4 * This file is part of the civicrm-cxn-rpc package.
6 * Copyright (c) CiviCRM LLC <info@civicrm.org>
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this package.
12 namespace Civi\Cxn\Rpc
;
14 use Civi\Cxn\Rpc\Exception\ExpiredCertException
;
15 use Civi\Cxn\Rpc\Exception\InvalidCertException
;
20 * @param array $keyPair
21 * Array with elements:
22 * - privatekey: string.
23 * - publickey: string.
25 * Distinguished name (e.g. "/O=TestOrg").
29 public static function create($keyPair, $dn) {
30 $privKey = new \
Crypt_RSA();
31 $privKey->loadKey($keyPair['privatekey']);
33 $pubKey = new \
Crypt_RSA();
34 $pubKey->loadKey($keyPair['publickey']);
35 $pubKey->setPublicKey();
37 $subject = new \
File_X509();
39 $subject->setPublicKey($pubKey);
41 $issuer = new \
File_X509();
42 $issuer->setPrivateKey($privKey);
45 $x509 = new \
File_X509();
47 $x509->setEndDate(date('c', strtotime(Constants
::CA_DURATION
, Time
::getTime())));
49 $result = $x509->sign($issuer, $subject, Constants
::CERT_SIGNATURE_ALGORITHM
);
50 return $x509->saveX509($result);
57 * Array with elements:
58 * - privatekey: string.
59 * - publickey: string.
61 public static function load($file) {
62 return file_get_contents($file);
71 public static function save($file, $cert) {
72 file_put_contents($file, $cert);
76 * Create a CSR for a CiviConnect application.
78 * @param array $keyPair
79 * Array with elements:
80 * - privatekey: string.
81 * - publickey: string.
87 public static function createAppCSR($keyPair, $dn) {
88 $privKey = new \
Crypt_RSA();
89 $privKey->loadKey($keyPair['privatekey']);
91 $pubKey = new \
Crypt_RSA();
92 $pubKey->loadKey($keyPair['publickey']);
93 $pubKey->setPublicKey();
95 $x509 = new \
File_X509();
96 $x509->setPrivateKey($privKey);
99 $x509->loadCSR($x509->saveCSR($x509->signCSR(Constants
::CERT_SIGNATURE_ALGORITHM
)));
100 $x509->setExtension('id-ce-keyUsage', array('keyEncipherment'));
102 $csrData = $x509->signCSR(Constants
::CERT_SIGNATURE_ALGORITHM
);
103 return $x509->saveCSR($csrData);
107 * Create a CSR for an authority that publishes a list of available
110 * @param array $keyPair
111 * Array with elements:
112 * - privatekey: string.
113 * - publickey: string.
115 * Distinguished name.
119 public static function createDirSvcCSR($keyPair, $dn) {
120 $privKey = new \
Crypt_RSA();
121 $privKey->loadKey($keyPair['privatekey']);
123 $pubKey = new \
Crypt_RSA();
124 $pubKey->loadKey($keyPair['publickey']);
125 $pubKey->setPublicKey();
127 $x509 = new \
File_X509();
128 $x509->setPrivateKey($privKey);
131 $x509->loadCSR($x509->saveCSR($x509->signCSR(Constants
::CERT_SIGNATURE_ALGORITHM
)));
132 $x509->setExtension('id-ce-keyUsage', array('digitalSignature'));
134 $csrData = $x509->signCSR(Constants
::CERT_SIGNATURE_ALGORITHM
);
135 return $x509->saveCSR($csrData);
139 * Create a CSR for an authority that can issue CRLs.
141 * @param array $keyPair
146 public static function createCrlDistCSR($keyPair, $dn) {
147 $privKey = new \
Crypt_RSA();
148 $privKey->loadKey($keyPair['privatekey']);
150 $pubKey = new \
Crypt_RSA();
151 $pubKey->loadKey($keyPair['publickey']);
152 $pubKey->setPublicKey();
154 $csr = new \
File_X509();
155 $csr->setPrivateKey($privKey);
156 $csr->setPublicKey($pubKey);
158 $csr->loadCSR($csr->saveCSR($csr->signCSR(Constants
::CERT_SIGNATURE_ALGORITHM
)));
159 $csr->setExtension('id-ce-keyUsage', array('cRLSign'));
161 $csrData = $csr->signCSR(Constants
::CERT_SIGNATURE_ALGORITHM
);
162 return $csr->saveCSR($csrData);
166 * @param array $caKeyPair
167 * @param string $caCert
171 * @param int $serialNumber
175 public static function signCSR($caKeyPair, $caCert, $csr, $serialNumber = 1) {
176 $privKey = new \
Crypt_RSA();
177 $privKey->loadKey($caKeyPair['privatekey']);
179 $subject = new \
File_X509();
180 $subject->loadCSR($csr);
182 $issuer = new \
File_X509();
183 $issuer->loadX509($caCert);
184 $issuer->setPrivateKey($privKey);
186 $x509 = new \
File_X509();
187 $x509->setSerialNumber($serialNumber, 10);
188 $x509->setEndDate(date('c', strtotime(Constants
::APP_DURATION
, Time
::getTime())));
190 $result = $x509->sign($issuer, $subject, Constants
::CERT_SIGNATURE_ALGORITHM
);
191 return $x509->saveX509($result);