Пример #1
0
function get_signed_url($url, $private_key, $key_pair_id, $expires, $client_ip = null)
{
    $policy = '{' . '"Statement":[' . '{' . '"Resource":"' . $url . '",' . '"Condition":{';
    if (!is_null($client_ip)) {
        $policy .= '"IpAddress":{"AWS:SourceIp":"' . $client_ip . '/32"},';
    }
    $policy .= '"DateLessThan":{"AWS:EpochTime":' . $expires . '}' . '}' . '}' . ']' . '}';
    // the policy contains characters that cannot be part of a URL, so we base64 encode it
    $encoded_policy = url_safe_base64_encode($policy);
    // sign the original policy, not the encoded version
    $signature = '';
    $pkeyid = openssl_get_privatekey($private_key);
    // compute signature
    openssl_sign($policy, $signature, $pkeyid);
    // free the key from memory
    openssl_free_key($pkeyid);
    // make the signature is safe to be included in a url
    $encoded_signature = url_safe_base64_encode($signature);
    // combine the above into a signed url
    // if the signed url already contains query parameters, attach the new query parameters to the end
    // otherwise, add the query parameters
    $separator = strpos($url, '?') == FALSE ? '?' : '&';
    // no IP restriction means we are using a canned policy
    if (!is_null($client_ip)) {
        $url .= $separator . "Expires=" . $expires . "&Signature=" . $encoded_signature . "&Key-Pair-Id=" . $key_pair_id;
    } else {
        $url .= $separator . "Policy=" . $encoded_policy . "&Signature=" . $encoded_signature . "&Key-Pair-Id=" . $key_pair_id;
    }
    // new lines would break us, so remove them
    return str_replace('\\n', '', $url);
}
Пример #2
0
 /**
  * @param string $keyFile - path to key file
  * @param string $certFile - path to certificate chain file
  * @throws \Exception
  */
 private function initialize($keyFile, $certFile)
 {
     if (false === file_exists($keyFile)) {
         throw new \InvalidArgumentException('Private key file does not exist');
     }
     if (false === file_exists($certFile)) {
         throw new \InvalidArgumentException('Certificate file does not exist');
     }
     if ('x509+sha256' === $this->type && !$this->supportsSha256()) {
         throw new \Exception('Server does not support x.509+SHA256');
     }
     $chain = $this->fetchChain($certFile);
     if (!is_array($chain) || count($chain) === 0) {
         throw new \RuntimeException('Certificate file contains no certificates');
     }
     foreach ($chain as $cert) {
         $this->certificates->addCertificate($cert);
     }
     $pkeyid = openssl_get_privatekey(file_get_contents($keyFile));
     if (false === $pkeyid) {
         throw new \InvalidArgumentException('Private key is invalid');
     }
     $this->privateKey = $pkeyid;
     $this->algoConst = $this->type === 'x509+sha256' ? OPENSSL_ALGO_SHA256 : OPENSSL_ALGO_SHA1;
 }
function validate_priv_key($priv_key)
{
    $key = @openssl_get_privatekey($priv_key);

    if($key === false)
        throw new invalid_private_key_exception();
}
Пример #4
0
 function getSignedURL($resource, $timeout)
 {
     //This comes from key pair you generated for cloudfront
     $keyPairId = $this->config->item('cloudfront_keyPairId');
     $key = $this->config->item('cloudfront_key');
     //IMPORTANT: Keep private and not in a web-accessible location
     //Set privateKey location based on web url (dev or production)
     $privateKey = $this->config->item('cloudfront_keyLocation') . $key;
     $expires = time() + $timeout;
     //Time out in seconds
     $json = '{"Statement":[{"Resource":"' . $resource . '","Condition":{"DateLessThan":{"AWS:EpochTime":' . $expires . '}}}]}';
     //Read Cloudfront Private Key Pair
     $fp = fopen($privateKey, "r");
     $priv_key = fread($fp, 8192);
     fclose($fp);
     //Create the private key
     $key = openssl_get_privatekey($priv_key);
     if (!$key) {
         echo "<p>Failed to load private key!</p>";
         return;
     }
     //Sign the policy with the private key
     if (!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) {
         echo '<p>Failed to sign policy: ' . openssl_error_string() . '</p>';
         return;
     }
     //Create url safe signed policy
     $base64_signed_policy = base64_encode($signed_policy);
     $signature = str_replace(array('+', '=', '/'), array('-', '_', '~'), $base64_signed_policy);
     //Construct the URL
     $url = $resource . '?Expires=' . $expires . '&Signature=' . $signature . '&Key-Pair-Id=' . $keyPairId;
     return $url;
 }
Пример #5
0
	public static function checkTANValidity ($emailId, $tanNo) {
		
