Last active
February 10, 2023 15:22
-
-
Save jlainezs/4706024 to your computer and use it in GitHub Desktop.
Creates a certificate using OpenSSL with PHP. sing.php could be used to sign a text with the pkey generated with createCertificate. verify.java shows how to load the certificate from a resource and a verification sample of the text signed with sign.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Creates an OpenSSL certificate | |
* @param $dn Array Associative array "key"=>"value" | |
* @param $duration int Number of days which the certificate is valid | |
* @throws Exception If there are any errors | |
* @return Array Associative array with the security elements: "cer"=>self signed certificate, "pem"=>private key, "file"=>path to the files | |
* | |
* @see http://www.php.net/manual/en/function.openssl-csr-new.php | |
* @author Pep Lainez | |
*/ | |
static function createCertificate($dn, $duration, $password, $vaultPath, $fileNameNoExtension, $configFile=null){ | |
$log = JLog::getInstance('com_jlicensemanagement-service.log.php'); | |
$configParams = null; | |
if ($configFile) | |
$configParams = array('config' => $configFile); | |
// Generate a new private (and public) key pair | |
$privkey = openssl_pkey_new($configParams); | |
if ($privkey === FALSE){ | |
return FALSE; | |
} | |
// generates a certificate signing request | |
$csr = openssl_csr_new($dn, $privkey, $configParams); | |
if ($csr === FALSE){ | |
return FALSE; | |
} | |
// This creates a self-signed cert that is valid for $duration days | |
$sscert = openssl_csr_sign($csr, null, $privkey, $duration, $configParams); | |
if ($sscert === FALSE){ | |
return FALSE; | |
} | |
// expport the certificate and the private key | |
openssl_x509_export($sscert, $certout); | |
openssl_pkey_export($privkey, $pkout, $password, $configParams); | |
$file = $vaultPath.DS.$fileNameNoExtension; | |
file_put_contents($file.".cer", $certout); | |
file_put_contents($file.".pem", $pkout); | |
$result = array('cer'=>$certout, 'pem'=>$pkout, 'file'=>$file); | |
// Gets any errors that occurred here | |
$allErrors = ''; | |
while (($e = openssl_error_string()) !== false) { | |
$allErrors .= $e . "\n"; | |
} | |
if ($allErrors != ''){ | |
$aErrs = explode("\n", $allErrors); | |
foreach($aErrs as $err) | |
$log->addEntry(array('comment' => $err, 'status' => 500 )); | |
} | |
return $result; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Sign | |
* @param String $text Text to sign | |
* @param String $privkey Private key | |
* @param String $password Private key password | |
*/ | |
static function sign($text, $privkey, $password){ | |
$signature = ""; | |
$privkeyId = openssl_get_privatekey($privkey, $password ); | |
openssl_sign($text, $signature, $privkeyId); | |
openssl_free_key($privkeyId); | |
return $signature; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Loads a certificate | |
* | |
* @return X509Certificate The loaded certificate | |
* @throws FileNotFoundException | |
* @throws CertificateException | |
* @throws InvalidKeyException | |
* @throws NoSuchAlgorithmException | |
* @throws NoSuchProviderException | |
* @throws SignatureException | |
*/ | |
static public X509Certificate getCertificate() throws FileNotFoundException, CertificateException, | |
InvalidKeyException, NoSuchAlgorithmException, | |
NoSuchProviderException, SignatureException{ | |
InputStream in = getCertificateFromResource(); | |
CertificateFactory cf = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$ | |
X509Certificate certificate = (X509Certificate)cf.generateCertificate(in); | |
PublicKey pk = certificate.getPublicKey(); | |
certificate.verify(pk); | |
return certificate; | |
} | |
/** | |
* Verifies the giving signature of the text | |
* @param textToVerify The text which will be verified | |
* @param signature The base64 encoded signature | |
* @return boolean | |
*/ | |
static public boolean verifySignature(String textToVerify, String signature) { | |
boolean verifies = false; | |
try { | |
X509Certificate certificate; | |
certificate = CertificateUtils.getCertificate(); | |
PublicKey pubKey = certificate.getPublicKey(); | |
Signature sig = Signature.getInstance("SHA1withRSA"); //$NON-NLS-1$ | |
sig.initVerify(pubKey); | |
String dataSigned = textToVerify; | |
sig.update(dataSigned.getBytes()); | |
verifies = sig.verify(Base64.decodeBase64(signature)); | |
} catch (Exception e) { | |
e.printStackTrace(); | |
} | |
return verifies; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment