本文整理汇总了PHP中openssl_x509_export函数的典型用法代码示例。如果您正苦于以下问题:PHP openssl_x509_export函数的具体用法?PHP openssl_x509_export怎么用?PHP openssl_x509_export使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了openssl_x509_export函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。
示例1: generate
/**
* @param SigningDetails $dn
* @param null $privateKey
* @param null $privkeypass
* @param int $numberofdays
* @return array
* @throws \Exception
*/
function generate(SigningDetails $dn, $privateKey = null, $privkeypass = null, $numberofdays = 365)
{
if ($privateKey === null) {
$privkey = $this->generatePrivateKey();
} elseif (is_string($privateKey)) {
$privkey = openssl_pkey_get_private($privateKey);
} else {
throw new \Exception('Invalid format for private key');
}
if (!$privkey) {
throw new \Exception('Invalid private key');
}
$csr = @openssl_csr_new($dn->toArray(), $privkey);
if (!$csr) {
throw new \Exception('Failed create signing request. Input likely invalid.');
}
$sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays);
if (!$sscert) {
throw new \Exception('Failed create signing request. Input likely invalid.');
}
openssl_x509_export($sscert, $publickey);
$privatekey = null;
if (!openssl_pkey_export($privkey, $privatekey, $privkeypass)) {
throw new \Exception('Private key generatio failed');
}
/*$csrStr = null;
if(!openssl_csr_export($csr, $csrStr)){
throw new \Exception('CSR generation failed');
}*/
return [$publickey, $privatekey];
}
开发者ID:splitice,项目名称:radical-ssl,代码行数:39,代码来源:X509Helpers.php
示例2: get_keys
static public function get_keys($login,$full_name) {
$CA_CERT = base_url()."data/key/CA_DOC.csr";
$CA_KEY = base_url()."data/key/CA_DOC_priv.key";
$config = array(
"private_key_type"=>OPENSSL_KEYTYPE_RSA,
"private_key_bits"=>512
);
$res = openssl_pkey_new($config);
$privKey = '';
openssl_pkey_export($res,$privKey);
$arr = array(
"organizationName" => "Фізична особа",
"organizationalUnitName" => "Фізична особа",
"commonName" => $full_name,
"UID" => $login,
"countryName" => "UA"
);
$csr = openssl_csr_new($arr,$privKey);
$cert = openssl_csr_sign($csr,file_get_contents($CA_CERT),file_get_contents($CA_KEY),730);
openssl_x509_export($cert,$str_cert);
$public_key = openssl_pkey_get_public($str_cert);
$public_key_details = openssl_pkey_get_details($public_key);
$public_key_string = $public_key_details['key'];
return array('private'=>$privKey,'cert'=>$str_cert,'public'=>$public_key_string);
}
开发者ID:2ovob4ehko,项目名称:doc,代码行数:25,代码来源:Enc.php
示例3: generateSslKeypair
function generateSslKeypair($commonName, $keyLength)
{
$key = openssl_pkey_new(array("private_key_bits" => $keyLength));
$default = getDefaultConfPath();
if (file_exists($default . "/cert-overrides.ini")) {
$confFile = $default . "/cert-overrides.ini";
} else {
$confFile = $_SERVER["DOCUMENT_ROOT"] . "/conf/cert.ini";
}
$certConf = parse_ini_file($confFile, true);
$dn = $certConf["dn"];
$dn["commonName"] = $commonName;
$cert = openssl_csr_new($dn, $key);
// Creating a new X509 Certificate Signing Request
if ($e = error_get_last()) {
// Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
throw new Exception("Error occured:" . $e["message"]);
}
$signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => $confFile, "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
// Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
if (!$signed) {
throw new Exception("Error occured while signing certificate");
}
openssl_pkey_export($key, $privateKey);
// Export private-key to $privateKey
openssl_x509_export($signed, $clientCert);
// Export signed-certificate to $clientCert without Extra Details
return array($clientCert, $privateKey);
}
开发者ID:sriraamas,项目名称:simple-ldap-manager,代码行数:29,代码来源:util.php
示例4: makeKeys
public function makeKeys($distinguishedName, $passphrase = NULL, $certCA = NULL, $keyCA)
{
// keep track of the distinguished name
$this->dn = $distinguishedName;
// generate the pem-encoded private key
$config = array('digest_alg' => 'sha1', 'private_key_bits' => 1024, 'encrypt_key' => TRUE);
$key = openssl_pkey_new($config);
// generate the certificate signing request...