		$db = DB::getInstance();
		$db->connect();

		$accountData = $db->select("ACCOUNTS", "userId = '$emailId'");
		$accountNo = $accountData["accountNo"];

		
		$fprv = fopen(PRIVATE_KEY_LOC, "r");   //please change the path of the privateKey file here
		$privateKey = fread($fprv, 512);
		fclose($fprv);
		
		$res_prv = openssl_get_privatekey($privateKey);

		openssl_private_decrypt(base64_decode($tanNo), $decrypted, $res_prv);
		
		if ($decrypted == $accountNo) {
			return true;
		}
		else
			return false;


		
	}
function getSignedURL($resource, $timeout)
{
    //This comes from key pair you generated for cloudfront
    $keyPairId = "APKAIA3QRQOKVKEQDHZA";
    $expires = time() + $timeout;
    //Time out in seconds
    $json = '{"Statement":[{"Resource":"' . $resource . '","Condition":{"DateLessThan":{"AWS:EpochTime":' . $expires . '}}}]}';
    //Read Cloudfront Private Key Pair
    $fp = fopen("private_key.pem", "r");
    $priv_key = fread($fp, 8192);
    fclose($fp);
    //Create the private key
    //$key = openssl_get_privatekey($priv_key);
    $key = openssl_get_privatekey("file://private_key.pem");
    if (!$key) {
        echo "<p>Failed to load private key!</p>";
        return;
    }
    //Sign the policy with the private key
    if (!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) {
        echo '<p>Failed to sign policy: ' . openssl_error_string() . '</p>';
        return;
    }
    //Create url safe signed policy
    $base64_signed_policy = base64_encode($signed_policy);
    $signature = str_replace(array('+', '=', '/'), array('-', '_', '~'), $base64_signed_policy);
    //Construct the URL
    $url = $resource . '?Expires=' . $expires . '&Signature=' . $signature . '&Key-Pair-Id=' . $keyPairId;
    return $url;
}
 /**
  * @param string $type
  * @param string $keyFile
  * @param string $certFile
  * @throws \InvalidArgumentException
  * @throws \Exception
  */
 public function __construct($type = 'none', $keyFile = '', $certFile = '')
 {
     if (false === in_array($type, ['none', 'x509+sha1', 'x509+sha256'])) {
         throw new \InvalidArgumentException('Invalid BIP70 signature type');
     }
     $this->type = $type;
     $this->certificates = new X509CertificatesBuf();
     if ($type !== 'none') {
         if (false === file_exists($keyFile)) {
             throw new \InvalidArgumentException('Private key file does not exist');
         }
         if (false === file_exists($certFile)) {
             throw new \InvalidArgumentException('Certificate file does not exist');
         }
         if ('x509+sha256' == $type and !defined('OPENSSL_ALGO_SHA256')) {
             throw new \Exception('Server does not support x.509+SHA256');
         }
         $chain = $this->fetchChain($certFile);
         if (!is_array($chain) || count($chain) == 0) {
             throw new \RuntimeException('Certificate file contains no certificates');
         }
         foreach ($chain as $cert) {
             $this->certificates->addCertificate($cert);
         }
         $pkeyid = openssl_get_privatekey(file_get_contents($keyFile));
         if (false === $pkeyid) {
             throw new \InvalidArgumentException('Private key is invalid');
         }
         $this->privateKey = $pkeyid;
