some cleanup - several user interface improvements
[openemr.git] / library / create_ssl_certificate.php
blobc85454b9d031cc9ca2dea2ca0a81c56c4e749895
1 <?php
2 /********************************************************************************\
3 * Copyright (C) visolve (vicareplus_engg@visolve.com) *
4 * *
5 * This program is free software; you can redistribute it and/or *
6 * modify it under the terms of the GNU General Public License *
7 * as published by the Free Software Foundation; either version 2 *
8 * of the License, or (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the Free Software *
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
18 ********************************************************************************/
21 /* This file contains routines for creating SSL certificates */
24 /**
25 * Create a Certificate Signing Request (CSR) with the given values
26 * @param $commonName - The username/hostname
27 * @param $emailAddress - The email of the username
28 * @param $countryName - Two letter country code, like "US"
29 * @param $stateOrProvinceName - State name
30 * @param $localityName - City name
31 * @param $organizationName - Organization Name
32 * @param $organizationalUnitName - Organization Unit Name
33 * @return array [ CSR data, privatekey ], or 'false' on error.
35 function create_csr(
36 $commonName,
37 $emailAddress,
38 $countryName,
39 $stateOrProvinceName,
40 $localityName,
41 $organizationName,
42 $organizationalUnitName
43 ) {
45 if ($commonName == "") {
46 return false;
49 /* Build the Distinguished Name (DN) for the certificate */
50 $dn = array("commonName" => $commonName);
52 if ($emailAddress) {
53 $dn = array_merge($dn, array("emailAddress" => $emailAddress));
56 if ($countryName) {
57 $dn = array_merge($dn, array("countryName" => $countryName));
60 if ($stateOrProvinceName) {
61 $dn = array_merge($dn, array("stateOrProvinceName" => $stateOrProvinceName));
64 if ($localityName) {
65 $dn = array_merge($dn, array("localityName" => $localityName));
68 if ($organizationName) {
69 $dn = array_merge($dn, array("organizationName" => $organizationName));
72 if ($organizationalUnitName) {
73 $dn = array_merge($dn, array("organizationalUnitName" => $organizationalUnitName));
76 /* OpenSSL functions need the path to the openssl.cnf file */
77 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
78 $config = array('config' => $opensslConf);
80 /* Create the public/private key pair */
81 $privkey = openssl_pkey_new($config);
82 if ($privkey === false) {
83 return false;
86 $csr = openssl_csr_new($dn, $privkey, $config);
87 if ($csr === false) {
88 return false;
91 return array($csr, $privkey);
95 /**
96 * Create a certificate, signed by the given Certificate Authority.
97 * @param $privkey - The certificate private key
98 * @param $csr - The certificate signing request
99 * @param $cacert - The Certificate Authority to sign with, or NULL if not used.
100 * @param $cakey - The Certificate Authority private key data to sign with.
101 * @return data - A signed certificate, or false on error.
103 function create_crt($privkey, $csr, $cacert, $cakey)
106 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
107 $config = array('config' => $opensslConf);
109 $cert = openssl_csr_sign($csr, $cacert, $cakey, 3650, $config, rand(1000, 9999));
110 return $cert;
115 * Create a new client certificate for a username or client hostname.
116 * @param $commonName - The username or hostname
117 * @param $emailAddress - The user's email address
118 * @param $serial - The serial number
119 * @param $cacert - Path to Certificate Authority cert file.
120 * @param $cakey - Path to Certificate Authority key file.
121 * @param $valid_days - validity in number of days for the user certificate
122 * @return string - The client certificate signed by the Certificate Authority, or false on error.
124 function create_user_certificate($commonName, $emailAddress, $serial, $cacert, $cakey, $valid_days)
127 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
128 $config = array('config' => $opensslConf);
130 /* Generate a certificate signing request */
131 $arr = create_csr($commonName, $emailAddress, "", "", "", "", "");
132 if ($arr === false) {
133 return false;
136 $csr = $arr[0];
137 $privkey = $arr[1];
139 /* user id is used as serial number to sign a certificate */
140 $serial = 0;
141 $res = sqlStatement("select id from users where username='".$commonName."'");
142 if ($row = sqlFetchArray($res)) {
143 $serial = $row['id'];
146 $cert = openssl_csr_sign(
147 $csr,
148 file_get_contents($cacert),
149 file_get_contents($cakey),
150 $valid_days,
151 $config,
152 $serial
155 if ($cert === false) {
156 return false;
159 /* Convert the user certificate to .p12 (PKCS 12) format, which is the
160 * standard format used by browsers.
162 if (openssl_pkcs12_export($cert, $p12Out, $privkey, "") === false) {
163 return false;
166 return $p12Out;