search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fully responsive globals.php with vertical menu (#2460)
[openemr.git] / library / create_ssl_certificate.php
blob2d752f771b4cb8e461401de2315db876a849168f
1 <?php
2 /********************************************************************************\
3 * Copyright (C) visolve (vicareplus_engg@visolve.com) *
4 * *
5 * This program is free software; you can redistribute it and/or *
6 * modify it under the terms of the GNU General Public License *
7 * as published by the Free Software Foundation; either version 2 *
8 * of the License, or (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the Free Software *
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
18 ********************************************************************************/
19
20
21 /* This file contains routines for creating SSL certificates */
22
23
24 /**
25 * Create a Certificate Signing Request (CSR) with the given values
26 * @param $commonName - The username/hostname
27 * @param $emailAddress - The email of the username
28 * @param $countryName - Two letter country code, like "US"
29 * @param $stateOrProvinceName - State name
30 * @param $localityName - City name
31 * @param $organizationName - Organization Name
32 * @param $organizationalUnitName - Organization Unit Name
33 * @return array [ CSR data, privatekey ], or 'false' on error.
34 */
35 function create_csr(
36 $commonName,
37 $emailAddress,
38 $countryName,
39 $stateOrProvinceName,
40 $localityName,
41 $organizationName,
42 $organizationalUnitName
43 ) {
44
45 if ($commonName == "") {
46 return false;
47 }
48
49 /* Build the Distinguished Name (DN) for the certificate */
50 $dn = array("commonName" => $commonName);
51
52 if ($emailAddress) {
53 $dn = array_merge($dn, array("emailAddress" => $emailAddress));
54 }
55
56 if ($countryName) {
57 $dn = array_merge($dn, array("countryName" => $countryName));
58 }
59
60 if ($stateOrProvinceName) {
61 $dn = array_merge($dn, array("stateOrProvinceName" => $stateOrProvinceName));
62 }
63
64 if ($localityName) {
65 $dn = array_merge($dn, array("localityName" => $localityName));
66 }
67
68 if ($organizationName) {
69 $dn = array_merge($dn, array("organizationName" => $organizationName));
70 }
71
72 if ($organizationalUnitName) {
73 $dn = array_merge($dn, array("organizationalUnitName" => $organizationalUnitName));
74 }
75
76 /* OpenSSL functions need the path to the openssl.cnf file */
77 $opensslConf = $GLOBALS['fileroot'] . "/library/openssl.cnf";
78 $config = array('config' => $opensslConf);
79
80 /* Create the public/private key pair */
81 $privkey = openssl_pkey_new($config);
82 if ($privkey === false) {
83 return false;
84 }
85
86 $csr = openssl_csr_new($dn, $privkey, $config);
87 if ($csr === false) {
88 return false;
89 }
90
91 return array($csr, $privkey, $config);
92 }
93
94
95 /**
96 * Create a certificate, signed by the given Certificate Authority.
97 * @param $csr - The certificate signing request
98 * @param $cacert - The Certificate Authority to sign with, or NULL if not used.
99 * @param $cakey - The Certificate Authority private key data to sign with.
100 * @return data - A signed certificate, or false on error.
101 */
102 function create_crt($csr, $cacert, $cakey)
103 {
104
105 $opensslConf = $GLOBALS['fileroot'] . "/library/openssl.cnf";
106 $config = array('config' => $opensslConf);
107
108 // Fix server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
109 if ($cacert) {
110 $config["x509_extensions"] = "v3_req";
111 }
112 $cert = openssl_csr_sign($csr, $cacert, $cakey, 3650, $config, rand(1000, 9999));
113 return $cert;
114 }
115
116
117 /**
118 * Create a new client certificate for a username or client hostname.
119 * @param $commonName - The username or hostname
120 * @param $emailAddress - The user's email address
121 * @param $serial - The serial number
122 * @param $cacert - Path to Certificate Authority cert file.
123 * @param $cakey - Path to Certificate Authority key file.
124 * @param $valid_days - validity in number of days for the user certificate
125 * @return string - The client certificate signed by the Certificate Authority, or false on error.
126 */
127 function create_user_certificate($commonName, $emailAddress, $serial, $cacert, $cakey, $valid_days)
128 {
129
130 $opensslConf = $GLOBALS['fileroot'] . "/library/openssl.cnf";
131 $config = array('config' => $opensslConf);
132
133 /* Generate a certificate signing request */
134 $arr = create_csr($commonName, $emailAddress, "", "", "", "", "");
135 if ($arr === false) {
136 return false;
137 }
138
139 $csr = $arr[0];
140 $privkey = $arr[1];
141
142 /* user id is used as serial number to sign a certificate */
143 $serial = 0;
144 $res = sqlStatement("SELECT id FROM users WHERE username = ?", array($commonName));
145 if ($row = sqlFetchArray($res)) {
146 $serial = $row['id'];
147 }
148
149 $cert = openssl_csr_sign(
150 $csr,
151 file_get_contents($cacert),
152 file_get_contents($cakey),
153 $valid_days,
154 $config,
155 $serial
156 );
157
158 if ($cert === false) {
159 return false;
160 }
161
162 /* Convert the user certificate to .p12 (PKCS 12) format, which is the
163 * standard format used by browsers.
164 */
165 if (openssl_pkcs12_export($cert, $p12Out, $privkey, "") === false) {
166 return false;
167 }
168
169 return $p12Out;
170 }
Mirror of official OpenEMR Sourceforge repository