         $this->algoConst = $type == 'x509+sha256' ? OPENSSL_ALGO_SHA256 : OPENSSL_ALGO_SHA1;
     }
 }
 public static function factoryFromEncrypted($envKey, $encData, $privateKeyFilePath, $privateKeyPassword = null)
 {
     $privateKey = null;
     if ($privateKeyPassword == null) {
         $privateKey = @openssl_get_privatekey("file://{$privateKeyFilePath}");
     } else {
         $privateKey = @openssl_get_privatekey("file://{$privateKeyFilePath}", $privateKeyPassword);
     }
     if ($privateKey === false) {
         throw new Exception('Error loading private key', self::ERROR_CONFIRM_LOAD_PRIVATE_KEY);
     }
     $srcData = base64_decode($encData);
     if ($srcData === false) {
         @openssl_free_key($privateKey);
         throw new Exception('Failed decoding data', self::ERROR_CONFIRM_FAILED_DECODING_DATA);
     }
     $srcEnvKey = base64_decode($envKey);
     if ($srcEnvKey === false) {
         throw new Exception('Failed decoding envelope key', self::ERROR_CONFIRM_FAILED_DECODING_ENVELOPE_KEY);
     }
     $data = null;
     $result = @openssl_open($srcData, $data, $srcEnvKey, $privateKey);
     if ($result === false) {
         throw new Exception('Failed decrypting data', self::ERROR_CONFIRM_FAILED_DECRYPT_DATA);
     }
     return Mobilpay_Payment_Request_Abstract::factory($data);
 }
Пример #9
0
 /**
  * Initialize the class, this must be called before anything else
  * @param $config
  * @param bool $changeSessionID Allow phpCAS to change the session_id (Single Sign Out/handleLogoutRequests is based on that change)
  * @param $debugLog Set to a path to enable debug log
  */
 public static function init($config, $changeSessionID = true, $debugLog = null)
 {
     if ($debugLog != null) {
         phpCAS::setDebug($debugLog);
     }
     phpCAS::client(CAS_VERSION_2_0, $config['site'], $config['port'], "cas", $changeSessionID);
     self::$config = $config;
     $private_key = null;
     if (isset($config['private_key'])) {
         $key = static::resolve_filename($config['private_key']);
         $private_key = openssl_get_privatekey("file:///{$key}");
         if ($private_key === false) {
             throw new NXAuthError("Failed to open private key {$key}");
         }
     }
     if (isset($config['ca_cert']) && $config['ca_cert'] != null) {
         self::$ca_cert = static::resolve_filename($config['ca_cert']);
         phpCAS::setCasServerCACert(self::$ca_cert);
     } else {
         phpCAS::setNoCasServerValidation();
         // Disable curl ssl verification
         phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYHOST, 0);
         phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYPEER, 0);
     }
     NXAPI::init(array('private_key' => $private_key, 'key_id' => $config['key_id'], 'url' => "https://" . $config['site'], 'ca_cert' => self::$ca_cert));
 }
	function getXMLSing($xmlHon,$priv_key){
		//Carga Certificado
		$xml = new DomDocument();
		$xml->loadXML($xmlHon);
		//Carga prosedimiento de proceso de cadena original
		$xsl = new DomDocument;
		$xsl->load("ostring.xsl");
		$proc = new xsltprocessor();
		$proc->importStyleSheet($xsl);
		$original =$proc->transformToXML($xml);
		//firma la cadena original
		
