|
|
|
|
@@ -1,7 +1,7 @@
|
|
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
trait cmpOpenSSLTrait {
|
|
|
|
|
var $cmpOpenSSLVersion = "20240124";
|
|
|
|
|
var $cmpOpenSSLVersion = "20240126";
|
|
|
|
|
|
|
|
|
|
var $caDN = NULL ;
|
|
|
|
|
|
|
|
|
|
@@ -289,7 +289,7 @@
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function getCertInfo($crt, $prv, &$out = null) {
|
|
|
|
|
function cmpOpenSslCertGetInfo($crt, $prv, &$out = null) {
|
|
|
|
|
$txtPub = "";
|
|
|
|
|
$txtPrv = "";
|
|
|
|
|
|
|
|
|
|
@@ -392,7 +392,7 @@
|
|
|
|
|
return $out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function createCA($parm, &$out = null) {
|
|
|
|
|
function cmpOpenSslCaGen($parm, &$out = null) {
|
|
|
|
|
try {
|
|
|
|
|
$confFile = $this->cmpOpenSslConfTemp();
|
|
|
|
|
|
|
|
|
|
@@ -458,7 +458,7 @@
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->getCertInfo($this->caCrt, $this->caPrv, $out);
|
|
|
|
|
$this->cmpOpenSslCertGetInfo($this->caCrt, $this->caPrv, $out);
|
|
|
|
|
|
|
|
|
|
$txtPub = "";
|
|
|
|
|
$txtPrv = "";
|
|
|
|
|
@@ -467,7 +467,7 @@
|
|
|
|
|
openssl_pkey_export($this->caPrv , $txtPrv, NULL );
|
|
|
|
|
|
|
|
|
|
if($out !== null) {
|
|
|
|
|
if(!$this->getCertInfo($this->caCrt, $this->caPrv, $out))
|
|
|
|
|
if(!$this->cmpOpenSslCertGetInfo($this->caCrt, $this->caPrv, $out))
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -479,8 +479,7 @@
|
|
|
|
|
$this->caPub = openssl_pkey_get_public($this->caCrt);
|
|
|
|
|
|
|
|
|
|
if(!$this->caPub) {
|
|
|
|
|
$this->e(__LINE__, "openssl_pkey_get_public: error");
|
|
|
|
|
return NULL;
|
|
|
|
|
throw new Exception("openssl_pkey_get_public: " . openssl_error_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// var_export($csrout);
|
|
|
|
|
@@ -489,14 +488,14 @@
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function loadFromFileCACrt($file) {
|
|
|
|
|
function cmpOpenSslCaCertFromFile($file) {
|
|
|
|
|
// var_dump(openssl_get_cert_locations());
|
|
|
|
|
|
|
|
|
|
$this->caCrtFile = $file;
|
|
|
|
|
|
|
|
|
|
$text = @file_get_contents($file);
|
|
|
|
|
|
|
|
|
|
if($this->loadFromTextCACrt($text)) {
|
|
|
|
|
if($this->cmpOpenSslCaCertFromText($text)) {
|
|
|
|
|
$this->caCrtFile = $file;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
@@ -504,22 +503,20 @@
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function loadFromTextCACrt($text) {
|
|
|
|
|
function cmpOpenSslCaCertFromText($text) {
|
|
|
|
|
$this->caCrtFile = "";
|
|
|
|
|
|
|
|
|
|
$this->caCrtPEM = $text;
|
|
|
|
|
|
|
|
|
|
if(!$this->caCrtPEM) {
|
|
|
|
|
$this->e(__LINE__, "Invalid CA text");
|
|
|
|
|
return NULL;
|
|
|
|
|
throw new Exception("Invalid CA text");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// openssl_get_privatekey()
|
|
|
|
|
$this->caCrt = openssl_x509_read( $this->caCrtPEM );
|
|
|
|
|
|
|
|
|
|
if(!$this->caCrt) {
|
|
|
|
|
$this->e(__LINE__, "openssl_x509_read: error");
|
|
|
|
|
return NULL;
|
|
|
|
|
throw new Exception("openssl_x509_read: " . openssl_error_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// openssl_x509_parse(file_get_contents($file));
|
|
|
|
|
@@ -527,15 +524,13 @@
|
|
|
|
|
$this->caPub = openssl_pkey_get_public($this->caCrt);
|
|
|
|
|
|
|
|
|
|
if(!$this->caPub) {
|
|
|
|
|
$this->e(__LINE__, "openssl_pkey_get_public: error");
|
|
|
|
|
return NULL;
|
|
|
|
|
throw new Exception("openssl_pkey_get_public: " . openssl_error_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$pkey = openssl_pkey_get_details($this->caPub);
|
|
|
|
|
|
|
|
|
|
if(!$pkey) {
|
|
|
|
|
$this->e(__LINE__, "openssl_pkey_get_details: error");
|
|
|
|
|
return NULL;
|
|
|
|
|
throw new Exception("openssl_pkey_get_details: " . openssl_error_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->caPubPEM = $pkey["key"];
|
|
|
|
|
@@ -543,19 +538,18 @@
|
|
|
|
|
$this->caPub = openssl_pkey_get_public($this->caPubPEM);
|
|
|
|
|
|
|
|
|
|
if(!$this->caPub) {
|
|
|
|
|
$this->e(__LINE__, "openssl_pkey_get_public: error");
|
|
|
|
|
return NULL;
|
|
|
|
