search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #1761 from sjpadgett/PP2-appointment
[openemr.git] / library / create_ssl_certificate.php
blobc85454b9d031cc9ca2dea2ca0a81c56c4e749895
1 <?php
2 /********************************************************************************\
3 * Copyright (C) visolve (vicareplus_engg@visolve.com) *
4 * *
5 * This program is free software; you can redistribute it and/or *
6 * modify it under the terms of the GNU General Public License *
7 * as published by the Free Software Foundation; either version 2 *
8 * of the License, or (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the Free Software *
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
18 ********************************************************************************/
19
20
21 /* This file contains routines for creating SSL certificates */
22
23
24 /**
25 * Create a Certificate Signing Request (CSR) with the given values
26 * @param $commonName - The username/hostname
27 * @param $emailAddress - The email of the username
28 * @param $countryName - Two letter country code, like "US"
29 * @param $stateOrProvinceName - State name
30 * @param $localityName - City name
31 * @param $organizationName - Organization Name
32 * @param $organizationalUnitName - Organization Unit Name
33 * @return array [ CSR data, privatekey ], or 'false' on error.
34 */
35 function create_csr(
36 $commonName,
37 $emailAddress,
38 $countryName,
39 $stateOrProvinceName,
40 $localityName,
41 $organizationName,
42 $organizationalUnitName
43 ) {
44
45 if ($commonName == "") {
46 return false;
47 }
48
49 /* Build the Distinguished Name (DN) for the certificate */
50 $dn = array("commonName" => $commonName);
51
52 if ($emailAddress) {
53 $dn = array_merge($dn, array("emailAddress" => $emailAddress));
54 }
55
56 if ($countryName) {
57 $dn = array_merge($dn, array("countryName" => $countryName));
58 }
59
60 if ($stateOrProvinceName) {
61 $dn = array_merge($dn, array("stateOrProvinceName" => $stateOrProvinceName));
62 }
63
64 if ($localityName) {
65 $dn = array_merge($dn, array("localityName" => $localityName));
66 }
67
68 if ($organizationName) {
69 $dn = array_merge($dn, array("organizationName" => $organizationName));
70 }
71
72 if ($organizationalUnitName) {
73 $dn = array_merge($dn, array("organizationalUnitName" => $organizationalUnitName));
74 }
75
76 /* OpenSSL functions need the path to the openssl.cnf file */
77 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
78 $config = array('config' => $opensslConf);
79
80 /* Create the public/private key pair */
81 $privkey = openssl_pkey_new($config);
82 if ($privkey === false) {
83 return false;
84 }
85
86 $csr = openssl_csr_new($dn, $privkey, $config);
87 if ($csr === false) {
88 return false;
89 }
90
91 return array($csr, $privkey);
92 }
93
94
95 /**
96 * Create a certificate, signed by the given Certificate Authority.
97 * @param $privkey - The certificate private key
98 * @param $csr - The certificate signing request
99 * @param $cacert - The Certificate Authority to sign with, or NULL if not used.
100 * @param $cakey - The Certificate Authority private key data to sign with.
101 * @return data - A signed certificate, or false on error.
102 */
103 function create_crt($privkey, $csr, $cacert, $cakey)
104 {
105
106 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
107 $config = array('config' => $opensslConf);
108
109 $cert = openssl_csr_sign($csr, $cacert, $cakey, 3650, $config, rand(1000, 9999));
110 return $cert;
111 }
112
113
114 /**
115 * Create a new client certificate for a username or client hostname.
116 * @param $commonName - The username or hostname
117 * @param $emailAddress - The user's email address
118 * @param $serial - The serial number
119 * @param $cacert - Path to Certificate Authority cert file.
120 * @param $cakey - Path to Certificate Authority key file.
121 * @param $valid_days - validity in number of days for the user certificate
122 * @return string - The client certificate signed by the Certificate Authority, or false on error.
123 */
124 function create_user_certificate($commonName, $emailAddress, $serial, $cacert, $cakey, $valid_days)
125 {
126
127 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
128 $config = array('config' => $opensslConf);
129
130 /* Generate a certificate signing request */
131 $arr = create_csr($commonName, $emailAddress, "", "", "", "", "");
132 if ($arr === false) {
133 return false;
134 }
135
136 $csr = $arr[0];
137 $privkey = $arr[1];
138
139 /* user id is used as serial number to sign a certificate */
140 $serial = 0;
141 $res = sqlStatement("select id from users where username='".$commonName."'");
142 if ($row = sqlFetchArray($res)) {
143 $serial = $row['id'];
144 }
145
146 $cert = openssl_csr_sign(
147 $csr,
148 file_get_contents($cacert),
149 file_get_contents($cakey),
150 $valid_days,
151 $config,
152 $serial
153 );
154
155 if ($cert === false) {
156 return false;
157 }
158
159 /* Convert the user certificate to .p12 (PKCS 12) format, which is the
160 * standard format used by browsers.
161 */
162 if (openssl_pkcs12_export($cert, $p12Out, $privkey, "") === false) {
163 return false;
164 }
165
166 return $p12Out;
167 }
Mirror of official OpenEMR Sourceforge repository