本文整理汇总了PHP中openssl_x509_free函数的典型用法代码示例。如果您正苦于以下问题:PHP openssl_x509_free函数的具体用法?PHP openssl_x509_free怎么用?PHP openssl_x509_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了openssl_x509_free函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: setUpBeforeClass
public static function setUpBeforeClass()
{
self::$pKey = openssl_pkey_new();
$csr = openssl_csr_new([], self::$pKey);
$x509 = openssl_csr_sign($csr, null, self::$pKey, 1);
openssl_x509_export($x509, self::$certificate);
openssl_x509_free($x509);
}示例2: loadKeyFromCertificate
/**
* @param string $certificate
*
* @throws \InvalidArgumentException
*
* @return array
*/
public static function loadKeyFromCertificate($certificate)
{
try {
$res = openssl_x509_read($certificate);
} catch (\Exception $e) {
$certificate = self::convertDerToPem($certificate);
$res = openssl_x509_read($certificate);
}
if (false === $res) {
throw new \InvalidArgumentException('Unable to load the certificate');
}
$values = self::loadKeyFromX509Resource($res);
openssl_x509_free($res);
return $values;
}示例3: getIssuer
public static function getIssuer($cert)
{
if ($cert == NULL) {
return 'http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self';
} else {
$resource = file_get_contents($cert);
$check_cert = openssl_x509_read($resource);
$array = openssl_x509_parse($check_cert);
openssl_x509_free($check_cert);
$schema = $array['name'];
$pattern = '/.*CN=/';
$replacement = '';
$CN = preg_replace($pattern, $replacement, $schema);
return $CN;
}
}示例4: calculate_RP_PPID_Seed_2_2007
function calculate_RP_PPID_Seed_2_2007($certs)
{
$check_cert = openssl_x509_read(file_get_contents($certs[0]));
$array = openssl_x509_parse($check_cert);
openssl_x509_free($check_cert);
$OrgIdString = '|O="' . $array['subject']['O'] . '"|L="' . $array['subject']['L'] . '"|S="' . $array['subject']['ST'] . '"|C="' . $array['subject']['C'] . '"|';
$numcerts = sizeof($certs);
for ($i = 1; $i < $numcerts; $i++) {
$check_cert = openssl_x509_read(file_get_contents($certs[$i]));
$array = openssl_x509_parse($check_cert);
openssl_x509_free($check_cert);
$tmpstring = '|ChainElement="CN=' . $array['subject']['CN'] . ', OU=' . $array['subject']['OU'] . ', O=' . $array['subject']['O'] . ', L=' . $array['subject']['L'] . ', S=' . $array['subject']['ST'] . ', C=' . $array['subject']['C'] . '"';
$OrgIdString = $tmpstring . $OrgIdString;
}
$OrgIdBytes = iconv("UTF-8", "UTF-16LE", $OrgIdString);
$RPPPIDSeed = hash('sha256', $OrgIdBytes, TRUE);
return $RPPPIDSeed;
}示例5: validateSslOptions
protected function validateSslOptions()
{
// Get the contents.
$sslCertFile = file_exists($this->certPath) ? trim(file_get_contents($this->certPath)) : '';
$sslKeyFile = file_exists($this->keyPath) ? trim(file_get_contents($this->keyPath)) : '';
$sslChainFiles = $this->assembleChainFiles($this->chainPaths);
// Do a bit of validation.
// @todo: Cert first.
$certResource = openssl_x509_read($sslCertFile);
if (!$certResource) {
throw new \Exception("The provided certificate is either not a valid X509 certificate or could not be read.");
}
// Then the key. Does it match?
$keyResource = openssl_pkey_get_private($sslKeyFile);
if (!$keyResource) {
throw new \Exception("The provided private key is either not a valid RSA private key or could not be read.");
}
$keyMatch = openssl_x509_check_private_key($certResource, $keyResource);
if (!$keyMatch) {
throw new \Exception("The provided certificate does not match the provided private key.");
}
// Each chain needs to be a valid cert.
foreach ($sslChainFiles as $chainFile) {
$chainResource = openssl_x509_read($chainFile);
if (!$chainResource) {
throw new \Exception("One of the provided certificates in the chain is not a valid X509 certificate.");
} else {
openssl_x509_free($chainResource);
}
}
// Yay we win.
