Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
SoftwareDesign
/
csu3_am335x
8
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Салаа: master
Салаанууд Тагууд
csu3_am335x
/
EVSE
/
GPL
/
php-8.1.12
/
ext
/
openssl
/
tests
/
CertificateGenerator.inc

CertificateGenerator.inc 4.0 KB
Байнгын холболт Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 
  1. <?php
    2. 

  2. 

  3. class CertificateGenerator
    4. 

  4. {
    5. 

  5.     const CONFIG = __DIR__. DIRECTORY_SEPARATOR . 'openssl.cnf';
    6. 

  6. 

  7.     /** @var OpenSSLCertificate */
    8. 

  8.     private $ca;
    9. 

  9. 

  10.     /** @var resource */
    11. 

  11.     private $caKey;
    12. 

  12. 

  13.     /** @var resource|null */
    14. 

  14.     private $lastCert;
    15. 

  15. 

  16.     /** @var resource|null */
    17. 

  17.     private $lastKey;
    18. 

  18. 

  19.     public function __construct()
    20. 

  20.     {
    21. 

  21.         if (!extension_loaded('openssl')) {
    22. 

  22.             throw new RuntimeException(
    23. 

  23.                 'openssl extension must be loaded to generate certificates'
    24. 

  24.             );
    25. 

  25.         }
    26. 

  26.         $this->generateCa();
    27. 

  27.     }
    28. 

  28. 

  29.     /**
    30. 

  30.      * @param int|null $keyLength
    31. 

  31.      * @return resource
    32. 

  32.      */
    33. 

  33.     private static function generateKey($keyLength = null)
    34. 

  34.     {
    35. 

  35.         if (null === $keyLength) {
    36. 

  36.             $keyLength = 2048;
    37. 

  37.         }
    38. 

  38. 

  39.         return openssl_pkey_new([
    40. 

  40.             'private_key_bits' => $keyLength,
    41. 

  41.             'private_key_type' => OPENSSL_KEYTYPE_RSA,
    42. 

  42.             'encrypt_key' => false,
    43. 

  43.         ]);
    44. 

  44.     }
    45. 

  45. 

  46.     private function generateCa()
    47. 

  47.     {
    48. 

  48.         $this->caKey = self::generateKey();
    49. 

  49.         $dn = [
    50. 

  50.             'countryName' => 'GB',
    51. 

  51.             'stateOrProvinceName' => 'Berkshire',
    52. 

  52.             'localityName' => 'Newbury',
    53. 

  53.             'organizationName' => 'Example Certificate Authority',
    54. 

  54.             'commonName' => 'CA for PHP Tests'
    55. 

  55.         ];
    56. 

  56. 

  57.         $this->ca = openssl_csr_sign(
    58. 

  58.             openssl_csr_new(
    59. 

  59.                 $dn,
    60. 

  60.                 $this->caKey,
    61. 

  61.                 [
    62. 

  62.                     'x509_extensions' => 'v3_ca',
    63. 

  63.                     'config' => self::CONFIG,
    64. 

  64.                 ]
    65. 

  65.             ),
    66. 

  66.             null,
    67. 

  67.             $this->caKey,
    68. 

  68.             2,
    69. 

  69.             [
    70. 

  70.                 'config' => self::CONFIG,
    71. 

  71.             ]
    72. 

  72.         );
    73. 

  73.     }
    74. 

  74. 

  75.     public function getCaCert()
    76. 

  76.     {
    77. 

  77.         $output = '';
    78. 

  78.         openssl_x509_export($this->ca, $output);
    79. 

  79. 

  80.         return $output;
    81. 

  81.     }
    82. 

  82. 

  83.     public function saveCaCert($file)
    84. 

  84.     {
    85. 

  85.         openssl_x509_export_to_file($this->ca, $file);
    86. 

  86.     }
    87. 

  87. 

  88.     public function saveNewCertAsFileWithKey(
    89. 

  89.         $commonNameForCert, $file, $keyLength = null, $subjectAltName = null
    90. 

  90.     ) {
    91. 

  91.         $dn = [
    92. 

  92.             'countryName' => 'BY',
    93. 

  93.             'stateOrProvinceName' => 'Minsk',
    94. 

  94.             'localityName' => 'Minsk',
    95. 

  95.             'organizationName' => 'Example Org',
    96. 

  96.         ];
    97. 

  97.         if ($commonNameForCert !== null) {
    98. 

  98.             $dn['commonName'] = $commonNameForCert;
    99. 

  99.         }
    100. 

  100. 

  101.         $subjectAltNameConfig =
    102. 

  102.             $subjectAltName ? "subjectAltName = $subjectAltName" : "";
    103. 

  103.         $configCode = <<<CONFIG
    104. 

  104. [ req ]
    105. 

  105. distinguished_name = req_distinguished_name
    106. 

  106. default_md = sha256
    107. 

  107. default_bits = 1024
    108. 

  108. 

  109. [ req_distinguished_name ]
    110. 

  110. 

  111. [ v3_req ]
    112. 

  112. basicConstraints = CA:FALSE
    113. 

  113. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    114. 

  114. $subjectAltNameConfig
    115. 

  115. 

  116. [ usr_cert ]
    117. 

  117. basicConstraints = CA:FALSE
    118. 

  118. $subjectAltNameConfig
    119. 

  119. CONFIG;
    120. 

  120.         $configFile = $file . '.cnf';
    121. 

  121.         file_put_contents($configFile, $configCode);
    122. 

  122. 

  123.         try {
    124. 

  124.             $config = [
    125. 

  125.                 'config' => $configFile,
    126. 

  126.                 'req_extensions' => 'v3_req',
    127. 

  127.                 'x509_extensions' => 'usr_cert',
    128. 

  128.             ];
    129. 

  129. 

  130.             $this->lastKey = self::generateKey($keyLength);
    131. 

  131.             $csr = openssl_csr_new($dn, $this->lastKey, $config);
    132. 

  132.             $this->lastCert = openssl_csr_sign(
    133. 

  133.                 $csr,
    134. 

  134.                 $this->ca,
    135. 

  135.                 $this->caKey,
    136. 

  136.                 /* days */ 2,
    137. 

  137.                 $config,
    138. 

  138.             );
    139. 

  139.             if (!$this->lastCert) {
    140. 

  140.                 throw new Exception('Failed to create certificate');
    141. 

  141.             }
    142. 

  142. 

  143.             $certText = '';
    144. 

  144.             openssl_x509_export($this->lastCert, $certText);
    145. 

  145. 

  146.             $keyText = '';
    147. 

  147.             openssl_pkey_export($this->lastKey, $keyText, null, $config);
    148. 

  148. 

  149.             file_put_contents($file, $certText . PHP_EOL . $keyText);
    150. 

  150.         } finally {
    151. 

  151.             unlink($configFile);
    152. 

  152.         }
    153. 

  153.     }
    154. 

  154. 

  155.     public function getCertDigest($algo)
    156. 

  156.     {
    157. 

  157.         return openssl_x509_fingerprint($this->lastCert, $algo);
    158. 

  158.     }
    159. 

  159. }
    160.