public function createSslCertificate(\SplFileInfo $certificate)
{
// first we've to check if OpenSSL is available
if (!$this->isOpenSslAvailable()) {
return;
}
// do nothing if the file is already available
if ($certificate->isFile()) {
return;
}
// prepare the certificate data from our configuration
$dn = array("countryName" => "DE", "stateOrProvinceName" => "Bavaria", "localityName" => "Kolbermoor", "organizationName" => "appserver.io", "organizationalUnitName" => "Development", "commonName" => gethostname(), "emailAddress" => "[email protected]");
// check the operating system
switch ($this->getOsIdentifier()) {
case 'DAR':
// on Mac OS X use the system default configuration
$configargs = array('config' => $this->getBaseDirectory('/ssl/openssl.cnf'));
break;
case 'WIN':
// on Windows use the system configuration we deliver
$configargs = array('config' => $this->getBaseDirectory('/php/extras/ssl/openssl.cnf'));
break;
default:
// on all other use a standard configuration
$configargs = array('digest_alg' => 'sha256', 'x509_extensions' => 'v3_ca', 'req_extensions' => 'v3_req', 'private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'encrypt_key' => false);
}
// generate a new private (and public) key pair
$privkey = openssl_pkey_new($configargs);
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey, $configargs);
// create a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365, $configargs);
// export the cert + pk files
$certout = '';
$pkeyout = '';
openssl_x509_export($sscert, $certout);
openssl_pkey_export($privkey, $pkeyout, null, $configargs);
// write the SSL certificate data to the target
$file = $certificate->openFile('w');
if (($written = $file->fwrite($certout . $pkeyout)) === false) {
throw new \Exception(sprintf('Can\'t create SSL certificate %s', $certificate->getPathname()));
}
// log a message that the file has been written successfully
$this->getInitialContext()->getSystemLogger()->info(sprintf('Successfully created %s with %d bytes', $certificate->getPathname(), $written));
// log any errors that occurred here
while (($e = openssl_error_string()) !== false) {
$this->getInitialContext()->getSystemLogger()->debug($e);
}
}