$csr = openssl_csr_new($this->dn, $key, $config);
// and use it to make a self-signed certificate
$this->serialNumber = rand();
$cert = openssl_csr_sign($csr, NULL, $key, 365, $config, time());
// make openssl forget the key
openssl_free_key($keyCA);
// export private and public keys
openssl_pkey_export($key, $this->privatekey, $passphrase, $config);
//openssl_pkey_export_to_file ( $this->privatekey , "server.key", $passphrase, $config )
openssl_x509_export($cert, $this->certificate);
// parse certificate
$this->x509 = openssl_x509_parse($cert);
if (isset($this->serialNumber)) {
$outfilename = '/var/www/html/' . $this->serialNumber;
// Gets an exportable representation of a key into a file
openssl_pkey_export_to_file($key, $outfilename . '.pem', $passphrase, $config);
}
openssl_x509_export_to_file($this->certificate, $outfilename . '.crt', TRUE);
return TRUE;
// end of makeKeys() method
}
开发者ID:Ricardo-Costa-Oliveira,项目名称:SAFEBOOK,代码行数:29,代码来源:openSSL.php
示例5: run
public function run()
{
if (strrev($this->input['folder']) !== DIRECTORY_SEPARATOR) {
$this->input['folder'] .= DIRECTORY_SEPARATOR;
}
$files = [];
foreach (['pub', 'key', 'crt', 'csr'] as $extension) {
$files[$extension] = sprintf('%s%s%s.%s', $this->input['folder'], $this->input['prefix'], $this->input['hostname'], $extension);
}
foreach ($files as $file) {
if (file_exists($file)) {
throw new RuntimeException(sprintf('File exist: %s', $file));
}
}
$dn = array("countryName" => $this->input['country'], "stateOrProvinceName" => $this->input['state-or-province-name'], "localityName" => $this->input['locality-name'], "organizationName" => $this->input['organization-name'], "organizationalUnitName" => $this->input['organizational-unit-name'], "commonName" => $this->input['common-name'], "emailAddress" => $this->input['email-address']);
// Create the private and public key
$res = openssl_pkey_new(['digest_alg' => $this->input['alg'], 'private_key_bits' => $this->input['bits'], 'private_key_type' => OPENSSL_KEYTYPE_RSA]);
// Generate a certificate signing request
$csr = openssl_csr_new(array_filter($dn), $res);
// Creates a self-signed cert
$sscert = openssl_csr_sign($csr, null, $res, $this->input['days']);
openssl_csr_export($csr, $out);
file_put_contents($files['csr'], $out);
// Export certfile
openssl_x509_export($sscert, $out);
file_put_contents($files['crt'], $out);
// Extract the private key from $res to $privKey
openssl_pkey_export($res, $out);
file_put_contents($files['key'], $out);
// Extract the public key from $res to $pubKey
$out = openssl_pkey_get_details($res);
file_put_contents($files['pub'], $out["key"]);
}
开发者ID:pbergman,项目名称:php-docker-token-auth,代码行数:33,代码来源:CreateKeys.php
示例6: generateSslKeypair
function generateSslKeypair($commonName, $mail, $keyLength)
{
$key = openssl_pkey_new(array("private_key_bits" => $keyLength));
$certConf = parse_ini_file("cert.conf", true);
$dn = $certConf["dn"];
$dn["commonName"] = $commonName;
$dn["emailAddress"] = $mail;
$cert = openssl_csr_new($dn, $key);
// Creating a new X509 Certificate Signing Request
if ($e = error_get_last()) {
// Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless
throw new Exception("Error occured:" . $e["message"]);
}
$signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => "../core/cert.conf", "config_section_name" => "csr", "x509_extensions" => "clientx509_ext"));
// Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf
if (!$signed) {
throw new Exception("Error occured while signing certificate");
}
openssl_pkey_export($key, $privateKey);
// Export private-key to $privateKey
openssl_x509_export($signed, $clientCert, FALSE);
// Export signed-certificate to $clientCert
openssl_x509_export($signed, $publicKey);
// Export public-key from the signed-certificate to $publicKey
return array($clientCert, $publicKey, $privateKey);
}
开发者ID:pauldraper,项目名称:simple-ldap-manager,代码行数:26,代码来源:util.php