		//$fp = $cert[0]['certificates']['key'];
		//$priv_key = $f['key'];
		//die($f['key']);
		//fclose($fp);
		$pkeyid = openssl_get_privatekey($priv_key);
		openssl_sign($original, $signature, $pkeyid,OPENSSL_ALGO_MD5);
		openssl_free_key($pkeyid);
		//coloca el sello en xml
		$esqueletonew=$xmlHon;
		$esqueletonew=str_replace("#1#",base64_encode($signature),$esqueletonew);
		$xmlReturn[1]=$esqueletonew;
		$xmlReturn[2]=$original;
		$xmlReturn[3]=base64_encode($signature);
		return $xmlReturn;
	}
Пример #11
0
 function sign($text)
 {
     $pkeyid = openssl_get_privatekey($this->privatni, $this->heslo);
     openssl_sign($text, $signature, $pkeyid);
     $signature = base64_encode($signature);
     openssl_free_key($pkeyid);
     return $signature;
 }
Пример #12
0
 /**
  * 对密文进行解密
  *
  * @param string $enc_text 密文, base64格式
  * 
  * @return string 明文
  */
 static function decrypt($enc_text)
 {
     global $cfg;
     $prikey = $cfg['rsa']['prikey'];
     $prikey = openssl_get_privatekey($prikey, $passphrase);
     $res = openssl_private_decrypt(base64_decode($enc_text), $source, $prikey, OPENSSL_PKCS1_PADDING);
     return $res ? $source : false;
 }
Пример #13
0
 function enc_pri($str)
 {
     $key = uniqid();
     $res = openssl_get_privatekey($this->pri,$this->pra);
     openssl_private_encrypt($key,$cry,$res);
     $ret = $this->enc_sym($key,$str);
     return base64_encode($cry).':'.base64_encode($ret);
 }
Пример #14
0
 /**
  * @param string $text
  * @return string Base64 encoded
  */
 public function sign($text)
 {
     $privateKeyId = openssl_get_privatekey($this->privateKey, $this->privateKeyPassword);
     openssl_sign($text, $signature, $privateKeyId);
     $signature = base64_encode($signature);
     openssl_free_key($privateKeyId);
     return $signature;
 }
Пример #15
0
 function rsaSha1Sign($policy)
 {
     $signature = "";
     $pkeyid = openssl_get_privatekey($this->key);
     openssl_sign($policy, $signature, $pkeyid);
     openssl_free_key($pkeyid);
     return $signature;
 }
Пример #16
0
 /**
  * encrypts the data with given private key
  *
  * @param string $data
  * @param string $privateKeyPath
  * @return string
  */
 public static function sign($data, $privateKeyPath)
 {
     $privateKey = self::read($privateKeyPath);
     $pKeyId = openssl_get_privatekey($privateKey);
     openssl_sign($data, $signature, $pKeyId, "SHA256");
     openssl_free_key($pKeyId);
     return $signature;
 }
Пример #17
0
 function load_private_key($privkey, $passphrase = false)
 {
     if ($passphrase) {
         return openssl_get_privatekey($privkey, $passphrase);
     } else {
         return openssl_get_privatekey($privkey);
     }
 }
Пример #18
0
	public function rsa_sign($data, $rsaPrivateKeyFilePath) {
		$priKey = file_get_contents ( $rsaPrivateKeyFilePath );
		$res = openssl_get_privatekey ( $priKey );
		openssl_sign ( $data, $sign, $res );
		openssl_free_key ( $res );
		$sign = base64_encode ( $sign );
		return $sign;
	}
Пример #19
0
 /**
  * @return resource
  */
 protected function getRsaPrivateKey()
 {
     $key = openssl_get_privatekey(file_get_contents(__DIR__ . '/../../../resources/a.key'));
     if (false === $key) {
         throw new \LogicException('Unable to load RSA private key');
     }
     return $key;
 }
Пример #20
0
function rsa_sha1_sign($policy)
{
    $priv_key = file_get_contents("/Users/joelsaltzman/Desktop/privatekey");
    $pkeyid = openssl_get_privatekey($priv_key);
    openssl_sign($policy, $signature, $pkeyid);
    openssl_free_key($pkeyid);
    return $signature;
}
Пример #21
0
 /**
  * {@inheritdoc}
  */
 public function createHash($payload, Key $key)
 {
     $key = openssl_get_privatekey($key->getContent(), $key->getPassphrase());
     $this->validateKey($key);
     $signature = '';
     openssl_sign($payload, $signature, $key, $this->getAlgorithm());
     return $signature;
 }
Пример #22
0
 /**
  * AsymmetricStrategy constructor.
  *
  * @param string $public Valid public certificate, can be:
  *   - an X.509 certificate resource
