mirror of
https://github.com/anikeen-com/yaac.git
synced 2026-03-13 13:46:10 +00:00
168 lines
4.0 KiB
PHP
168 lines
4.0 KiB
PHP
<?php
|
|
|
|
namespace Afosto\Acme;
|
|
|
|
use GuzzleHttp\Exception\ClientException;
|
|
|
|
/**
|
|
* Class Helper
|
|
* This class contains helper methods for certificate handling
|
|
* @package Afosto\Acme
|
|
*/
|
|
class Helper
|
|
{
|
|
|
|
/**
|
|
* Formatter
|
|
* @param $pem
|
|
* @return false|string
|
|
* @see https://eidson.info/post/php_eol_is_broken
|
|
*/
|
|
public static function toDer($pem)
|
|
{
|
|
$lines = preg_split('/\n|\r\n?/', $pem);
|
|
$lines = array_slice($lines, 1, -1);
|
|
|
|
return base64_decode(implode('', $lines));
|
|
}
|
|
|
|
/**
|
|
* Return certificate expiry date
|
|
*
|
|
* @param $certificate
|
|
*
|
|
* @return \DateTime
|
|
* @throws \Exception
|
|
*/
|
|
public static function getCertExpiryDate($certificate): \DateTime
|
|
{
|
|
$info = openssl_x509_parse($certificate);
|
|
if ($info === false) {
|
|
throw new \Exception('Could not parse certificate');
|
|
}
|
|
$dateTime = new \DateTime();
|
|
$dateTime->setTimestamp($info['validTo_time_t']);
|
|
|
|
return $dateTime;
|
|
}
|
|
|
|
/**
|
|
* Get a new key
|
|
*
|
|
* @return string
|
|
*/
|
|
public static function getNewKey(int $keyLength): string
|
|
{
|
|
|
|
$key = openssl_pkey_new([
|
|
'private_key_bits' => $keyLength,
|
|
'private_key_type' => OPENSSL_KEYTYPE_RSA,
|
|
]);
|
|
openssl_pkey_export($key, $pem);
|
|
|
|
return $pem;
|
|
}
|
|
|
|
/**
|
|
* Get a new CSR
|
|
*
|
|
* @param array $domains
|
|
* @param $key
|
|
*
|
|
* @return string
|
|
* @throws \Exception
|
|
*/
|
|
public static function getCsr(array $domains, $key): string
|
|
{
|
|
$primaryDomain = current(($domains));
|
|
$config = [
|
|
'[req]',
|
|
'distinguished_name=req_distinguished_name',
|
|
'[req_distinguished_name]',
|
|
'[v3_req]',
|
|
'[v3_ca]',
|
|
'[SAN]',
|
|
'subjectAltName=' . implode(',', array_map(function ($domain) {
|
|
return 'DNS:' . $domain;
|
|
}, $domains)),
|
|
];
|
|
|
|
$fn = tempnam(sys_get_temp_dir(), md5(microtime(true)));
|
|
file_put_contents($fn, implode("\n", $config));
|
|
$csr = openssl_csr_new([
|
|
'countryName' => 'NL',
|
|
'commonName' => $primaryDomain,
|
|
], $key, [
|
|
'config' => $fn,
|
|
'req_extensions' => 'SAN',
|
|
'digest_alg' => 'sha512',
|
|
]);
|
|
unlink($fn);
|
|
|
|
if ($csr === false) {
|
|
throw new \Exception('Could not create a CSR');
|
|
}
|
|
|
|
if (openssl_csr_export($csr, $result) == false) {
|
|
throw new \Exception('CRS export failed');
|
|
}
|
|
|
|
$result = trim($result);
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* Make a safe base64 string
|
|
*
|
|
* @param $data
|
|
*
|
|
* @return string
|
|
*/
|
|
public static function toSafeString($data): string
|
|
{
|
|
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
|
|
}
|
|
|
|
/**
|
|
* Get the key information
|
|
*
|
|
* @return array
|
|
* @throws \Exception
|
|
*/
|
|
public static function getKeyDetails($key): array
|
|
{
|
|
$accountDetails = openssl_pkey_get_details($key);
|
|
if ($accountDetails === false) {
|
|
throw new \Exception('Could not load account details');
|
|
}
|
|
|
|
return $accountDetails;
|
|
}
|
|
|
|
/**
|
|
* Split a two certificate bundle into separate multi line string certificates
|
|
* @param string $chain
|
|
* @return array
|
|
* @throws \Exception
|
|
*/
|
|
public static function splitCertificate(string $chain): array
|
|
{
|
|
preg_match(
|
|
'/^(?<domain>-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----)\n'
|
|
. '(?<intermediate>-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----)$/s',
|
|
$chain,
|
|
$certificates
|
|
);
|
|
|
|
$domain = $certificates['domain'] ?? null;
|
|
$intermediate = $certificates['intermediate'] ?? null;
|
|
|
|
if (!$domain || !$intermediate) {
|
|
throw new \Exception('Could not parse certificate string');
|
|
}
|
|
|
|
return [$domain, $intermediate];
|
|
}
|
|
}
|