|
3 | 3 | class CertificateGenerator |
4 | 4 | { |
5 | 5 | const CONFIG = __DIR__. DIRECTORY_SEPARATOR . 'openssl.cnf'; |
6 | | - const SAN_CONFIG = __DIR__ . DIRECTORY_SEPARATOR . 'san.cnf'; |
7 | 6 |
|
8 | 7 | /** @var resource */ |
9 | 8 | private $ca; |
@@ -96,32 +95,56 @@ class CertificateGenerator |
96 | 95 | $dn['commonName'] = $commonNameForCert; |
97 | 96 | } |
98 | 97 |
|
99 | | - $config = [ |
100 | | - 'digest_alg' => 'sha256', |
101 | | - 'req_extensions' => 'v3_req', |
102 | | - 'x509_extensions' => 'usr_cert', |
103 | | - ]; |
104 | | - if ($subjectAltName !== null) { |
105 | | - putenv("PHP_SUBJECTALTNAME=$subjectAltName"); |
106 | | - $config['config'] = self::SAN_CONFIG; |
107 | | - } |
108 | | - |
109 | | - $this->lastKey = self::generateKey($keyLength); |
110 | | - $this->lastCert = openssl_csr_sign( |
111 | | - openssl_csr_new($dn, $this->lastKey, $config), |
112 | | - $this->ca, |
113 | | - $this->caKey, |
114 | | - /* days */ 2, |
115 | | - $config, |
116 | | - ); |
| 98 | + $subjectAltNameConfig = |
| 99 | + $subjectAltName ? "subjectAltName = $subjectAltName" : ""; |
| 100 | + $configCode = <<<CONFIG |
| 101 | +[ req ] |
| 102 | +distinguished_name = req_distinguished_name |
| 103 | +default_md = sha256 |
| 104 | +
|
| 105 | +[ req_distinguished_name ] |
| 106 | +
|
| 107 | +[ v3_req ] |
| 108 | +basicConstraints = CA:FALSE |
| 109 | +keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
| 110 | +$subjectAltNameConfig |
| 111 | +
|
| 112 | +[ usr_cert ] |
| 113 | +basicConstraints = CA:FALSE |
| 114 | +$subjectAltNameConfig |
| 115 | +CONFIG; |
| 116 | + $configFile = $file . '.cnf'; |
| 117 | + file_put_contents($configFile, $configCode); |
| 118 | + |
| 119 | + try { |
| 120 | + $config = [ |
| 121 | + 'config' => $configFile, |
| 122 | + 'req_extensions' => 'v3_req', |
| 123 | + 'x509_extensions' => 'usr_cert', |
| 124 | + ]; |
| 125 | + |
| 126 | + $this->lastKey = self::generateKey($keyLength); |
| 127 | + $this->lastCert = openssl_csr_sign( |
| 128 | + openssl_csr_new($dn, $this->lastKey, $config), |
| 129 | + $this->ca, |
| 130 | + $this->caKey, |
| 131 | + /* days */ 2, |
| 132 | + $config, |
| 133 | + ); |
| 134 | + if (!$this->lastCert) { |
| 135 | + throw new Exception('Failed to create certificate'); |
| 136 | + } |
117 | 137 |
|
118 | | - $certText = ''; |
119 | | - openssl_x509_export($this->lastCert, $certText); |
| 138 | + $certText = ''; |
| 139 | + openssl_x509_export($this->lastCert, $certText); |
120 | 140 |
|
121 | | - $keyText = ''; |
122 | | - openssl_pkey_export($this->lastKey, $keyText); |
| 141 | + $keyText = ''; |
| 142 | + openssl_pkey_export($this->lastKey, $keyText); |
123 | 143 |
|
124 | | - file_put_contents($file, $certText . PHP_EOL . $keyText); |
| 144 | + file_put_contents($file, $certText . PHP_EOL . $keyText); |
| 145 | + } finally { |
| 146 | + unlink($configFile); |
| 147 | + } |
125 | 148 | } |
126 | 149 |
|
127 | 150 | public function getCertDigest($algo) |
|
0 commit comments