示例7: make_request
public function make_request()
{
$g = stream_context_create(array("ssl" => array("capture_peer_cert" => true)));
set_error_handler(function () {
return true;
});
$r = stream_socket_client("ssl://{$this->target}:{$this->target_port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $g);
restore_error_handler();
if (!$r) {
return true;
} else {
$cont = stream_context_get_params($r);
$cert = openssl_x509_read($cont["options"]["ssl"]["peer_certificate"]);
$cert_data = openssl_x509_parse($cert);
openssl_x509_export($cert, $out, FALSE);
$signature_algorithm = null;
if (preg_match('/^\\s+Signature Algorithm:\\s*(.*)\\s*$/m', $out, $match)) {
$signature_algorithm = $match[1];
}
$this->sha_type = $signature_algorithm;
$this->common_name = $cert_data['subject']['CN'];
$this->alternative_names = $cert_data['extensions']['subjectAltName'];
$this->issuer = $cert_data['issuer']['O'];
$this->valid_from = date('m-d-Y H:i:s', strval($cert_data['validFrom_time_t']));
$this->valid_to = date('m-d-Y H:i:s', strval($cert_data['validTo_time_t']));
$this->parse_alternative_names();
}
}
开发者ID:ryebell,项目名称:achilles,代码行数:28,代码来源:CheckSSL.php
示例8: get_fingerprint
/**
* Get the fingerprint from the specified certificate
*
* @param string $certificate
* @return fingerprint or null on failure
*/
public static function get_fingerprint($certificate, $hash = null)
{
$fingerprint = null;
// The openssl_x509_read() function will throw an warning if the supplied
// parameter cannot be coerced into an X509 certificate
// @codingStandardsIgnoreStart
$resource = @openssl_x509_read($certificate);
// @codingStandardsIgnoreEnd
if (false !== $resource) {
$output = null;
$result = openssl_x509_export($resource, $output);
if (false !== $result) {
$output = str_replace(self::CERTIFICATE_BEGIN, '', $output);
$output = str_replace(self::CERTIFICATE_END, '', $output);
// Base64 decode
$fingerprint = base64_decode($output);
// Hash
if (null !== $hash) {
$fingerprint = hash($hash, $fingerprint);
}
}
// @todo else what to do?
}
// @todo else what to do?
return $fingerprint;
}
开发者ID:wp-pay-gateways,项目名称:ideal-advanced-v3,代码行数:32,代码来源:Security.php
示例9: exportPemFromUrl
/**
* Exports key of a given SSL certificate
*
* @param string $url without protocol
* @return string $certificateContent
*/
public function exportPemFromUrl($url)
{
$certificateResource = $this->loadFromUrl($url);
openssl_x509_export($certificateResource, $certificateContent);
$certificateContent = str_replace('-----BEGIN CERTIFICATE-----', '', $certificateContent);
$certificateContent = str_replace('-----END CERTIFICATE-----', '', $certificateContent);
return $certificateContent;
}
开发者ID:newlongwhitecloudy,项目名称:OpenConext-engineblock,代码行数:14,代码来源:X509Certificate.php
示例10: setUpBeforeClass
public static function setUpBeforeClass()
{
self::$pKey = openssl_pkey_new();
$csr = openssl_csr_new([], self::$pKey);
$x509 = openssl_csr_sign($csr, null, self::$pKey, 1);
openssl_x509_export($x509, self::$certificate);
openssl_x509_free($x509);
}
开发者ID:poisa,项目名称:aws-php-sns-message-validator,代码行数:8,代码来源:MessageValidatorTest.php
示例11: ocsp_verify_json
function ocsp_verify_json($raw_cert_data, $raw_next_cert_data, $ocsp_uri)
{
//uses openssl cli to validate cert status with ocsp
global $random_blurp, $timeout;
$result = array();
$tmp_dir = '/tmp/';
$root_ca = getcwd() . '/cacert.pem';
$pem_issuer = "";
$pem_client = "";
openssl_x509_export($raw_cert_data, $pem_client);
openssl_x509_export_to_file($raw_cert_data, $tmp_dir . $random_blurp . '.cert_client.pem');
openssl_x509_export($raw_next_cert_data, $pem_issuer);
openssl_x509_export_to_file($raw_next_cert_data, $tmp_dir . $random_blurp . '.cert_issuer.pem');
$isser_loc = $tmp_dir . $random_blurp . '.cert_issuer.pem';
// Some OCSP's want HTTP/1.1 but OpenSSL does not do that. Add Host header as workaround.
