PHP openssl_csr_new函数代码示例

 public function run()
 {
     if (strrev($this->input['folder']) !== DIRECTORY_SEPARATOR) {
         $this->input['folder'] .= DIRECTORY_SEPARATOR;
     }
     $files = [];
     foreach (['pub', 'key', 'crt', 'csr'] as $extension) {
         $files[$extension] = sprintf('%s%s%s.%s', $this->input['folder'], $this->input['prefix'], $this->input['hostname'], $extension);
     }
     foreach ($files as $file) {
         if (file_exists($file)) {
             throw new RuntimeException(sprintf('File exist: %s', $file));
         }
     }
     $dn = array("countryName" => $this->input['country'], "stateOrProvinceName" => $this->input['state-or-province-name'], "localityName" => $this->input['locality-name'], "organizationName" => $this->input['organization-name'], "organizationalUnitName" => $this->input['organizational-unit-name'], "commonName" => $this->input['common-name'], "emailAddress" => $this->input['email-address']);
     // Create the private and public key
     $res = openssl_pkey_new(['digest_alg' => $this->input['alg'], 'private_key_bits' => $this->input['bits'], 'private_key_type' => OPENSSL_KEYTYPE_RSA]);
     // Generate a certificate signing request
     $csr = openssl_csr_new(array_filter($dn), $res);
     // Creates a self-signed cert
     $sscert = openssl_csr_sign($csr, null, $res, $this->input['days']);
     openssl_csr_export($csr, $out);
     file_put_contents($files['csr'], $out);
     // Export certfile
     openssl_x509_export($sscert, $out);
     file_put_contents($files['crt'], $out);
     // Extract the private key from $res to $privKey
     openssl_pkey_export($res, $out);
     file_put_contents($files['key'], $out);
     // Extract the public key from $res to $pubKey
     $out = openssl_pkey_get_details($res);
     file_put_contents($files['pub'], $out["key"]);
 }

 /**
  * @param SigningDetails $dn
  * @param null $privateKey
  * @param null $privkeypass
  * @param int $numberofdays
  * @return array
  * @throws \Exception
  */
 function generate(SigningDetails $dn, $privateKey = null, $privkeypass = null, $numberofdays = 365)
 {
     if ($privateKey === null) {
         $privkey = $this->generatePrivateKey();
     } elseif (is_string($privateKey)) {
         $privkey = openssl_pkey_get_private($privateKey);
     } else {
         throw new \Exception('Invalid format for private key');
     }
     if (!$privkey) {
         throw new \Exception('Invalid private key');
     }
     $csr = @openssl_csr_new($dn->toArray(), $privkey);
     if (!$csr) {
         throw new \Exception('Failed create signing request. Input likely invalid.');
     }
     $sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays);
     if (!$sscert) {
         throw new \Exception('Failed create signing request. Input likely invalid.');
     }
     openssl_x509_export($sscert, $publickey);
     $privatekey = null;
     if (!openssl_pkey_export($privkey, $privatekey, $privkeypass)) {
         throw new \Exception('Private key generatio failed');
     }
     /*$csrStr = null;
     		if(!openssl_csr_export($csr, $csrStr)){
     			throw new \Exception('CSR generation failed');
     		}*/
     return [$publickey, $privatekey];
 }

function generateSslKeypair($commonName, $keyLength)
{
    $key = openssl_pkey_new(array("private_key_bits" => $keyLength));
    $default = getDefaultConfPath();
    if (file_exists($default . "/cert-overrides.ini")) {
        $confFile = $default . "/cert-overrides.ini";
    } else {
        $confFile = $_SERVER["DOCUMENT_ROOT"] . "/conf/cert.ini";
    }
    $certConf = parse_ini_file($confFile, true);
    $dn = $certConf["dn"];
    $dn["commonName"] = $commonName;
    $cert = openssl_csr_new($dn, $key);
    // Creating a new X509 Certificate Signing Request
    if ($e = error_get_last()) {
        // Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
        throw new Exception("Error occured:" . $e["message"]);
    }
    $signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => $confFile, "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
    // Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
    if (!$signed) {
        throw new Exception("Error occured while signing certificate");
    }
    openssl_pkey_export($key, $privateKey);
    // Export private-key to $privateKey
    openssl_x509_export($signed, $clientCert);
    // Export signed-certificate to $clientCert without Extra Details
    return array($clientCert, $privateKey);
}

