jlainezs/createcertificate.php

## createcertificate.php
     /**
 	 * Creates an OpenSSL certificate
 	 * @param $dn Array Associative array "key"=>"value"
 	 * @param $duration int Number of days which the certificate is valid
 	 * @throws Exception If there are any errors
 	 * @return Array Associative array with the security elements: "cer"=>self signed certificate, "pem"=>private key, "file"=>path to the files
 	 *
 	 * @see http://www.php.net/manual/en/function.openssl-csr-new.php
     * @author Pep Lainez
 	 */
 	static function createCertificate($dn, $duration, $password, $vaultPath, $fileNameNoExtension, $configFile=null){

 		$log = JLog::getInstance('com_jlicensemanagement-service.log.php');

 		$configParams = null;
 		if ($configFile)
 			$configParams = array('config' => $configFile);

	 	// Generate a new private (and public) key pair
	 	$privkey = openssl_pkey_new($configParams);
	 	if ($privkey === FALSE){
	 		return FALSE;
	 	}
	 	// generates a certificate signing request
	 	$csr = openssl_csr_new($dn, $privkey, $configParams);
		if ($csr === FALSE){
			return FALSE;
		}
	 	// This creates a self-signed cert that is valid for $duration days
	 	$sscert = openssl_csr_sign($csr, null, $privkey, $duration, $configParams);
	 	if ($sscert === FALSE){
	 		return FALSE;
	 	}
	 	// expport the certificate and the private key
	 	openssl_x509_export($sscert, $certout);
 		openssl_pkey_export($privkey, $pkout, $password, $configParams);

	 	$file = $vaultPath.DS.$fileNameNoExtension;

	 	file_put_contents($file.".cer", $certout);
	 	file_put_contents($file.".pem", $pkout);

	 	$result = array('cer'=>$certout, 'pem'=>$pkout, 'file'=>$file);

	 	// Gets any errors that occurred here
	 	$allErrors = '';
	 	while (($e = openssl_error_string()) !== false) {
	 		$allErrors .= $e . "\n";
	 	}
	 	if ($allErrors != ''){
	 		$aErrs = explode("\n", $allErrors);
	 		foreach($aErrs as $err)
	 			$log->addEntry(array('comment' => $err, 'status' => 500 ));
	 	}

	 	return $result;
 	}

## sign.php
     /**
 	  * Sign
      * @param String $text Text to sign
 	  * @param String $privkey Private key
 	  * @param String $password Private key password
 	  */
 	static function sign($text, $privkey, $password){
 		$signature = "";
 		$privkeyId = openssl_get_privatekey($privkey, $password );
 		openssl_sign($text, $signature, $privkeyId);
 		openssl_free_key($privkeyId);
 		return $signature;
 	}

## verify.java
    /**
	 * Loads a certificate
	 *
	 * @return X509Certificate The loaded certificate
	 * @throws FileNotFoundException
	 * @throws CertificateException
	 * @throws InvalidKeyException
	 * @throws NoSuchAlgorithmException
	 * @throws NoSuchProviderException
	 * @throws SignatureException
	 */
	static public X509Certificate getCertificate() throws FileNotFoundException, CertificateException,
			InvalidKeyException, NoSuchAlgorithmException,
			NoSuchProviderException, SignatureException{

		InputStream in = getCertificateFromResource();
		CertificateFactory cf = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$
		X509Certificate certificate = (X509Certificate)cf.generateCertificate(in);
		PublicKey pk = certificate.getPublicKey();
		certificate.verify(pk);
		return certificate;
	}

	/**
	 * Verifies the giving signature of the text
	 * @param textToVerify The text which will be verified
	 * @param signature The base64 encoded signature
	 * @return boolean
	 */
	static public boolean verifySignature(String textToVerify, String signature) {
		boolean verifies = false;
		try {
			X509Certificate certificate;
			certificate = CertificateUtils.getCertificate();

