function convert_cert_pkcs12($this_cert_name, $my_pkey_pass, $my_pkcs12_pass)
{
$config = $_SESSION['config'];
$this_filename = substr($this_cert_name, 0, strrpos($this_cert_name, '.'));
$name = base64_encode(substr($this_cert_name, 0, strrpos($this_cert_name, '.')));
$ext = substr($this_cert_name, strrpos($this_cert_name, '.'));
$my_base64_certfile = $name . $ext;
$my_key_filename = $config['key_path'] . $name . $ext;
print "<b>Loading key...</b><br/>";
$fp = fopen($my_key_filename, "r") or die('Fatal: Error opening Private Key');
$my_privkey_x509 = fread($fp, filesize($my_key_filename)) or die('Fatal: Error reading Private Key');
fclose($fp) or die('Fatal: Error closing Private Key');
print "Done<br/><br/>\n";
print "<b>Decoding Private key...</b><br/>";
$my_privkey = openssl_pkey_get_private($my_privkey_x509, $my_pkey_pass) or die('Fatal: Error decoding Private Key. Passphrase Incorrect');
print "Done<br/><br/>\n";
print "<b>Loading Certificate...</b><br/>";
$fp = fopen($config['cert_path'] . $my_base64_certfile, "r") or die('Fatal: Error opening Certificate');
$my_cert = fread($fp, filesize($config['cert_path'] . $my_base64_certfile)) or die('Fatal: Error reading Certificate');
fclose($fp) or die('Fatal: Error closing Certificate');
print "Done<br/><br/>\n";
$my_pkcs12_filename = $config['cert_path'] . $name . '.p12';
$my_key_filename = $config['key_path'] . $name . '.p12';
print "<b>Convert Certificate to PKCS#12...</b><br>";
openssl_pkcs12_export_to_file($my_cert, $my_pkcs12_filename, $my_privkey, $my_pkcs12_pass) or die('Fatal: Error converting Certificate to PKCS#12 ' . $my_pkcs12_filename);
print "Done\n<br>\n";
print "<b>Download PKCS#12 Certificate:</b>\n<br>\n<br>\n";
?>
<form action="index.php" method="post">
<input type="hidden" name="menuoption" value="download_cert">
<input type="hidden" name="cert_name" value="<?php
print $this_filename . '.p12';
?>
">
<input type="submit" value="Download PKCS#12 Certificate">
</form>
<BR><BR>
<?php
}
function test_openssl_pkcs12_export_to_file()
{
$privkey = openssl_pkey_new();
VERIFY($privkey != null);
$csr = openssl_csr_new(null, $privkey);
VERIFY($csr != null);
$scert = openssl_csr_sign($csr, null, $privkey, 365);
$tmp = tempnam('/tmp', 'vmopenssltest');
unlink($tmp);
VS(file_get_contents($tmp), false);
openssl_pkcs12_export_to_file($scert, $tmp, $privkey, "1234");
VERIFY(strlen(file_get_contents($tmp)) > 400);
unlink($tmp);
}
public function createUserCert($filename)
{
$dn = (array) $this;
$privateKeyPass = $this->generate_password();
//$filename = dirname(__FILE__) . '/certificate.pfx';
$numberOfDays = 365 * 3;
$privateKey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privateKey);
$sscert = openssl_csr_sign($csr, null, $privateKey, $numberOfDays);
//create a csr file, change null to a filename to save it if you need to
$key = openssl_pkey_get_private($privateKey, $privateKeyPass);
//parses the $privateKey and prepares it for use by openssl_pkcs12_export_to_file.
openssl_pkcs12_export_to_file($sscert, $filename, $key, $privateKeyPass);
//Save the pfx file to $filename
return $privateKeyPass;
}
/**
* Given this Remote Desktop instance, generate files with pkcs12 and
* x509 certificate to a given directory using a password for the desktop
* and the private key.
*
* Returns the path to the x509 file.
*
* @return string
*/
public function export($directory, $filePrefix, $keyPassword, $overwrite = false)
{
if (!is_writeable($directory)) {
throw new \RuntimeException("Key Export directory is not writable: " . $directory);
}
$pkcs12File = $directory . "/" . $filePrefix . ".pfx";
$x509File = $directory . "/" . $filePrefix . ".cer";
if (!$overwrite && file_exists($pkcs12File)) {
throw new \RuntimeException("PKCS12 File at " . $pkcs12File . " already exists and is not overwritten.");
}
if (!$overwrite && file_exists($x509File)) {
throw new \RuntimeException("X509 Certificate File at " . $x509File . " already exists and is not overwritten.");
}
$args = array('friendly_name' => 'AzureDistributionBundle for Symfony Tools');
openssl_pkcs12_export_to_file($this->certificate, $pkcs12File, $this->privKey, $keyPassword, $args);
openssl_x509_export_to_file($this->certificate, $x509File, true);
return $x509File;
}
<?php
// 建立 .cer/.pfx 证书文件
function _var($mixed, $is_dump = false)
{
if ($is_dump) {
var_dump($mixed);
}
}
$dn = array("countryName" => "CN", "stateOrProvinceName" => "Beijing", "localityName" => "Beijing", "organizationName" => "Eyou", "organizationalUnitName" => "Develop team", "commonName" => "Li Bo", "emailAddress" => "*****@*****.**");
$config = array('config' => '/etc/pki/tls/openssl.cnf', 'encrypt_key' => 1, 'private_key_type' => OPENSSL_KEYTYPE_RSA, "digest_alg" => "sha1", 'x509_extensions' => 'v3_ca', 'private_key_bits' => 1024, "encrypt_key_cipher" => OPENSSL_CIPHER_AES_256_CBC);
$privkey = openssl_pkey_new($config);
var_dump($privkey);
$csr = openssl_csr_new($dn, $privkey);
var_dump($csr);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
var_dump($sscert);
exit;
$path = __DIR__ . '/keys';
$path_pub = "{$path}/cert-x509.crt";
$path_priv = "{$path}/cert-pkcs12.pfx";
openssl_csr_export($csr, $csrout) and _var($csrout);
openssl_x509_export_to_file($sscert, $path_pub);
// export to pfx style
// PKCS #12(公钥加密标准 #12)是业界格式,适用于证书及相关私钥的传输、备份和还原。
$pub_key = file_get_contents($path_pub);
openssl_pkcs12_export_to_file($pub_key, $path_priv, $privkey, 'mypassword', $config);
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
echo "ok, create certificate/private-key";
public function createpkcs12($c, $k, $p, $a = array('friendly_name' => '', 'extracerts' => ''), $f = false, $d = false)
{
$key = openssl_pkey_get_private($k, $p);
$f === false ? openssl_pkcs12_export($c, $r, $key, $p, $a) : openssl_pkcs12_export_to_file($c, $r, $key, $p, $a);
return $r;
}
/**
* If we're using SecureTransport, we have to translate the certificate to
* PKCS12 before passing it to cURL.