$ocsp_host = parse_url($ocsp_uri, PHP_URL_HOST);
$output = shell_exec('timeout ' . $timeout . ' | openssl ocsp -no_nonce -CAfile ' . $root_ca . ' -issuer ' . $isser_loc . ' -cert ' . $tmp_dir . $random_blurp . '.cert_client.pem -url "' . escapeshellcmd($ocsp_uri) . '" -header "HOST" "' . escapeshellcmd($ocsp_host) . '" 2>&1');
$filter_output = shell_exec('timeout ' . $timeout . ' | openssl ocsp -no_nonce -CAfile ' . $root_ca . ' -issuer ' . $isser_loc . ' -cert ' . $tmp_dir . $random_blurp . '.cert_client.pem -url "' . escapeshellcmd($ocsp_uri) . '" -header "HOST" "' . escapeshellcmd($ocsp_host) . '" 2>&1 | grep -v -e "to get local issuer certificate" -e "signer certificate not found" -e "Response Verify" -e "' . $tmp_dir . $random_blurp . '.cert_client.pem"');
$output = preg_replace("/[[:blank:]]+/", " ", $output);
$ocsp_status_lines = explode("\n", $output);
$ocsp_status_lines = array_map('trim', $ocsp_status_lines);
foreach ($ocsp_status_lines as $line) {
if (endsWith($line, ":") == false) {
list($k, $v) = explode(":", $line, 2);
if (trim($k)) {
$lines[trim($k)] = trim($v);
}
}
}
if ($lines[$tmp_dir . $random_blurp . ".cert_client.pem"] == "good") {
$result["status"] = "good";
} else {
if ($lines[$tmp_dir . $random_blurp . ".cert_client.pem"] == "revoked") {
$result["status"] = "revoked";
} else {
$result["error"] = $filter_output;
$result["status"] = "unknown";
}
}
if (isset($lines["This Update"])) {
$result["this_update"] = $lines["This Update"];
}
if (isset($lines["Next Update"])) {
$result["next_update"] = $lines["Next Update"];
}
if (isset($lines["Reason"])) {
$result["reason"] = $lines["Reason"];
}
if (isset($lines["Revocation Time"])) {
$result["revocation_time"] = $lines["Revocation Time"];
}
$result["ocsp_uri"] = $ocsp_uri;
//remove temp files after use
unlink($tmp_dir . $random_blurp . '.cert_client.pem');
unlink($tmp_dir . $random_blurp . '.cert_issuer.pem');
return $result;
}
开发者ID:AshleyPoole,项目名称:ssl-decoder,代码行数:57,代码来源:ocsp.php
示例12: toPem
public function toPem()
{
$pem = '';
$exported = openssl_x509_export($this->opensslResource, $pem);
if (!$exported) {
throw new EngineBlock_Exception("Unable to convert certificate to PEM?");
}
return $pem;
}
开发者ID:WebSpider,项目名称:OpenConext-engineblock,代码行数:9,代码来源:Certificate.php
示例13: exportCertificatePem
public function exportCertificatePem($file)
{
\debug("OpenSSL CSR: Exporting certificate as PEM: {$file}");
$pem = [];
openssl_x509_export($this->signed, $pem[0]);
openssl_pkey_export($this->pkey, $pem[1], $this->pkeypass);
$pem = implode($pem);
file_put_contents($file, $pem);
}
开发者ID:noccy80,项目名称:cherryphp,代码行数:9,代码来源:csr.php
示例14: cert_signature_algorithm
function cert_signature_algorithm($raw_cert_data)
{
$cert_read = openssl_x509_read($raw_cert_data);
openssl_x509_export($cert_read, $out, FALSE);
$signature_algorithm = null;
if (preg_match('/^\\s+Signature Algorithm:\\s*(.*)\\s*$/m', $out, $match)) {
$signature_algorithm = $match[1];
}
return $signature_algorithm;
}
开发者ID:ntthanh,项目名称:ssl-decoder,代码行数:10,代码来源:verify_certifitcate.php
示例15: create
/**
* @param array $dn
* @param null $passPhrase
*
* @return string
*/
public function create(array $dn, $passPhrase = null)
{
$config = $this->getConfig();
$key = openssl_pkey_new($config);
$crt = openssl_csr_new($dn, $key, $config);
$crt = openssl_csr_sign($crt, null, $key, 365, $config);
$x509 = null;
$pKey = null;
openssl_x509_export($crt, $x509);
openssl_pkey_export($key, $pKey, $passPhrase, $config);
return $x509 . $pKey;
}
开发者ID:kzykhys,项目名称:coupe,代码行数:18,代码来源:Certificate.php
示例16: sign
/**
* Sign this CSR
*
* @param security.KeyPair keypair
* @param int days default 365
* @param var cacert default NULL
* @return security.cert.X509Certificate
*/
public function sign($keypair, $days = 365, $cacert = NULL)
{
if (FALSE === ($x509 = openssl_csr_sign($this->_res, $cacert, $keypair->_res, $days))) {
trigger_error(implode("\n @", OpenSslUtil::getErrors()), E_USER_NOTICE);
throw new CertificateException('Cannot sign certificate');
}
if (FALSE === openssl_x509_export($x509, $str)) {
trigger_error(implode("\n @", OpenSslUtil::getErrors()), E_USER_NOTICE);
throw new CertificateException('Cannot export certificate');
}
return X509Certificate::fromString($str);
}
开发者ID:melogamepay,项目名称:xp-framework,代码行数:20,代码来源:CSR.class.php
示例17: checkCert
/**
* Preflight the SSL certificate presented by the backend. This isn't 100%
* bulletproof, in that we're not actually validating the transport used to
* communicate with Stripe, merely that the first attempt to does not use a
* revoked certificate.