|
throw new Exception("openssl_pkey_get_public: " . openssl_error_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function loadFromFileCAPrv($file, $pass = NULL) {
|
|
|
|
|
function cmpOpenSslCaPrivFromFile($file, $pass = NULL) {
|
|
|
|
|
$this->caPrvFile = $file;
|
|
|
|
|
|
|
|
|
|
$text = @file_get_contents($file);
|
|
|
|
|
|
|
|
|
|
if($this->loadFromTextCAPrv($text, $pass)) {
|
|
|
|
|
if($this->cmpOpenSslCaPrivFromText($text, $pass)) {
|
|
|
|
|
$this->caPrvFile = $file;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
@@ -563,7 +557,7 @@
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function loadFromTextCAPrv($text, $pass = NULL) {
|
|
|
|
|
function cmpOpenSslCaPrivFromText($text, $pass = NULL) {
|
|
|
|
|
$this->caPrvFile = "";
|
|
|
|
|
/*
|
|
|
|
|
if(@$file)
|
|
|
|
|
@@ -581,8 +575,7 @@
|
|
|
|
|
$this->caPrv = openssl_pkey_get_private($this->caPrvPEM, $pass);
|
|
|
|
|
|
|
|
|
|
if(!$this->caPrv) {
|
|
|
|
|
$this->e(__LINE__, "openssl_pkey_get_private: error");
|
|
|
|
|
return NULL;
|
|
|
|
|
throw new Exception("openssl_pkey_get_private: " . openssl_error_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sign = "";
|
|
|
|
|
@@ -590,8 +583,7 @@
|
|
|
|
|
|
|
|
|
|
//Вычисляем подпись
|
|
|
|
|
if(!openssl_sign($test, $sign, $this->caPrv, "sha1WithRSAEncryption")) {
|
|
|
|
|
$this->e(__LINE__, "openssl_sign: error");
|
|
|
|
|
return NULL;
|
|
|
|
|
throw new Exception("openssl_sign: " . openssl_error_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch( openssl_verify($test, $sign, $this->caPub, OPENSSL_ALGO_SHA1) ) {
|
|
|
|
|
@@ -601,11 +593,11 @@
|
|
|
|
|
|
|
|
|
|
case 0:
|
|
|
|
|
// echo "некорректна\n";
|
|
|
|
|
$this->e(__LINE__, "Incorrect CA private key");
|
|
|
|
|
$this->e("Incorrect CA private key");
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
case -1:
|
|
|
|
|
$this->e(__LINE__, openssl_error_string());
|
|
|
|
|
$this->e(openssl_error_string());
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -613,16 +605,7 @@
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function infoCA() {
|
|
|
|
|
var_export(openssl_x509_parse($this->caCrt));
|
|
|
|
|
echo "\n";
|
|
|
|
|
|
|
|
|
|
// var_export(openssl_pkey_get_details($this->caPrv));
|
|
|
|
|
// echo "\n";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function createCli($parm, &$out = null) {
|
|
|
|
|
function cmpOpenSslCertGen($parm, &$out = null) {
|
|
|
|
|
try {
|
|
|
|
|
$confFile = $this->cmpOpenSslConfTemp();
|
|
|
|
|
|
|
|
|
|
@@ -692,7 +675,7 @@
|
|
|
|
|
openssl_pkey_export($this->cliPrv, $txtPrv, NULL );
|
|
|
|
|
|
|
|
|
|
if($out !== null) {
|
|
|
|
|
if(!$this->getCertInfo($this->cliCrt, $this->cliPrv, $out))
|
|
|
|
|
if(!$this->cmpOpenSslCertGetInfo($this->cliCrt, $this->cliPrv, $out))
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -704,8 +687,7 @@
|
|
|
|
|
$this->cliPub = openssl_pkey_get_public($this->cliCrt);
|
|
|
|
|
|
|
|
|
|
if(!$this->cliPub) {
|
|
|
|
|
$this->e(__LINE__, "openssl_pkey_get_public: error");
|
|
|
|
|
return NULL;
|
|
|
|
|
throw new Exception("openssl_pkey_get_public: " . openssl_error_string());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// var_export($csrout);
|
|
|
|
|
@@ -714,14 +696,14 @@
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function createClient($parm = NULL, &$out = null) {
|
|
|
|
|
function cmpOpenSslCertClientGen($parm = NULL, &$out = null) {
|
|
|
|
|
$parm["x509_extensions"] = "cmp_x509_ext_cli";
|
|
|
|
|
return $this->createCli($parm, $out);
|
|
|
|
|
return $this->cmpOpenSslCertGen($parm, $out);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function createServer($parm = NULL, &$out = null) {
|
|
|
|
|
function cmpOpenSslCertServerGen($parm = NULL, &$out = null) {
|
|
|
|
|
$parm["x509_extensions"] = "cmp_x509_ext_srv";
|
|
|
|
|
return $this->createCli($parm, $out);
|
|
|
|
|
return $this->cmpOpenSslCertGen($parm, $out);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function cmpOpenSslGenDh($bits = 2048) {
|
|
|
|
|
|
