search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Improved Code Sniffing (#928)
[openemr.git] / library / create_ssl_certificate.php
blob8fccac719cc3d9f528345f338bdfef47d350a34b
1 <?php
2 /********************************************************************************\
3 * Copyright (C) visolve (vicareplus_engg@visolve.com) *
4 * *
5 * This program is free software; you can redistribute it and/or *
6 * modify it under the terms of the GNU General Public License *
7 * as published by the Free Software Foundation; either version 2 *
8 * of the License, or (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the Free Software *
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
18 ********************************************************************************/
19
20
21 /* This file contains routines for creating SSL certificates */
22
23
24 /**
25 * Create a Certificate Signing Request (CSR) with the given values
26 * @param $commonName - The username/hostname
27 * @param $emailAddress - The email of the username
28 * @param $countryName - Two letter country code, like "US"
29 * @param $stateOrProvinceName - State name
30 * @param $localityName - City name
31 * @param $organizationName - Organization Name
32 * @param $organizationalUnitName - Organization Unit Name
33 * @return array [ CSR data, privatekey ], or 'false' on error.
34 */
35 function create_csr(
36 $commonName,
37 $emailAddress,
38 $countryName,
39 $stateOrProvinceName,
40 $localityName,
41 $organizationName,
42 $organizationalUnitName
43 ) {
44
45 if ($commonName == "")
46 return false;
47
48 /* Build the Distinguished Name (DN) for the certificate */
49 $dn = array("commonName" => $commonName);
50
51 if($emailAddress)
52 $dn = array_merge($dn, array("emailAddress" => $emailAddress));
53
54 if ($countryName)
55 $dn = array_merge($dn, array("countryName" => $countryName));
56
57 if ($stateOrProvinceName)
58 $dn = array_merge($dn, array("stateOrProvinceName" => $stateOrProvinceName));
59
60 if ($localityName)
61 $dn = array_merge($dn, array("localityName" => $localityName));
62
63 if ($organizationName)
64 $dn = array_merge($dn, array("organizationName" => $organizationName));
65
66 if ($organizationalUnitName)
67 $dn = array_merge($dn, array("organizationalUnitName" => $organizationalUnitName));
68
69 /* OpenSSL functions need the path to the openssl.cnf file */
70 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
71 $config = array('config' => $opensslConf);
72
73 /* Create the public/private key pair */
74 $privkey = openssl_pkey_new($config);
75 if ($privkey === false) {
76 return false;
77 }
78
79 $csr = openssl_csr_new($dn, $privkey, $config);
80 if ($csr === false) {
81 return false;
82 }
83 return array($csr, $privkey);
84 }
85
86
87 /**
88 * Create a certificate, signed by the given Certificate Authority.
89 * @param $privkey - The certificate private key
90 * @param $csr - The certificate signing request
91 * @param $cacert - The Certificate Authority to sign with, or NULL if not used.
92 * @param $cakey - The Certificate Authority private key data to sign with.
93 * @return data - A signed certificate, or false on error.
94 */
95 function create_crt($privkey, $csr, $cacert, $cakey)
96 {
97
98 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
99 $config = array('config' => $opensslConf);
100
101 $cert = openssl_csr_sign($csr, $cacert ,$cakey, 3650, $config,rand(1000,9999));
102 return $cert;
103 }
104
105
106 /**
107 * Create a new client certificate for a username or client hostname.
108 * @param $commonName - The username or hostname
109 * @param $emailAddress - The user's email address
110 * @param $serial - The serial number
111 * @param $cacert - Path to Certificate Authority cert file.
112 * @param $cakey - Path to Certificate Authority key file.
113 * @param $valid_days - validity in number of days for the user certificate
114 * @return string - The client certificate signed by the Certificate Authority, or false on error.
115 */
116 function create_user_certificate($commonName, $emailAddress, $serial, $cacert, $cakey, $valid_days)
117 {
118
119 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
120 $config = array('config' => $opensslConf);
121
122 /* Generate a certificate signing request */
123 $arr = create_csr($commonName, $emailAddress, "", "", "", "", "");
124 if ($arr === false) {
125 return false;
126 }
127 $csr = $arr[0];
128 $privkey = $arr[1];
129
130 /* user id is used as serial number to sign a certificate */
131 $serial = 0;
132 $res = sqlStatement("select id from users where username='".$commonName."'");
133 if ($row = sqlFetchArray($res)) {
134 $serial = $row['id'];
135 }
136
137 $cert = openssl_csr_sign($csr, file_get_contents($cacert), file_get_contents($cakey),
138 $valid_days, $config, $serial);
139
140 if ($cert === false) {
141 return false;
142 }
143
144 /* Convert the user certificate to .p12 (PKCS 12) format, which is the
145 * standard format used by browsers.
146 */
147 if (openssl_pkcs12_export($cert, $p12Out, $privkey, "") === false) {
148 return false;
149 }
150 return $p12Out;
151 }
152
153 ?>
Mirror of official OpenEMR Sourceforge repository