$this->sslOptions = array('certificate' => $sslCertFile, 'key' => $sslKeyFile, 'chain' => $sslChainFiles);
return true;
}示例6: createFromX5C
/**
* @param array $x5c
* @param array $additional_values
*
* @return \Jose\Object\JWKInterface
*/
public static function createFromX5C(array $x5c, array $additional_values = [])
{
$certificate = null;
$last_issuer = null;
$last_subject = null;
foreach ($x5c as $cert) {
$current_cert = "-----BEGIN CERTIFICATE-----\n{$cert}\n-----END CERTIFICATE-----";
$x509 = openssl_x509_read($current_cert);
if (false === $x509) {
$last_issuer = null;
$last_subject = null;
break;
}
$parsed = openssl_x509_parse($x509);
openssl_x509_free($x509);
if (false === $parsed) {
$last_issuer = null;
$last_subject = null;
break;
}
if (null === $last_subject) {
$last_subject = $parsed['subject'];
$last_issuer = $parsed['issuer'];
$certificate = $current_cert;
} else {
if (json_encode($last_issuer) === json_encode($parsed['subject'])) {
$last_subject = $parsed['subject'];
$last_issuer = $parsed['issuer'];
} else {
$last_issuer = null;
$last_subject = null;
break;
}
}
}
if (null === $last_issuer || json_encode($last_issuer) !== json_encode($last_subject)) {
throw new \InvalidArgumentException('Invalid certificate chain.');
}
return self::createFromCertificate($certificate, $additional_values);
}示例7: mnet_generate_keypair
/**
* Generate public/private keys and store in the config table
*
* Use the distinguished name provided to create a CSR, and then sign that CSR
* with the same credentials. Store the keypair you create in the config table.
* If a distinguished name is not provided, create one using the fullname of
* 'the course with ID 1' as your organization name, and your hostname (as
* detailed in $CFG->wwwroot).
*
* @param array $dn The distinguished name of the server
* @return string The signature over that text
*/
function mnet_generate_keypair($dn = null, $days = 28)
{
global $CFG, $USER;
// check if lifetime has been overriden
if (!empty($CFG->mnetkeylifetime)) {
$days = $CFG->mnetkeylifetime;
}
$host = strtolower($CFG->wwwroot);
$host = ereg_replace("^http(s)?://", '', $host);
$break = strpos($host . '/', '/');
$host = substr($host, 0, $break);
if ($result = get_record_select('course', " id ='" . SITEID . "' ")) {
$organization = $result->fullname;
} else {
$organization = 'None';
}
$keypair = array();
$country = 'NZ';
$province = 'Wellington';
$locality = 'Wellington';
$email = $CFG->noreplyaddress;
if (!empty($USER->country)) {
$country = $USER->country;
}
if (!empty($USER->city)) {
$province = $USER->city;
$locality = $USER->city;
}
if (!empty($USER->email)) {
$email = $USER->email;
}
if (is_null($dn)) {
$dn = array("countryName" => $country, "stateOrProvinceName" => $province, "localityName" => $locality, "organizationName" => $organization, "organizationalUnitName" => 'Moodle', "commonName" => $CFG->wwwroot, "emailAddress" => $email);
}
$dnlimits = array('countryName' => 2, 'stateOrProvinceName' => 128, 'localityName' => 128, 'organizationName' => 64, 'organizationalUnitName' => 64, 'commonName' => 64, 'emailAddress' => 128);
foreach ($dnlimits as $key => $length) {
$dn[$key] = substr($dn[$key], 0, $length);
}
// ensure we remove trailing slashes
$dn["commonName"] = preg_replace(':/$:', '', $dn["commonName"]);
if (!empty($CFG->opensslcnf)) {
//allow specification of openssl.cnf especially for Windows installs
$new_key = openssl_pkey_new(array("config" => $CFG->opensslcnf));
$csr_rsc = openssl_csr_new($dn, $new_key, array("config" => $CFG->opensslcnf));
$selfSignedCert = openssl_csr_sign($csr_rsc, null, $new_key, $days, array("config" => $CFG->opensslcnf));
} else {
$new_key = openssl_pkey_new();
$csr_rsc = openssl_csr_new($dn, $new_key, array('private_key_bits', 2048));
$selfSignedCert = openssl_csr_sign($csr_rsc, null, $new_key, $days);
}
unset($csr_rsc);
// Free up the resource
// We export our self-signed certificate to a string.
