function doGetCertStep4($data)
{
//解密
$decryptData = RSADecrypt($data, $GLOBALS['CAPrivKeyStr']);
//分割
$usercert = SQLAdopt::getOne(new certModel($decryptData, '', '', ''));
if (!empty($usercert)) {
$keyII = md5(uniqid(mt_rand(), true));
$ivII = md5(uniqid(mt_rand(), true));
$_SESSION['AESKEY'] = $keyII;
$_SESSION['AESIV'] = $ivII;
save_AESKeyIV($decryptData, $keyII, $ivII, 'in');
save_AESKeyIV($decryptData, $keyII, $ivII, 'out');
echo RSAEncrypt($keyII . ',' . $ivII, $usercert->x509);
} else {
echo 'noEncrypt';
}
}
function getCertFromCA($CAinterface = null, $CAPem = null)
{
if (empty(getConfig_TempAESiv())) {
setConfig_TempAESiv(create_RandomString());
}
if (empty(getConfig_TempAESKey())) {
setConfig_TempAESKey(create_RandomString());
}
if (empty($CAinterface)) {
$CAinterface = getConfig_CAIntertfaceURL();
}
if (empty($CAinterface)) {
return 'CAinterface is empty';
}
if (empty($CAPem)) {
$CAPem = getConfig_PublicX509FromCA();
}
if (empty($CAPem)) {
return 'PublicX509FromCA is empty';
}
$getstr = DataTransport::go($CAinterface, 'action=doGetCertStep2&data=' . RSAEncrypt(getConfig_TempAESKey() . ',' . getConfig_TempAESiv() . "," . getConfig_SelfIntertfaceURL(), $CAPem));
//getstr原型$returnStr=$userGUID.",".$newCert['privateKey'].",".$newCert['publicX509'];
$decryptGetStr = AESDecrypt($getstr, getConfig_TempAESKey(), getConfig_TempAESiv());
$arr = splitByComma($decryptGetStr);
if (count($arr) == 4) {
setConfig_SelfGUID($arr[0]);
setConfig_SelfPrivateKey($arr[1]);
setConfig_SelfPublicX509($arr[2]);
setConfig_CAGUID($arr[3]);
save_AESKeyIV(getConfig_CAGUID(), getConfig_TempAESKey(), getConfig_TempAESiv(), 'in');
save_AESKeyIV(getConfig_CAGUID(), getConfig_TempAESKey(), getConfig_TempAESiv(), 'out');
return true;
} else {
return 'error';
}
}