  *   - a PEM formatted public key
  *   - a string having the format `file://path/to/file.pem`. The named file
  *   must contain a PEM encoded certificate/public key (it may contain both).
  * @param string $public Optional. A valid private certificate, can be:
  *   - a string having the format file://path/to/file.pem. The named file
  *   must contain a PEM encoded certificate.
  *   - a PEM encoded certificate
  * @param string $passphrase Optional pass phrase.
  * @throws \Cake\Core\Exception\Exception
  */
 public function __construct($public, $private = null, $passphrase = null)
 {
     if (!($this->__publicKey = openssl_get_publickey($public))) {
         throw new Exception('Invalid public certificate: ' . $public);
     }
     if ($private !== null && !($this->__privateKey = openssl_get_privatekey($private, $passphrase))) {
         throw new Exception('Invalid private certificate: ' . $private);
     }
 }
Пример #23
0
 public static function makeSign($params, $priKeyPath)
 {
     $priKey = file_get_contents($priKeyPath);
     $res = openssl_get_privatekey($priKey);
     $outSign = '';
     openssl_sign($params, $outSign, $res);
     openssl_free_key($res);
     return base64_encode($outSign);
 }
Пример #24
0
 public function getpublicAction()
 {
     ob_start();
     $prikey = openssl_get_privatekey('file://' . APP_DIR . '/data/keys/id_rsa');
     $pubkey = openssl_pkey_get_details($prikey);
     $pubkey = $pubkey["key"];
     echo $pubkey;
     return $this->response->setContent(ob_get_clean());
 }
Пример #25
0
 protected function getRequestSignature($data, $fields)
 {
     $hash = $this->generateHash($data, $fields);
     $keyId = openssl_get_privatekey('file://' . $this->privateKey, $this->passphrase);
     openssl_sign($hash, $signature, $keyId);
     openssl_free_key($keyId);
     $result = base64_encode($signature);
     return $result;
 }
Пример #26
0
 /**
  * @param string $passPhrase
  * @throws Zend\Crypt\Exception
  */
 protected function _parse($passPhrase)
 {
     $result = openssl_get_privatekey($this->_pemString, $passPhrase);
     if (!$result) {
         throw new \Zend\Crypt\Exception('Unable to load private key');
     }
     $this->_opensslKeyResource = $result;
     $this->_details = openssl_pkey_get_details($this->_opensslKeyResource);
 }
Пример #27
0
 /**
  * Sign data for light authentication keys (for the ATM and WMC interfaces)
  * @param string $data data to sign
  * @param string $key full path to the private key file
  * @param string $keyPassword (optional) password for the private key
  *
  * @return string
  * @throws Exception
  */
 protected static function signLight($data, $key, $keyPassword = '')
 {
     if (!is_file($key)) {
         throw new Exception('Cannot access private key');
     }
     $privateKey = openssl_get_privatekey(file_get_contents($key), $keyPassword);
     openssl_sign($data, $signature, $privateKey, OPENSSL_ALGO_SHA1);
     return base64_encode($signature);
 }
Пример #28
0
 public static function privateDecrypt($privateKey, $data)
 {
     if (!strstr($privateKey, 'BEGIN PRIVATE KEY')) {
         $privateKey = self::lengthenPrivateKey($privateKey);
     }
     $key_resource = openssl_get_privatekey($privateKey);
     openssl_private_decrypt(base64_decode($data), $cleartext, $key_resource);
     return $cleartext;
 }
Пример #29
0
 public static function decrypt($encryptedContent, $privateKey, $passPhrase)
 {
     $res = openssl_get_privatekey($privateKey, $passPhrase);
     if ($res === false) {
         throw new InvalidPassPhraseException('The provided passphrase for private key is wrong');
     }
     openssl_private_decrypt(base64_decode($encryptedContent), $plainContent, $res);
     return $plainContent;
 }
Пример #30
0
function private_decrypt($encryptedext)
{
    $fp = fopen("./mykey.pem", "r");
    $priv_key = fread($fp, 8192);
    fclose($fp);
    $private_key = openssl_get_privatekey($priv_key);
    openssl_private_decrypt(base64_decode($encryptedext), $decrypted, $private_key);
    return $decrypted;
}