openssl_x509_export($selfSignedCert, $keypair['certificate']);
openssl_x509_free($selfSignedCert);
// Export your public/private key pair as a PEM encoded string. You
// can protect it with an optional passphrase if you wish.
if (!empty($CFG->opensslcnf)) {
//allow specification of openssl.cnf especially for Windows installs
$export = openssl_pkey_export($new_key, $keypair['keypair_PEM'], null, array("config" => $CFG->opensslcnf));
} else {
$export = openssl_pkey_export($new_key, $keypair['keypair_PEM']);
}
openssl_pkey_free($new_key);
unset($new_key);
// Free up the resource
return $keypair;
}示例8: test_openssl_x509_free
function test_openssl_x509_free()
{
$fcert = file_get_contents(__DIR__ . "/test_x509.crt");
$cert = openssl_x509_read($fcert);
VERIFY($cert != null);
openssl_x509_free($cert);
}示例9: __destruct
/**
* Destructor
*
*/
public function __destruct()
{
if (is_resource($this->_res)) {
openssl_x509_free($this->_res);
}
}示例10: verify
/**
* Verifies the signature of the document and that the signing certificate
* stems from a trusted root CA.
*
* Returns the CN of the signing certificate if valid.
*
* @param str $xml XML doc to verify
* @param str $signature_value Base64 encoded signature to verify against.
* @returns str
*/
function verify($xml, $signature_value)
{
$doc = $this->parse_doc($xml);
$xp = $this->get_xpath($doc);
$valid = $this->validate_xml($xp);
$certs = $this->parse_certificates($xp);
$cert = openssl_x509_read($certs[0]);
$parsed_certificate = openssl_x509_parse($cert);
$pubkey = openssl_pkey_get_public($cert);
$valid = openssl_verify($xml, base64_decode($signature_value), $pubkey);
openssl_pkey_free($pubkey);
openssl_x509_free($cert);
$signed_by = null;
if (!$valid) {
throw new GApps_Discovery_Exception("Signature verification failed.");
}
$trusted = $this->validate_chain($certs);
if (!$trusted) {
throw new GApps_Discovery_Exception("Can not verify trust chain.");
}
$subject = $parsed_certificate["subject"];
$signed_by = strtolower($subject["CN"]);
return $signed_by;
}示例11: client_addSslCert
/**
* Add or update an SSL certificate
*
* @throws iMSCP_Exception
* @throws iMSCP_Exception_Database
* @param int $domainId domain unique identifier
* @param string $domainType Domain type (dmn|als|sub|alssub)
* @return void
*/
function client_addSslCert($domainId, $domainType)
{
$config = iMSCP_Registry::get('config');
$domainName = _client_getDomainName($domainId, $domainType);
$selfSigned = isset($_POST['selfsigned']);
if ($domainName === false) {
showBadRequestErrorPage();
}
if ($selfSigned && !client_generateSelfSignedCert($domainName)) {
set_page_message(tr('Could not generate SSL certificate. An unexpected error occurred.'), 'error');
return;
}
if (!isset($_POST['passphrase']) || !isset($_POST['private_key']) || !isset($_POST['certificate']) || !isset($_POST['ca_bundle']) || !isset($_POST['cert_id'])) {
showBadRequestErrorPage();
}
$passPhrase = clean_input($_POST['passphrase']);
$privateKey = clean_input($_POST['private_key']);
$certificate = clean_input($_POST['certificate']);
$caBundle = clean_input($_POST['ca_bundle']);
$certId = intval($_POST['cert_id']);
if (!$selfSigned) {
// Validate SSL certificate (private key, SSL certificate and certificate chain)
$privateKey = @openssl_pkey_get_private($privateKey, $passPhrase);
if (!is_resource($privateKey)) {
set_page_message(tr('Invalid private key or passphrase.'), 'error');
return;
}
$certificateStr = $certificate;
$certificate = @openssl_x509_read($certificate);
if (!is_resource($certificate)) {
set_page_message(tr('Invalid SSL certificate.'), 'error');
return;
}
if (!@openssl_x509_check_private_key($certificate, $privateKey)) {
set_page_message(tr("The private key doesn't belong to the provided SSL certificate."), 'error');
return;
}
if (!($tmpfname = @tempnam(sys_get_temp_dir(), intval($_SESSION['user_id']) . 'ssl-ca'))) {
write_log('Could not create temporary file for CA bundle..', E_USER_ERROR);
