projects / weblabels.fsf.org.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
commiting uncommited changes on live site
[weblabels.fsf.org.git] / crm.fsf.org / 20131203 / files / sites / all / modules-new / civicrm / vendor / civicrm / civicrm-cxn-rpc / src / CA.php
1 <?php
2
3 /*
4 * This file is part of the civicrm-cxn-rpc package.
5 *
6 * Copyright (c) CiviCRM LLC <info@civicrm.org>
7 *
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this package.
10 */
11
12 namespace Civi\Cxn\Rpc;
13
14 use Civi\Cxn\Rpc\Exception\ExpiredCertException;
15 use Civi\Cxn\Rpc\Exception\InvalidCertException;
16
17 class CA {
18
19 /**
20 * @param array $keyPair
21 * Array with elements:
22 * - privatekey: string.
23 * - publickey: string.
24 * @param string $dn
25 * Distinguished name (e.g. "/O=TestOrg").
26 * @return string
27 * Certificate data.
28 */
29 public static function create($keyPair, $dn) {
30 $privKey = new \Crypt_RSA();
31 $privKey->loadKey($keyPair['privatekey']);
32
33 $pubKey = new \Crypt_RSA();
34 $pubKey->loadKey($keyPair['publickey']);
35 $pubKey->setPublicKey();
36
37 $subject = new \File_X509();
38 $subject->setDN($dn);
39 $subject->setPublicKey($pubKey);
40
41 $issuer = new \File_X509();
42 $issuer->setPrivateKey($privKey);
43 $issuer->setDN($dn);
44
45 $x509 = new \File_X509();
46 $x509->makeCA();
47 $x509->setEndDate(date('c', strtotime(Constants::CA_DURATION, Time::getTime())));
48
49 $result = $x509->sign($issuer, $subject, Constants::CERT_SIGNATURE_ALGORITHM);
50 return $x509->saveX509($result);
51 }
52
53 /**
54 * @param string $file
55 * File path.
56 * @return array
57 * Array with elements:
58 * - privatekey: string.
59 * - publickey: string.
60 */
61 public static function load($file) {
62 return file_get_contents($file);
63 }
64
65 /**
66 * @param string $file
67 * File path.
68 * @param string $cert
69 * Certificate data.
70 */
71 public static function save($file, $cert) {
72 file_put_contents($file, $cert);
73 }
74
75 /**
76 * Create a CSR for a CiviConnect application.
77 *
78 * @param array $keyPair
79 * Array with elements:
80 * - privatekey: string.
81 * - publickey: string.
82 * @param string $dn
83 * Distinguished name.
84 * @return string
85 * CSR data.
86 */
87 public static function createAppCSR($keyPair, $dn) {
88 $privKey = new \Crypt_RSA();
89 $privKey->loadKey($keyPair['privatekey']);
90
91 $pubKey = new \Crypt_RSA();
92 $pubKey->loadKey($keyPair['publickey']);
93 $pubKey->setPublicKey();
94
95 $x509 = new \File_X509();
96 $x509->setPrivateKey($privKey);
97 $x509->setDN($dn);
98
99 $x509->loadCSR($x509->saveCSR($x509->signCSR(Constants::CERT_SIGNATURE_ALGORITHM)));
100 $x509->setExtension('id-ce-keyUsage', array('keyEncipherment'));
101
102 $csrData = $x509->signCSR(Constants::CERT_SIGNATURE_ALGORITHM);
103 return $x509->saveCSR($csrData);
104 }
105
106 /**
107 * Create a CSR for an authority that publishes a list of available
108 * applications.
109 *
110 * @param array $keyPair
111 * Array with elements:
112 * - privatekey: string.
113 * - publickey: string.
114 * @param string $dn
115 * Distinguished name.
116 * @return string
117 * CSR data.
118 */
119 public static function createDirSvcCSR($keyPair, $dn) {
120 $privKey = new \Crypt_RSA();
121 $privKey->loadKey($keyPair['privatekey']);
122
123 $pubKey = new \Crypt_RSA();
124 $pubKey->loadKey($keyPair['publickey']);
125 $pubKey->setPublicKey();
126
127 $x509 = new \File_X509();
128 $x509->setPrivateKey($privKey);
129 $x509->setDN($dn);
130
131 $x509->loadCSR($x509->saveCSR($x509->signCSR(Constants::CERT_SIGNATURE_ALGORITHM)));
132 $x509->setExtension('id-ce-keyUsage', array('digitalSignature'));
133
134 $csrData = $x509->signCSR(Constants::CERT_SIGNATURE_ALGORITHM);
135 return $x509->saveCSR($csrData);
136 }
137
138 /**
139 * Create a CSR for an authority that can issue CRLs.
140 *
141 * @param array $keyPair
142 * @param string $dn
143 * @return string
144 * PEM-encoded CSR.
145 */
146 public static function createCrlDistCSR($keyPair, $dn) {
147 $privKey = new \Crypt_RSA();
148 $privKey->loadKey($keyPair['privatekey']);
149
150 $pubKey = new \Crypt_RSA();
151 $pubKey->loadKey($keyPair['publickey']);
152 $pubKey->setPublicKey();
153
154 $csr = new \File_X509();
155 $csr->setPrivateKey($privKey);
156 $csr->setPublicKey($pubKey);
157 $csr->setDN($dn);
158 $csr->loadCSR($csr->saveCSR($csr->signCSR(Constants::CERT_SIGNATURE_ALGORITHM)));
159 $csr->setExtension('id-ce-keyUsage', array('cRLSign'));
160
161 $csrData = $csr->signCSR(Constants::CERT_SIGNATURE_ALGORITHM);
162 return $csr->saveCSR($csrData);
163 }
164
165 /**
166 * @param array $caKeyPair
167 * @param string $caCert
168 * PEM-encoded cert.
169 * @param string $csr
170 * PEM-encoded CSR.
171 * @param int $serialNumber
172 * @return string
173 * PEM-encoded cert.
174 */
175 public static function signCSR($caKeyPair, $caCert, $csr, $serialNumber = 1) {
176 $privKey = new \Crypt_RSA();
177 $privKey->loadKey($caKeyPair['privatekey']);
178
179 $subject = new \File_X509();
180 $subject->loadCSR($csr);
181
182 $issuer = new \File_X509();
183 $issuer->loadX509($caCert);
184 $issuer->setPrivateKey($privKey);
185
186 $x509 = new \File_X509();
187 $x509->setSerialNumber($serialNumber, 10);
188 $x509->setEndDate(date('c', strtotime(Constants::APP_DURATION, Time::getTime())));
189
190 $result = $x509->sign($issuer, $subject, Constants::CERT_SIGNATURE_ALGORITHM);
191 return $x509->saveX509($result);
192 }
193
194 }