*
* Unfortunately the interface to OpenSSL doesn't make it easy to check the
* certificate before sending potentially sensitive data on the wire. This
* approach raises the bar for an attacker significantly.
*
* @param string $url
*
* @return bool
*/
public function checkCert($url)
{
if (!$this->hasStreamExtensions()) {
return $this->showStreamExtensionWarning();
}
$this->setUrl($url);
list($result, $errorNo, $errorStr) = $this->streamSocketClient();
$this->checkResult($result, $errorNo, $errorStr);
openssl_x509_export(stream_context_get_params($result)['options']['ssl']['peer_certificate'], $pemCert);
$this->checkBlackList($pemCert);
return true;
}
开发者ID:arcanedev,项目名称:stripe,代码行数:26,代码来源:SslChecker.php
示例18: create_ssl_cert
function create_ssl_cert($pem_file, $pem_passphrase, $pem_dn)
{
$privkey = openssl_pkey_new();
$cert = openssl_csr_new($pem_dn, $privkey);
$cert = openssl_csr_sign($cert, null, $privkey, 365);
$pem = array();
openssl_x509_export($cert, $pem[0]);
openssl_pkey_export($privkey, $pem[1], $pem_passphrase);
$pem = implode($pem);
file_put_contents($pem_file, $pem);
chmod($pem_file, 0600);
}
开发者ID:jia-git,项目名称:phpchat,代码行数:12,代码来源:chat_server.php
示例19: createSSLCert
private function createSSLCert()
{
$privKey = openssl_pkey_new();
$cert = openssl_csr_new(self::$pemDN, $privKey);
$cert = openssl_csr_sign($cert, null, $privKey, 365);
$pem = [];
openssl_x509_export($cert, $pem[0]);
openssl_pkey_export($privKey, $pem[1], self::PEM_PASSPHRASE);
$pem = implode($pem);
file_put_contents($this->pemFile, $pem);
chmod($this->pemFile, 0600);
}
开发者ID:javabudd,项目名称:CbApi,代码行数:12,代码来源:TestServer.php
示例20: generatePemFile
/**
* Generates a new PEM File given the informations
*
* @param string $pem_file the path of the PEM file to create
* @param string $pem_passphrase the passphrase to protect the PEM
* file or if you don't want to
* use a passphrase
* @param string $country_name the country code of the new PEM file. e.g.: EN
* @param string $state_or_province_name the state or province name of the new PEM file
* @param string $locality_name the name of the locality
* @param string $organization_name the name of the organisation. e.g.: MyCompany
* @param string $organizational_unit_name the organisation unit name
* @param string $common_name the common name
* @param string $email_address the email address
*/
public static function generatePemFile($pem_file, $pem_passphrase, $country_name, $state_or_province_name, $locality_name, $organization_name, $organizational_unit_name, $common_name, $email_address)
{
// Generate PEM file
$dn = array('countryName' => $country_name, 'stateOrProvinceName' => $state_or_province_name, 'localityName' => $locality_name, 'organizationName' => $organization_name, 'organizationalUnitName' => $organizational_unit_name, 'commonName' => $common_name, 'emailAddress' => $email_address);
$privkey = openssl_pkey_new();
$cert = openssl_csr_new($dn, $privkey);
$cert = openssl_csr_sign($cert, null, $privkey, 365);
$pem = array();
openssl_x509_export($cert, $pem[0]);
openssl_pkey_export($privkey, $pem[1], $pem_passphrase);
$pem = implode($pem);
file_put_contents($pem_file, $pem);
}
开发者ID:sahilmalhan,项目名称:dubdub,代码行数:28,代码来源:Ssl.php
注:本文中的openssl_x509_export函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论