1

当我用 PHP 导出证书时,openssl_pkcs12_export_to_file我测试的手机说它包含一个根 CA,它是一个自签名 CA(至少看起来如此)

我正在使用的代码如下:

Class X509 {

    protected $db;
    private $certificate_validity       = 1826;
    private $certificate_values         = array(
                                              "countryName" => "NL",
                                              "stateOrProvinceName" => "XX",
                                              "localityName" => "xxxxxxxxxxxx",
                                              "organizationName" => "xxxxxx",
                                              "organizationalUnitName" => "xxx",
                                              "emailAddress" => "x@xxx.xxx.xxx"
                                          );
    private $signing_configuration      = array(
                                              "digest_alg" => "sha1"
                                          );

    public function __construct() {
        IF(!function_exists(openssl_pkcs12_export_to_file)) {
            return false;
        }
    }

    public function createCertificate($commonName) {
        $this->certificate_values['commonName']     = $commonName;
        $this->certificate_values['internalName']   = $commonName;

        $privateKey     = self::_createPrivateKey();
        $password       = self::_generatePassword();
        $signRequest    = self::_createSignRequest($privateKey);
        $serial         = self::_getNewSerial();
        $signedRequest  = self::_signRequest($signRequest, $serial);

        #Export.
        $export_csr     = self::_exportCSR($signRequest, $commonName);
        $export_p12     = self::_exportP12($signedRequest, $commonName, $privateKey, $password);
        $export_cer     = self::_exportCER($signedRequest, $commonName, $privateKey);
        $export_pkey    = self::_exportPKey($privateKey, $commonName, $password);

        return array("name" => $commonName, "password" => $password);
    }

    private function _createPrivateKey() {
        return openssl_pkey_new(array('private_key_bits' => 1024));
    }

    private function _createSignRequest($privateKey) {
        return openssl_csr_new($this->certificate_values, $privateKey);
    }

    private function _getNewSerial() {
        // making a random serial, since it does not matter YET
        return rand(65000, 65536);
    }

    private function _generatePassword() {
        return 'Derp1234!@';
    }

    private function _signRequest($signRequest, $serial) {
        return openssl_csr_sign($signRequest, $this->root_ca_certificate, array($this->root_ca_privatekey_file, $this->root_ca_privatekey_pass), $this->certificate_validity, $this->signing_configuration, $serial);
    }

    private function _exportCSR($signedRequest, $commonName) {
        return openssl_csr_export_to_file($signedRequest, $this->certificate_csr_path.$commonName.".csr");
    }

    private function _exportP12($signedRequest, $commonName, $privateKey, $password) {
        return openssl_pkcs12_export_to_file($signedRequest, $this->certificate_p12_path.$commonName.".p12", $privateKey, $password);
    }

    private function _exportCER($signedRequest, $commonName, $privateKey) {
        return openssl_x509_export_to_file($signedRequest, $this->certificate_cer_path.$commonName.".cer");
    }

    private function _exportPKey($privateKey, $commonName, $password) {
        return openssl_pkey_export_to_file($privateKey, $this->certificate_pkey_path.$commonName."privatekey.pem", $password);
    }
}

$c = new X509();
var_dump($c->createCertificate($_GET['cn']));

我是否忽略了某些东西,还是完全错误地做错了?

4

0 回答 0