function createNewcertificate()
{
    global $gbl, $login, $ghtml;
    $cerpath = "server.crt";
    $keypath = "server.key";
    $requestpath = "a.csr";
    $ltemp["countryName"] = "IN";
    $ltemp["stateOrProvinceName"] = "Bn";
    $ltemp["localityName"] = "Bn";
    $ltemp["organizationName"] = "LxCenter";
    $ltemp["organizationalUnitName"] = "Kloxo";
    $ltemp["commonName"] = "Kloxo";
    $ltemp["emailAddress"] = "contact@lxcenter.org";
    $privkey = openssl_pkey_new();
    openssl_pkey_export_to_file($privkey, $keypath);
    $csr = openssl_csr_new($ltemp, $privkey);
    openssl_csr_export_to_file($csr, $requestpath);
    $sscert = openssl_csr_sign($csr, null, $privkey, 365);
    openssl_x509_export_to_file($sscert, $cerpath);
    $src = getcwd();
    $dest = '/usr/local/lxlabs/kloxo/ext/lxhttpd/conf';
    root_execsys("lxfilesys_mkdir", $dest . "/ssl.crt/");
    root_execsys("lxfilesys_mkdir", $dest . "/ssl.key/");
    root_execsys("lxfilesys_mv", "{$src}/{$cerpath}", $dest . "/ssl.crt/" . $cerpath);
    root_execsys("lxfilesys_mv", "{$src}/{$keypath}", $dest . "/ssl.key/" . $cerpath);
    root_execsys("lxfilesys_mv", "{$src}/{$requestpath}", "{$dest}/{$requestpath}");
}

function generateSslKeypair($commonName, $mail, $keyLength)
{
    $key = openssl_pkey_new(array("private_key_bits" => $keyLength));
    $certConf = parse_ini_file("cert.conf", true);
    $dn = $certConf["dn"];
    $dn["commonName"] = $commonName;
    $dn["emailAddress"] = $mail;
    $cert = openssl_csr_new($dn, $key);
    // Creating a new X509 Certificate Signing Request
    if ($e = error_get_last()) {
        // Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
        throw new Exception("Error occured:" . $e["message"]);
    }
    $signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => "../core/cert.conf", "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
    // Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
    if (!$signed) {
        throw new Exception("Error occured while signing certificate");
    }
    openssl_pkey_export($key, $privateKey);
    // Export private-key to $privateKey
    openssl_x509_export($signed, $clientCert, FALSE);
    // Export signed-certificate to $clientCert
    openssl_x509_export($signed, $publicKey);
    // Export public-key from the signed-certificate to $publicKey
    return array($clientCert, $publicKey, $privateKey);
}

 private function getCSRFromFile($file)
 {
     $rsa = $this->getFile($file);
     $csr = openssl_csr_new(array(), $rsa);
     openssl_csr_export($csr, $csr_out);
     return $csr_out;
 }

 /**
  * Creates a new key pair for the encryption or gets the existing key pair (if one already has been generated).
  *
  * There should only be one key pair per request because the second private key would overwrites the first private
  * key. So the submitting the form with the first public key would not work anymore.
  *
  * @return \TYPO3\CMS\Rsaauth\Keypair|NULL a key pair or NULL in case of error
  */
 public function createNewKeyPair()
 {
     /** @var $keyPair \TYPO3\CMS\Rsaauth\Keypair */
     $keyPair = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Keypair');
     if ($keyPair->isReady()) {
         return $keyPair;
     }
     $privateKey = @openssl_pkey_new();
     if ($privateKey !== FALSE) {
         // Create private key as string
         $privateKeyStr = '';
         openssl_pkey_export($privateKey, $privateKeyStr);
         // Prepare public key information
         $exportedData = '';
         $csr = openssl_csr_new(array('localityName' => 'foo', 'organizationName' => 'bar'), $privateKey);
         openssl_csr_export($csr, $exportedData, FALSE);
         // Get public key (in fact modulus) and exponent
         $publicKey = $this->extractPublicKeyModulus($exportedData);
         $exponent = $this->extractExponent($exportedData);
         $keyPair->setExponent($exponent);
         $keyPair->setPrivateKey($privateKeyStr);
         $keyPair->setPublicKey($publicKey);
         // Clean up all resources
         openssl_free_key($privateKey);
     } else {
         $keyPair = NULL;
     }
     return $keyPair;
 }

