/**
* Generate a CSR object with SANs from the given distinguishedName and keyPair.
*
* @param CertificateRequest $certificateRequest
*
* @return mixed
*/
protected function createCsrWithSANsObject(CertificateRequest $certificateRequest)
{
$sslConfigTemplate = <<<'EOL'
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @req_subject_alt_name
[ req_subject_alt_name ]
%s
EOL;
$sslConfigDomains = [];
$distinguishedName = $certificateRequest->getDistinguishedName();
$domains = array_merge([$distinguishedName->getCommonName()], $distinguishedName->getSubjectAlternativeNames());
foreach (array_values($domains) as $index => $domain) {
$sslConfigDomains[] = 'DNS.' . ($index + 1) . ' = ' . $domain;
}
$sslConfigContent = sprintf($sslConfigTemplate, implode("\n", $sslConfigDomains));
$sslConfigFile = tempnam(sys_get_temp_dir(), 'acmephp_');
try {
file_put_contents($sslConfigFile, $sslConfigContent);
$resource = $certificateRequest->getKeyPair()->getPrivateKey()->getResource();
$csr = openssl_csr_new($this->getCSRPayload($distinguishedName), $resource, ['digest_alg' => 'sha256', 'config' => $sslConfigFile]);
if (!$csr) {
throw new CSRSigningException(sprintf('OpenSSL CSR signing failed with error: %s', openssl_error_string()));
}
return $csr;
} finally {
unlink($sslConfigFile);
}
}