*
* @throws Exception
*
* @param string $temp_file Filepath to temporary certificate file
*
* @return void
*/
protected function _maybe_create_secure_certificate_file($temp_file, $password)
{
$private_key = openssl_pkey_get_private($this->_certificate);
if (false === $private_key) {
throw new Exception(__('Failed to retrieve private key during cURL configuration', 'woocommerce-gateway-paypal-express-checkout'), WC_Gateway_PPEC_Client::INVALID_ENVIRONMENT_ERROR);
}
if (!openssl_pkcs12_export_to_file($this->_certificate, $temp_file, $private_key, $password)) {
throw new Exception(__('Failed to export PKCS12 file during cURL configuration', 'woocommerce-gateway-paypal-express-checkout'), WC_Gateway_PPEC_Client::INVALID_ENVIRONMENT_ERROR);
}
}
if (false !== $autoloader) {
include_once $autoloader;
} else {
$autoloader = stream_resolve_include_path('PEAR2/Autoload.php');
if (false !== $autoloader) {
include_once $autoloader;
Autoload::initialize(realpath('../src'));
Autoload::initialize(realpath('../../Cache_SHM.git/src'));
} else {
fwrite(STDERR, 'No recognized autoloader is available.');
exit(1);
}
}
unset($autoloader);
if (extension_loaded('openssl')) {
if (!is_file(__DIR__ . DIRECTORY_SEPARATOR . CERTIFICATE_FILE)) {
//Prepare a self signed certificate
$configargs = array();
if (strpos(PHP_OS, 'WIN') === 0) {
$phpbin = defined('PHP_BINARY') ? PHP_BINARY : getenv('PHP_PEAR_PHP_BIN');
$configargs['config'] = dirname($phpbin) . '/extras/ssl/openssl.cnf';
}
$privkey = openssl_pkey_new($configargs);
$cert = openssl_csr_sign(openssl_csr_new(array('countryName' => 'US', 'stateOrProvinceName' => 'IRRELEVANT', 'localityName' => 'IRRELEVANT', 'organizationName' => 'PEAR2', 'organizationalUnitName' => 'PEAR2', 'commonName' => 'IRRELEVANT', 'emailAddress' => '*****@*****.**'), $privkey, $configargs), null, $privkey, 2, $configargs);
$pem = array();
openssl_x509_export($cert, $pem[0]);
openssl_pkey_export($privkey, $pem[1], null, $configargs);
openssl_pkcs12_export_to_file($cert, __DIR__ . DIRECTORY_SEPARATOR . CERTIFICATE_FILE . '.pfx', $privkey, null);
file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . CERTIFICATE_FILE . '.cer', implode('', $pem));
}
}
/**
* @param string $fileName
* @param string $password
*
* @throws RuntimeException
*/
public function exportToFile(string $fileName, string $password = NULL)
{
$options = [];
if ($this->hasChain()) {
$options['extracerts'] = $this->getChain();
}
$status = openssl_pkcs12_export_to_file($this->getCertificate(), $fileName, $this->getPrivateKey(), $password, $options);
if (!$status) {
throw new RuntimeException(OpenSSL::getLastError());
}
}
function create_cert()
{
global $file_pkcs12, $file_x509, $file_ca_x509, $file_ca_pkey;
global $pass, $config, $dn, $expire_time;
$ca_x509 = file_get_contents($file_ca_x509);
$ca_pkey = file_get_contents($file_ca_pkey);
$req_key = openssl_pkey_new($config);
$req_csr = openssl_csr_new($dn, $req_key);
// CA sign
$req_cert = openssl_csr_sign($req_csr, $ca_x509, [$ca_pkey, $pass], $expire_time);
// SELF sign
// 自签证书不能验证有效期
//$req_cert = openssl_csr_sign($req_csr, null, $req_key, $expire_time);
$ret = openssl_x509_export_to_file($req_cert, $file_x509);
if (!$ret) {
while ($msg = openssl_error_string()) {
echo $msg . "<br />\n";
}
echo "-Err, create x509 fail!(" . __LINE__ . ")\n";
exit(1);
}
$ret = openssl_pkcs12_export_to_file($req_cert, $file_pkcs12, $req_key, $pass);
if (!$ret) {
while ($msg = openssl_error_string()) {
echo $msg . "<br />\n";
}
echo "-Err, create pkcs12 fail!(" . __LINE__ . ")\n";
exit(1);
}
echo "+Ok, create keys succ!\n";
}