			PublicKey pubKey = certificate.getPublicKey();
			Signature sig = Signature.getInstance("SHA1withRSA"); //$NON-NLS-1$
			sig.initVerify(pubKey);
			String dataSigned = textToVerify;
			sig.update(dataSigned.getBytes());
			verifies = sig.verify(Base64.decodeBase64(signature));
			} catch (Exception e) {
				e.printStackTrace();
			}
            return verifies;
	}
	/**
	* Creates an OpenSSL certificate
	* @param $dn Array Associative array "key"=>"value"
	* @param $duration int Number of days which the certificate is valid
	* @throws Exception If there are any errors
	* @return Array Associative array with the security elements: "cer"=>self signed certificate, "pem"=>private key, "file"=>path to the files
	*
	* @see http://www.php.net/manual/en/function.openssl-csr-new.php
	* @author Pep Lainez
	*/
	static function createCertificate($dn, $duration, $password, $vaultPath, $fileNameNoExtension, $configFile=null){

	$log = JLog::getInstance('com_jlicensemanagement-service.log.php');

	$configParams = null;
	if ($configFile)
	$configParams = array('config' => $configFile);

	// Generate a new private (and public) key pair
	$privkey = openssl_pkey_new($configParams);
	if ($privkey === FALSE){
	return FALSE;
	}
	// generates a certificate signing request
	$csr = openssl_csr_new($dn, $privkey, $configParams);
	if ($csr === FALSE){
	return FALSE;
	}
	// This creates a self-signed cert that is valid for $duration days
	$sscert = openssl_csr_sign($csr, null, $privkey, $duration, $configParams);
	if ($sscert === FALSE){
	return FALSE;
	}
	// expport the certificate and the private key
	openssl_x509_export($sscert, $certout);
	openssl_pkey_export($privkey, $pkout, $password, $configParams);

	$file = $vaultPath.DS.$fileNameNoExtension;

	file_put_contents($file.".cer", $certout);
	file_put_contents($file.".pem", $pkout);

	$result = array('cer'=>$certout, 'pem'=>$pkout, 'file'=>$file);

	// Gets any errors that occurred here
	$allErrors = '';
	while (($e = openssl_error_string()) !== false) {
	$allErrors .= $e . "\n";
	}
	if ($allErrors != ''){
	$aErrs = explode("\n", $allErrors);
	foreach($aErrs as $err)
	$log->addEntry(array('comment' => $err, 'status' => 500 ));
	}

	return $result;
	}
	/**
	* Sign
	* @param String $text Text to sign
	* @param String $privkey Private key
	* @param String $password Private key password
	*/
	static function sign($text, $privkey, $password){
	$signature = "";
	$privkeyId = openssl_get_privatekey($privkey, $password );
	openssl_sign($text, $signature, $privkeyId);
	openssl_free_key($privkeyId);
	return $signature;
	}
	/**
	* Loads a certificate
	*
	* @return X509Certificate The loaded certificate
	* @throws FileNotFoundException
	* @throws CertificateException
	* @throws InvalidKeyException
	* @throws NoSuchAlgorithmException
	* @throws NoSuchProviderException
	* @throws SignatureException
	*/
	static public X509Certificate getCertificate() throws FileNotFoundException, CertificateException,
	InvalidKeyException, NoSuchAlgorithmException,
	NoSuchProviderException, SignatureException{

	InputStream in = getCertificateFromResource();
	CertificateFactory cf = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$
	X509Certificate certificate = (X509Certificate)cf.generateCertificate(in);
	PublicKey pk = certificate.getPublicKey();
	certificate.verify(pk);
	return certificate;
	}

	/**
	* Verifies the giving signature of the text
	* @param textToVerify The text which will be verified
	* @param signature The base64 encoded signature
	* @return boolean
	*/
	static public boolean verifySignature(String textToVerify, String signature) {
	boolean verifies = false;
	try {
	X509Certificate certificate;
	certificate = CertificateUtils.getCertificate();

	PublicKey pubKey = certificate.getPublicKey();
	Signature sig = Signature.getInstance("SHA1withRSA"); //$NON-NLS-1$
	sig.initVerify(pubKey);
	String dataSigned = textToVerify;
	sig.update(dataSigned.getBytes());
	verifies = sig.verify(Base64.decodeBase64(signature));
	} catch (Exception e) {
	e.printStackTrace();
	}
	return verifies;
	}