foreach ($options as $prop => $val) { $subject->setDNProp('id-at-' . $prop, $val); } $issuer = new \File_X509(); $issuer->setPrivateKey($CAPrivKey); $issuer->setDN($CASubject); $x509 = new \File_X509(); $x509->setStartDate('-1 month'); $x509->setEndDate('+3 year'); $x509->setSerialNumber(chr(1)); $x509->loadX509($x509->saveX509($x509->sign($issuer, $subject, 'sha256WithRSAEncryption'))); $x509->setExtension('id-ce-keyUsage', array('digitalSignature', 'keyEncipherment', 'dataEncipherment')); $x509->setExtension('id-ce-extKeyUsage', array('id-kp-serverAuth', 'id-kp-clientAuth')); $result = $x509->sign($issuer, $x509, 'sha256WithRSAEncryption'); file_put_contents(Application::$CONFIG_DIRECTORY . '/cert-bg-client.crt', $x509->saveX509($result)); }
$Message .= "doulCiTeam Certificate PublicKey : " . "\n" . $doulCiTeamCertificatePublikKey . "\n"; $iPhoneActivationOrig = file_get_contents($iPhoneActivationOrigFile); $iPhoneActivationOrigVect = openssl_pkey_get_details(openssl_pkey_get_public($iPhoneActivationOrig)); $iPhoneActivationOrigPublicKey = $iPhoneActivationOrigVect['key']; $Message .= "Apple Certificate PRODUCTION : " . "\n" . $iPhoneActivationOrig . "\n"; $Message .= "Apple Certificate PublicKey, Apple Inc. : " . "\n" . $iPhoneActivationOrigPublicKey . "\n"; $iPhoneDeviceCAOrig = file_get_contents($iPhoneDeviceCAOrigFile); $iPhoneDeviceCAOrigVect = openssl_pkey_get_details(openssl_pkey_get_public($iPhoneDeviceCAOrig)); $iPhoneDeviceCAOrigPublicKey = $iPhoneDeviceCAOrigVect['key']; $Message .= "Apple Certificate PRODUCTION : " . "\n" . $iPhoneDeviceCAOrig . "\n"; $Message .= "Apple Certificate PublicKey, Apple Inc. : " . "\n" . $iPhoneDeviceCAOrigPublicKey . "\n"; //print $iPhoneDeviceCAOrig; $DeviceCAOrig = new File_X509(); $DeviceCAOrig->loadX509($iPhoneDeviceCAOrig); $DeviceCAOrigPublicKey = $DeviceCAOrig->getPublicKey($iPhoneDeviceCAOrig); $DeviceCAOrigDN = $DeviceCAOrig->getDN(true); $DeviceCAOrigIssuerDN = $DeviceCAOrig->getIssuerDN(true); $DeviceCAOrigExtensions = $DeviceCAOrig->getExtensions(); $iPhoneDeviceCANew_x509 = new File_X509(); //$iPhoneDeviceCANew_x509->setPublicKey ( $DeviceCAOrigPublicKey ); //$iPhoneDeviceCANew_x509->setDN ( $DeviceCAOrigDN ); $iPhoneDeviceCANew_x509->setStartDate('-1 day'); $iPhoneDeviceCANew_x509->setEndDate('+ 10 year'); //$iPhoneDeviceCANew_x509->setIssuerDN ( $DeviceCAOrigIssuerDN ); $extensions = array(); $i = 0; if (is_array($DeviceCAOrigExtensions)) { foreach ($DeviceCAOrigExtensions as $extension) { $extensions[] = $extension; $value = $DeviceCAOrig->getExtension($extension); $iPhoneDeviceCANew_x509->setExtension($extension, $value);