1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
<?php
class CertificateGenerator
{
const CONFIG = __DIR__. DIRECTORY_SEPARATOR . 'openssl.cnf';
/** @var resource */
private $ca;
/** @var resource */
private $caKey;
/** @var resource|null */
private $lastCert;
/** @var resource|null */
private $lastKey;
public function __construct()
{
if (!extension_loaded('openssl')) {
throw new RuntimeException(
'openssl extension must be loaded to generate certificates'
);
}
$this->generateCa();
}
/**
* @param int|null $keyLength
* @return resource
*/
private static function generateKey($keyLength = null)
{
if (null === $keyLength) {
$keyLength = 2048;
}
return openssl_pkey_new([
'private_key_bits' => $keyLength,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'encrypt_key' => false,
]);
}
private function generateCa()
{
$this->caKey = self::generateKey();
$dn = [
'countryName' => 'GB',
'stateOrProvinceName' => 'Berkshire',
'localityName' => 'Newbury',
'organizationName' => 'Example Certificate Authority',
'commonName' => 'CA for PHP Tests'
];
$this->ca = openssl_csr_sign(
openssl_csr_new(
$dn,
$this->caKey,
[
'x509_extensions' => 'v3_ca',
'config' => self::CONFIG,
]
),
null,
$this->caKey,
2
);
}
public function getCaCert()
{
$output = '';
openssl_x509_export($this->ca, $output);
return $output;
}
public function saveCaCert($file)
{
openssl_x509_export_to_file($this->ca, $file);
}
public function saveNewCertAsFileWithKey($commonNameForCert, $file, $keyLength = null)
{
$dn = [
'countryName' => 'BY',
'stateOrProvinceName' => 'Minsk',
'localityName' => 'Minsk',
'organizationName' => 'Example Org',
'commonName' => $commonNameForCert,
];
$this->lastKey = self::generateKey($keyLength);
$this->lastCert = openssl_csr_sign(
openssl_csr_new($dn, $this->lastKey, ['req_extensions' => 'v3_req']),
$this->ca,
$this->caKey,
/* days */ 2,
['digest_alg' => 'sha256'],
);
$certText = '';
openssl_x509_export($this->lastCert, $certText);
$keyText = '';
openssl_pkey_export($this->lastKey, $keyText);
file_put_contents($file, $certText . PHP_EOL . $keyText);
}
public function getCertDigest($algo)
{
return openssl_x509_fingerprint($this->lastCert, $algo);
}
}
|