1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
<?php
//-----------------------------------------------------------------------------------------------------------------------------------
//
// Filename : cert.php
// Version : 1.0
// Date : 3rd Jan 2009
//
// Decription : This script creates an PKCS12 encoded SSL Certificate which is file transfered to the script caller.
//
// Usage : cert.php?foaf=http://foaf.me/jsmith&
// commonName=J Smith&
// emailAddress=jsmith@example.com&
// organizationName=My Company Ltd&
// organizationalUnitName=Technology Division&
// localityName=Newbury&
// stateOrProvinceName=Berkshire&
// countryName=GB&
// password=secret
//
// All parameters except 'foaf' are optional. Some parameters if missing will default as per openssl.cnf
//
// See Also : Using PHP to create self-signed X.509 Client Certificates
// http://foaf.me/Using_PHP_to_create_X.509_Client_Certificates.php
//
//-----------------------------------------------------------------------------------------------------------------------------------
// Check if the foaf loaction is specified in the script call
function request_identity_p12($commonName, $webid, $pubkey, $hours=0.0, $days=0.0) {
$post_fields = array();
$post_fields['webid'] = $webid;
$post_fields['spkac'] = $pubkey;
$post_fields['hours'] = $hours;
$post_fields['days'] = $days;
$post_fields['keygensubmit'] = "submit certificate request";
$post_fields['cn'] = $commonName;
$ch = curl_init('http://webid.myxwiki.org/xwiki/bin/view/WebId/CreateCert');
curl_setopt($ch, CURLOPT_POST ,1);
curl_setopt($ch, CURLOPT_POSTFIELDS ,$post_fields);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1);
curl_setopt($ch, CURLOPT_HEADER ,0); // DO NOT RETURN HTTP HEADERS
curl_setopt($ch, CURLOPT_RETURNTRANSFER ,1); // RETURN THE CONTENTS OF THE CALL
// should check the error code and warn if something goes wrong
$Rec_Data = curl_exec($ch);
header('Last-Modified: '.date('r+b'));
header('Accept-Ranges: bytes');
header('Content-Length: '.strlen($Rec_Data));
header('Content-Type: application/x-x509-user-cert');
echo $Rec_Data;
return $Rec_Data;
}
/*// Create a PKCS12 encoded SSL certificate
if ( $p12 = request_identity_p12(
$countryName, $stateOrProvinceName, $localityName, $organizationName, $organizationalUnitName, $commonName, $emailAddress,
$foafLocation, $pubkey ) )
{
// Send the PKCS12 encoded SSL certificate to the script caller as a file transfer
download_identity_p12($p12, $foafLocation);
}*/
?>
|
