adaopedro/php-openssl-proxy

PHP 的 OpenSSL 扩展包装器,为处理 OpenSSL 提供用户友好的界面

维护者

详细信息

github.com/AdaoPedro/php-openssl-proxy

源代码

问题

安装次数: 10

依赖项: 0

建议者: 0

安全: 0

星标: 4

关注者: 1

分支: 1

开放问题: 0

dev-master 2022-01-31 06:42 UTC

Requires

  • php: ^8.0

MIT 92d20674bd46b2dfeb4f4981b63857f873adcd20

  • Adão Pedro <adao.pedro16.woop@gmail.com>

httpsrsax509opensslsslcertificateECDSAcsrphp-openssl-proxy

This package is auto-updated.

Last update: 2024-09-29 06:20:23 UTC

README

关于

PHP 的 OpenSSL 扩展包装器,为处理 OpenSSL 提供用户友好的界面。

"代理"这个名字是什么意思?

它仅仅是对代理服务器角色的一个类比——作为中介。

功能

创建 X.509、CSR 和 CRL 证书,创建 RSA、HD 和 DSA 密钥,生成和验证签名,编码和解码,解析 x509 证书。

要求

此库需要 PHP 8 或更高版本,ext-openssl。

安装

composer require adaopedro/php-openssl-proxy @dev

示例用法

创建自签名证书

use AdaoPedro\OpenSSLProxy\SSCertificate;

$ssCertificate = (new SSCertificate(
    days: 365, //expiration
))->setDistinguishNames(
        countryName: "AO",
        stateOrProvinceName: "Angola",
        localityName: "Luanda",
        organizationName: "A Pedro Developers (SU), Lda",
        organizationalUnitName: "AP",
        commonName: "apedrodevelopers",
        emailAddress: "contato@apdev.ao"
);

try {
    $ssCertificate->save();
} catch(\Exception $ex) {
    echo $ex->getMessage() . PHP_EOL;
}

创建 CA 签名证书

use AdaoPedro\OpenSSLProxy\CASCertificate;

$certificate = (new CASCertificate(
    days: 365, //expiration
    rootCertificate: $rootCertificate, //an instance of a Self-Signed Certificate, for example
))->setDistinguishNames(
        //...
);

try {
    $certificate->save();
} catch(\Exception $ex) {
    echo $ex->getMessage() . PHP_EOL;
}

将证书作为字符串导出

//$certificate => an instance of SS or CAS Certificate
echo $certificate->getx509();

将证书作为 PHP OpenSSLCertificate 对象导出

//$certificate => an instance of SS or CAS Certificate
var_dump(
    $certificate->get()
);

从证书中导出公钥和私钥

 //$certificate => an instance of SS or CAS Certificate
var_dump(
    $certificate->getPublicKey(),
);

//$certificate => an instance of SS or CAS Certificate
var_dump(
    $certificate->getPrivateKey(),
);

var_dump(
    $certificate->getPrivateKeyDecrypted() //in case we're working with encrypt_key
);

生成公钥和私钥

$pKey = \AdaoPedro\OpenSSLProxy\generateNewPKey();

list($privKey, $pubKey) = \AdaoPedro\OpenSSLProxy\exportKeysFrom($pKey);

echo $pubKey . PHP_EOL;
echo $privKey . PHP_EOL;

签名

$data = "Hello world!!";

$signature = \AdaoPedro\OpenSSLProxy\getSignatureFrom(
    $data,
    file_get_contents(".../private_key.pem"),
);

签名验证

$data = "Hello world!!";

echo
\AdaoPedro\OpenSSLProxy\verifySignatureOf(
    $data,
    file_get_contents(".../hash.dat"),
    file_get_contents(".../public_key.pem"),
) === true
? "Verified"
: "Error. Data modified";

解析 PHP OpenSSLCertificate 证书对象

//$certificate => an instance of SS or CAS Certificate
var_dump(
    $certificate()
);

检查私钥是否对应证书

echo
\AdaoPedro\OpenSSLProxy\checkIfPrivateKey(
    file_get_contents(".../private_key.pem")
)->correspondsTo(
    file_get_contents(".../cert.pem")
) === true
? "Yes. It does"
: "No. It does not";

自定义 OpenSSL 配置(在使用证书生成器类的情况下)

use AdaoPedro\OpenSSLProxy\SSCertificate;

//you can find the initial config file in root of lib directory
/*
To customize, just pass the config filename as second parameter to SSCertificate constructor
or third parameter in case of CASCertificate
*/

$certificate = (new SSCertificate(
    days: 365, //expiration
    configFilename: __DIR__ . "/openssl_configs.php"
))->setDistinguishNames(
        //...
);