    /**
     * Generate a CSR object with SANs from the given distinguishedName and keyPair.
     *
     * @param CertificateRequest $certificateRequest
     *
     * @return mixed
     */
    protected function createCsrWithSANsObject(CertificateRequest $certificateRequest)
    {
        $sslConfigTemplate = <<<'EOL'
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @req_subject_alt_name
[ req_subject_alt_name ]
%s
EOL;
        $sslConfigDomains = [];
        $distinguishedName = $certificateRequest->getDistinguishedName();
        $domains = array_merge([$distinguishedName->getCommonName()], $distinguishedName->getSubjectAlternativeNames());
        foreach (array_values($domains) as $index => $domain) {
            $sslConfigDomains[] = 'DNS.' . ($index + 1) . ' = ' . $domain;
        }
        $sslConfigContent = sprintf($sslConfigTemplate, implode("\n", $sslConfigDomains));
        $sslConfigFile = tempnam(sys_get_temp_dir(), 'acmephp_');
        try {
            file_put_contents($sslConfigFile, $sslConfigContent);
            $resource = $certificateRequest->getKeyPair()->getPrivateKey()->getResource();
            $csr = openssl_csr_new($this->getCSRPayload($distinguishedName), $resource, ['digest_alg' => 'sha256', 'config' => $sslConfigFile]);
            if (!$csr) {
                throw new CSRSigningException(sprintf('OpenSSL CSR signing failed with error: %s', openssl_error_string()));
            }
            return $csr;
        } finally {
            unlink($sslConfigFile);
        }
    }

 /**
  * Creates a new public/private key pair using PHP OpenSSL extension.
  *
  * @return tx_rsaauth_keypair	A new key pair or null in case of error
  * @see tx_rsaauth_abstract_backend::createNewKeyPair()
  */
 public function createNewKeyPair()
 {
     $result = null;
     $privateKey = @openssl_pkey_new();
     if ($privateKey) {
         // Create private key as string
         $privateKeyStr = '';
         openssl_pkey_export($privateKey, $privateKeyStr);
         // Prepare public key information
         $exportedData = '';
         $csr = openssl_csr_new(array(), $privateKey);
         openssl_csr_export($csr, $exportedData, false);
         // Get public key (in fact modulus) and exponent
         $publicKey = $this->extractPublicKeyModulus($exportedData);
         $exponent = $this->extractExponent($exportedData);
         // Create result object
         $result = t3lib_div::makeInstance('tx_rsaauth_keypair');
         /* @var $result tx_rsaauth_keypair */
         $result->setExponent($exponent);
         $result->setPrivateKey($privateKeyStr);
         $result->setPublicKey($publicKey);
         // Clean up all resources
         openssl_free_key($privateKey);
     }
     return $result;
 }

    /**
     * {@inheritdoc}
     */
    public function generate(KeyPair $keyPair, array $domains)
    {
        if (!($privateKey = openssl_pkey_get_private($keyPair->getPrivate()))) {
            // TODO: Improve error message
            throw new AcmeException("Couldn't use private key.");
        }
        $san = implode(",", array_map(function ($dns) {
            return "DNS:{$dns}";
        }, $domains));
        // http://www.heise.de/netze/rfc/rfcs/rfc7633.shtml
        // http://www.heise.de/netze/rfc/rfcs/rfc6066.shtml
        $mustStaple = $this->mustStaple ? "tlsfeature = status_request" : "";
        $tempFile = tempnam(sys_get_temp_dir(), "acme-openssl-config-");
        $tempConf = <<<EOL
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
{$mustStaple}

[ req_distinguished_name ]

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation
subjectAltName = {$san}
EOL;
        (yield \Amp\File\put($tempFile, $tempConf));
        $csr = openssl_csr_new(["CN" => reset($domains)], $privateKey, ["digest_alg" => "sha256", "config" => $tempFile]);
        (yield \Amp\File\unlink($tempFile));
        if (!$csr) {
            // TODO: Improve error message
            throw new AcmeException("CSR could not be generated.");
        }
        (yield new CoroutineResult(openssl_csr_export($csr, $csr)));
    }

