Project

General

Profile

« Previous | Next » 

Revision 22b380aa

Added by Evgeny Yurchenko about 14 years ago

Internal cert and CSR creation error handling added.

View differences:

etc/inc/certs.inc
259 259 
	$ca_str_key = base64_decode($ca['prv']);
260 260 
	$ca_res_crt = openssl_x509_read($ca_str_crt);
261 261 
	$ca_res_key = openssl_pkey_get_private(array(0 => $ca_str_key, 1 => ""));
262 
	if(!$ca_res_key) return false;
262 263 
	$ca_serial = ++$ca['serial'];
263 264 

  		




  264
  265
  
    
	$args = array(


  		




  ......




  269
  270
  
    

  		




  270
  271
  
    
	// generate a new key pair


  		




  271
  272
  
    
	$res_key = openssl_pkey_new($args);


  		




  
  273
  
    
	if(!$res_key) return false;


  		




  272
  274
  
    

  		




  273
  275
  
    
	// generate a certificate signing request


  		




  274
  276
  
    
	$res_csr = openssl_csr_new($dn, $res_key, $args);


  		




  
  277
  
    
	if(!$res_csr) return false;


  		




  275
  278
  
    

  		




  276
  279
  
    
	// self sign the certificate


  		




  277
  280
  
    
	$res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,


  		




  278
  281
  
    
				 $args, $ca_serial);


  		




  
  282
  
    
	if(!$res_crt) return false;


  		




  279
  283
  
    

  		




  280
  284
  
    
	// export our certificate data


  		




  281
  
  
    
	openssl_pkey_export($res_key, $str_key);


  		




  282
  
  
    
	openssl_x509_export($res_crt, $str_crt);


  		




  
  285
  
    
	if (!openssl_pkey_export($res_key, $str_key) ||


  		




  
  286
  
    
	    !openssl_x509_export($res_crt, $str_crt))


  		




  
  287
  
    
		return false;


  		




  283
  288
  
    

  		




  284
  289
  
    
	// return our certificate information


  		




  285
  290
  
    
	$cert['caref'] = $caref;


  		




  ......




  299
  304
  
    

  		




  300
  305
  
    
	// generate a new key pair


  		




  301
  306
  
    
	$res_key = openssl_pkey_new($args);


  		




  
  307
  
    
	if(!$res_key) return false;


  		




  302
  308
  
    

  		




  303
  309
  
    
	// generate a certificate signing request


  		




  304
  310
  
    
	$res_csr = openssl_csr_new($dn, $res_key, $args);


  		




  
  311
  
    
	if(!$res_csr) return false;


  		




  305
  312
  
    

  		




  306
  313
  
    
	// export our request data


  		




  307
  
  
    
	openssl_pkey_export($res_key, $str_key);


  		




  308
  
  
    
	openssl_csr_export($res_csr, $str_csr);


  		




  
  314
  
    
	if (!openssl_pkey_export($res_key, $str_key) ||


  		




  
  315
  
    
	    !openssl_csr_export($res_csr, $str_csr))


  		




  
  316
  
    
		return false;


  		




  309
  317
  
    

  		




  310
  318
  
    
	// return our request information


  		




  311
  319
  
    
	$cert['csr'] = base64_encode($str_csr);


  		












Also available in:  Unified diff