Documents Module: Added features for document SHA-1 checks and document encryption.
[openemr.git] / library / create_ssl_certificate.php
blob02861a72900e8fc9a0e9198842fab4b6ec3b46e9
1 <?php
2 /********************************************************************************\
3 * Copyright (C) visolve (vicareplus_engg@visolve.com) *
4 * *
5 * This program is free software; you can redistribute it and/or *
6 * modify it under the terms of the GNU General Public License *
7 * as published by the Free Software Foundation; either version 2 *
8 * of the License, or (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the Free Software *
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
18 ********************************************************************************/
21 /* This file contains routines for creating SSL certificates */
24 /**
25 * Create a Certificate Signing Request (CSR) with the given values
26 * @param $commonName - The username/hostname
27 * @param $emailAddress - The email of the username
28 * @param $countryName - Two letter country code, like "US"
29 * @param $stateOrProvinceName - State name
30 * @param $localityName - City name
31 * @param $organizationName - Organization Name
32 * @param $organizationalUnitName - Organization Unit Name
33 * @return array [ CSR data, privatekey ], or 'false' on error.
35 function create_csr($commonName, $emailAddress, $countryName, $stateOrProvinceName,
36 $localityName, $organizationName, $organizationalUnitName) {
38 if ($commonName == "")
39 return false;
41 /* Build the Distinguished Name (DN) for the certificate */
42 $dn = array("commonName" => $commonName);
44 if($emailAddress)
45 $dn = array_merge($dn, array("emailAddress" => $emailAddress));
47 if ($countryName)
48 $dn = array_merge($dn, array("countryName" => $countryName));
50 if ($stateOrProvinceName)
51 $dn = array_merge($dn, array("stateOrProvinceName" => $stateOrProvinceName));
53 if ($localityName)
54 $dn = array_merge($dn, array("localityName" => $localityName));
56 if ($organizationName)
57 $dn = array_merge($dn, array("organizationName" => $organizationName));
59 if ($organizationalUnitName)
60 $dn = array_merge($dn, array("organizationalUnitName" => $organizationalUnitName));
62 /* OpenSSL functions need the path to the openssl.cnf file */
63 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
64 $config = array('config' => $opensslConf);
66 /* Create the public/private key pair */
67 $privkey = openssl_pkey_new($config);
68 if ($privkey === false) {
69 return false;
72 $csr = openssl_csr_new($dn, $privkey, $config);
73 if ($csr === false) {
74 return false;
76 return array($csr, $privkey);
80 /**
81 * Create a certificate, signed by the given Certificate Authority.
82 * @param $privkey - The certificate private key
83 * @param $csr - The certificate signing request
84 * @param $cacert - The Certificate Authority to sign with, or NULL if not used.
85 * @param $cakey - The Certificate Authority private key data to sign with.
86 * @return data - A signed certificate, or false on error.
88 function create_crt($privkey, $csr, $cacert, $cakey) {
90 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
91 $config = array('config' => $opensslConf);
93 $cert = openssl_csr_sign($csr, $cacert ,$cakey, 3650, $config,rand(1000,9999));
94 return $cert;
98 /**
99 * Create a new client certificate for a username or client hostname.
100 * @param $commonName - The username or hostname
101 * @param $emailAddress - The user's email address
102 * @param $serial - The serial number
103 * @param $cacert - Path to Certificate Authority cert file.
104 * @param $cakey - Path to Certificate Authority key file.
105 * @param $valid_days - validity in number of days for the user certificate
106 * @return string - The client certificate signed by the Certificate Authority, or false on error.
108 function create_user_certificate($commonName, $emailAddress, $serial, $cacert, $cakey, $valid_days) {
110 $opensslConf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
111 $config = array('config' => $opensslConf);
113 /* Generate a certificate signing request */
114 $arr = create_csr($commonName, $emailAddress, "", "", "", "", "");
115 if ($arr === false) {
116 return false;
118 $csr = $arr[0]; $privkey = $arr[1];
120 /* user id is used as serial number to sign a certificate */
121 $serial = 0;
122 $res = sqlStatement("select id from users where username='".$commonName."'");
123 if ($row = sqlFetchArray($res)) {
124 $serial = $row['id'];
127 $cert = openssl_csr_sign($csr, file_get_contents($cacert), file_get_contents($cakey),
128 $valid_days, $config, $serial);
130 if ($cert === false) {
131 return false;
134 /* Convert the user certificate to .p12 (PKCS 12) format, which is the
135 * standard format used by browsers.
137 if (openssl_pkcs12_export($cert, $p12Out, $privkey, "") === false) {
138 return false;
140 return $p12Out;