 static public function get_keys($login,$full_name) {
   $CA_CERT = base_url()."data/key/CA_DOC.csr";
   $CA_KEY  = base_url()."data/key/CA_DOC_priv.key";
   $config = array(
     "private_key_type"=>OPENSSL_KEYTYPE_RSA,
     "private_key_bits"=>512
   );
   $res = openssl_pkey_new($config);
   $privKey = '';
   openssl_pkey_export($res,$privKey);
   $arr = array(
     "organizationName" => "Фізична особа",
     "organizationalUnitName" => "Фізична особа",
     "commonName" => $full_name,
     "UID" => $login,
     "countryName" => "UA"
   );
   $csr = openssl_csr_new($arr,$privKey);
   $cert = openssl_csr_sign($csr,file_get_contents($CA_CERT),file_get_contents($CA_KEY),730);
   openssl_x509_export($cert,$str_cert);
   $public_key = openssl_pkey_get_public($str_cert);
   $public_key_details = openssl_pkey_get_details($public_key);
   $public_key_string = $public_key_details['key'];
   return array('private'=>$privKey,'cert'=>$str_cert,'public'=>$public_key_string);
 }

 public function makeKeys($distinguishedName, $passphrase = NULL, $certCA = NULL, $keyCA)
 {
     // keep track of the distinguished name
     $this->dn = $distinguishedName;
     // generate the pem-encoded private key
     $config = array('digest_alg' => 'sha1', 'private_key_bits' => 1024, 'encrypt_key' => TRUE);
     $key = openssl_pkey_new($config);
     // generate the certificate signing request...
     $csr = openssl_csr_new($this->dn, $key, $config);
     // and use it to make a self-signed certificate
     $this->serialNumber = rand();
     $cert = openssl_csr_sign($csr, NULL, $key, 365, $config, time());
     // make openssl forget the key
     openssl_free_key($keyCA);
     // export private and public keys
     openssl_pkey_export($key, $this->privatekey, $passphrase, $config);
     //openssl_pkey_export_to_file ( $this->privatekey , "server.key", $passphrase, $config )
     openssl_x509_export($cert, $this->certificate);
     // parse certificate
     $this->x509 = openssl_x509_parse($cert);
     if (isset($this->serialNumber)) {
         $outfilename = '/var/www/html/' . $this->serialNumber;
         // Gets an exportable representation of a key into a file
         openssl_pkey_export_to_file($key, $outfilename . '.pem', $passphrase, $config);
     }
     openssl_x509_export_to_file($this->certificate, $outfilename . '.crt', TRUE);
     return TRUE;
     // end of makeKeys() method
 }

 /**
  * Creates a new public/private key pair using PHP OpenSSL extension.
  *
  * @return \TYPO3\CMS\Rsaauth\Keypair A new key pair or NULL in case of error
  * @see tx_rsaauth_abstract_backend::createNewKeyPair()
  */
 public function createNewKeyPair()
 {
     $result = NULL;
     $privateKey = @openssl_pkey_new();
     if ($privateKey) {
         // Create private key as string
         $privateKeyStr = '';
         openssl_pkey_export($privateKey, $privateKeyStr);
         // Prepare public key information
         $exportedData = '';
         $csr = openssl_csr_new(array(), $privateKey);
         openssl_csr_export($csr, $exportedData, FALSE);
         // Get public key (in fact modulus) and exponent
         $publicKey = $this->extractPublicKeyModulus($exportedData);
         $exponent = $this->extractExponent($exportedData);
         // Create result object
         $result = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Keypair');
         /** @var $result \TYPO3\CMS\Rsaauth\Keypair */
         $result->setExponent($exponent);
         $result->setPrivateKey($privateKeyStr);
         $result->setPublicKey($publicKey);
         // Clean up all resources
         openssl_free_key($privateKey);
     }
     return $result;
 }

 public static function setUpBeforeClass()
 {
     self::$pKey = openssl_pkey_new();
     $csr = openssl_csr_new([], self::$pKey);
     $x509 = openssl_csr_sign($csr, null, self::$pKey, 1);
     openssl_x509_export($x509, self::$certificate);
     openssl_x509_free($x509);
 }

 /**
  *
  */
 private function generate()
 {
     if ($this->request === null) {
         $commonName = iconv("UTF-8", "ASCII//TRANSLIT", $this->commonName);
         $privateKeyResource = $this->privateKey->asResource();
         $csr = openssl_csr_new(['CN' => substr($commonName, 0, 64), 'emailAddress' => $this->emailAddress], $privateKeyResource);
         $this->request = $csr;
     }
 }