set_page_message(tr('Could not add/update SSL certificate. An unexpected error occurred.'), 'error');
return;
}
register_shutdown_function(function ($file) {
@unlink($file);
}, $tmpfname);
if ($caBundle !== '') {
if (!@file_put_contents($tmpfname, $caBundle)) {
write_log('Could not export customer CA bundle in temporary file.', E_USER_ERROR);
set_page_message(tr('Could not add/update SSL certificate. An unexpected error occurred.'), 'error');
return;
}
// Note: Here we also add the CA bundle in the trusted chain to support self-signed certificates
if (@openssl_x509_checkpurpose($certificate, X509_PURPOSE_SSL_SERVER, array($config['DISTRO_CA_BUNDLE'], $tmpfname), $tmpfname)) {
set_page_message(tr('At least one intermediate certificate is invalid or missing.'), 'error');
return;
}
} else {
@file_put_contents($tmpfname, $certificateStr);
// Note: Here we also add the certificate in the trusted chain to support self-signed certificates
if (!@openssl_x509_checkpurpose($certificate, X509_PURPOSE_SSL_SERVER, array($config['DISTRO_CA_BUNDLE'], $tmpfname))) {
set_page_message(tr('At least one intermediate certificate is invalid or missing.'), 'error');
return;
}
}
}
// Preparing data for insertion in database
if (!$selfSigned) {
if (!@openssl_pkey_export($privateKey, $privateKeyStr)) {
write_log('Could not export private key.', E_USER_ERROR);
set_page_message(tr('Could not add/update SSL certificate. An unexpected error occurred.'), 'error');
return;
}
@openssl_pkey_free($privateKey);
if (!@openssl_x509_export($certificate, $certificateStr)) {
write_log('Could not export SSL certificate.', E_USER_ERROR);
set_page_message(tr('Could not add/update SSL certificate. An unexpected error occurred.'), 'error');
return;
}
@openssl_x509_free($certificate);
$caBundleStr = str_replace("\r\n", "\n", $caBundle);
} else {
$privateKeyStr = $privateKey;
$certificateStr = $certificate;
$caBundleStr = $caBundle;
}
$db = iMSCP_Database::getInstance();
try {
$db->beginTransaction();
if ($certId == 0) {
// Add new certificate
exec_query('
//.........这里部分代码省略.........
示例12: headerFunction
headerFunction("../general/login.php?msg=logout");
}
$auth = returnGlobal('auth', 'GET');
$loginForm = returnGlobal('loginForm', 'POST');
$passwordForm = returnGlobal('passwordForm', 'POST');
$match = false;
$ssl = false;
if (!empty($SSL_CLIENT_CERT) && !$logout && $auth != "test") {
$auth = "on";
$ssl = true;
if (function_exists("openssl_x509_read")) {
$x509 = openssl_x509_read($SSL_CLIENT_CERT);
$cert_array = openssl_x509_parse($x509, true);
$subject_array = $cert_array["subject"];
$ssl_email = $subject_array["Email"];
openssl_x509_free($x509);
} else {
$ssl_email = `echo "{$SSL_CLIENT_CERT}" | {$pathToOpenssl} x509 -noout -email`;
}
} else {
//test blank fields in form
if ($auth == "test") {
if ($loginForm == "" && $passwordForm == "") {
$error = $strings["login_username"] . "<br/>" . $strings["login_password"];
} else {
if ($loginForm == "") {
$error = $strings["login_username"];
} else {
if ($passwordForm == "") {
$error = $strings["login_password"];
} else {示例13: getSignature
protected function getSignature($stringToSign)
{
// Generate a new Certificate Signing Request and public/private keypair
$csr = openssl_csr_new(array(), $keypair);
// Create the self-signed certificate
$x509 = openssl_csr_sign($csr, null, $keypair, 1);
openssl_x509_export($x509, $certificate);
// Create the signature
$privateKey = openssl_get_privatekey($keypair);
openssl_sign($stringToSign, $signature, $privateKey);
// Free the openssl resources used
openssl_pkey_free($keypair);
openssl_x509_free($x509);
return array(base64_encode($signature), $certificate);
}示例14: __destruct
public function __destruct()
{
openssl_x509_free($this->x509Cert);
}示例15: __destruct
public function __destruct()
{
if ($this->certResource) {
openssl_x509_free($this->certResource);
}
$this->certResource = null;
$this->publicKey = null;
$this->clearText = null;
}