| 1 |  |  | <?php | 
            
                                                                                                            
                            
            
                                    
            
            
                | 2 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 3 |  |  | namespace Zwartpet\PHPCertificateToolbox; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 4 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 5 |  |  | use Zwartpet\PHPCertificateToolbox\Exception\LogicException; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 6 |  |  | use Zwartpet\PHPCertificateToolbox\Exception\RuntimeException; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 7 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 8 |  |  | /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 9 |  |  |  * LetsEncrypt Functions class, supplying the LetsEncrypt Client with supportive functions. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 10 |  |  |  * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 11 |  |  |  * @author     Youri van Weegberg <[email protected]> | 
            
                                                                                                            
                            
            
                                    
            
            
                | 12 |  |  |  * @copyright  2018 Youri van Weegberg | 
            
                                                                                                            
                            
            
                                    
            
            
                | 13 |  |  |  * @license    https://opensource.org/licenses/mit-license.php  MIT License | 
            
                                                                                                            
                            
            
                                    
            
            
                | 14 |  |  |  */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 15 |  |  | class LEFunctions | 
            
                                                                                                            
                            
            
                                    
            
            
                | 16 |  |  | { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 17 |  |  |     /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 18 |  |  |      * Generates a new RSA keypair and returns both | 
            
                                                                                                            
                            
            
                                    
            
            
                | 19 |  |  |      * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 20 |  |  |      * @param integer $keySize RSA key size, must be between 2048 and 4096 (default is 4096) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 21 |  |  |      * @return array containing public and private indexes containing the new keys | 
            
                                                                                                            
                            
            
                                    
            
            
                | 22 |  |  |      */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 23 | 50 |  |     public static function RSAGenerateKeys($keySize = 4096) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 24 |  |  |     { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 25 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 26 | 50 |  |         if ($keySize < 2048 || $keySize > 4096) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 27 | 2 |  |             throw new LogicException("RSA key size must be between 2048 and 4096"); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 28 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 29 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 30 | 48 |  |         $res = openssl_pkey_new([ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 31 | 48 |  |             "private_key_type" => OPENSSL_KEYTYPE_RSA, | 
            
                                                                                                            
                            
            
                                    
            
            
                | 32 | 48 |  |             "private_key_bits" => intval($keySize), | 
            
                                                                                                            
                            
            
                                    
            
            
                | 33 |  |  |         ]); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 34 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 35 | 48 |  |         if (!openssl_pkey_export($res, $privateKey)) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 36 |  |  |             throw new RuntimeException("RSA keypair export failed!"); //@codeCoverageIgnore | 
            
                                                                                                            
                            
            
                                    
            
            
                | 37 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 38 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 39 | 48 |  |         $details = openssl_pkey_get_details($res); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 40 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 41 | 48 |  |         $result = ['public' => $details['key'], 'private' => $privateKey]; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 42 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 43 | 48 |  |         openssl_pkey_free($res); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 44 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 45 | 48 |  |         return $result; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 46 |  |  |     } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 47 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 48 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 49 |  |  |     /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 50 |  |  |      * Generates a new EC prime256v1 keypair and saves both keys to a new file. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 51 |  |  |      * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 52 |  |  |      * @param integer $keySize EC key size, possible values are 256 (prime256v1) or 384 (secp384r1), | 
            
                                                                                                            
                            
            
                                    
            
            
                | 53 |  |  |      *                               default is 256 | 
            
                                                                                                            
                            
            
                                    
            
            
                | 54 |  |  |      * @return array containing public and private indexes containing the new keys | 
            
                                                                                                            
                            
            
                                    
            
            
                | 55 |  |  |      */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 56 | 34 |  |     public static function ECGenerateKeys($keySize = 256) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 57 |  |  |     { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 58 | 34 |  |         if (version_compare(PHP_VERSION, '7.1.0') == -1) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 59 |  |  |             throw new RuntimeException("PHP 7.1+ required for EC keys"); //@codeCoverageIgnore | 
            
                                                                                                            
                            
            
                                    
            
            
                | 60 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 61 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 62 | 34 |  |         if ($keySize == 256) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 63 | 30 |  |             $res = openssl_pkey_new([ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 64 | 30 |  |                 "private_key_type" => OPENSSL_KEYTYPE_EC, | 
            
                                                                                                            
                            
            
                                    
            
            
                | 65 | 30 |  |                 "curve_name" => "prime256v1", | 
            
                                                                                                            
                            
            
                                    
            
            
                | 66 |  |  |             ]); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 67 | 4 |  |         } elseif ($keySize == 384) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 68 | 2 |  |             $res = openssl_pkey_new([ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 69 | 2 |  |                 "private_key_type" => OPENSSL_KEYTYPE_EC, | 
            
                                                                                                            
                            
            
                                    
            
            
                | 70 | 2 |  |                 "curve_name" => "secp384r1", | 
            
                                                                                                            
                            
            
                                    
            
            
                | 71 |  |  |             ]); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 72 |  |  |         } else { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 73 | 2 |  |             throw new LogicException("EC key size must be 256 or 384"); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 74 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 75 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 76 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 77 | 32 |  |         if (!openssl_pkey_export($res, $privateKey)) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 78 |  |  |             throw new RuntimeException("EC keypair export failed!"); //@codeCoverageIgnore | 
            
                                                                                                            
                            
            
                                    
            
            
                | 79 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 80 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 81 | 32 |  |         $details = openssl_pkey_get_details($res); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 82 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 83 | 32 |  |         $result = ['public' => $details['key'], 'private' => $privateKey]; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 84 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 85 | 32 |  |         openssl_pkey_free($res); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 86 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 87 | 32 |  |         return $result; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 88 |  |  |     } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 89 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 90 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 91 |  |  |     /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 92 |  |  |      * Encodes a string input to a base64 encoded string which is URL safe. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 93 |  |  |      * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 94 |  |  |      * @param string $input The input string to encode. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 95 |  |  |      * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 96 |  |  |      * @return string   Returns a URL safe base64 encoded string. | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 97 |  |  |      */ | 
            
                                                                        
                            
            
                                    
            
            
                | 98 | 22 |  |     public static function base64UrlSafeEncode($input) | 
            
                                                                        
                            
            
                                    
            
            
                | 99 |  |  |     { | 
            
                                                                        
                            
            
                                    
            
            
                | 100 | 22 |  |         return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 101 |  |  |     } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 102 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 103 |  |  |     /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 104 |  |  |      * Decodes a string that is URL safe base64 encoded. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 105 |  |  |      * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 106 |  |  |      * @param string $input The encoded input string to decode. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 107 |  |  |      * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 108 |  |  |      * @return string   Returns the decoded input string. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 109 |  |  |      */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 110 | 2 |  |     public static function base64UrlSafeDecode($input) | 
            
                                                                                                            
                            
            
                                    
            
            
                | 111 |  |  |     { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 112 | 2 |  |         $remainder = strlen($input) % 4; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 113 | 2 |  |         if ($remainder) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 114 | 2 |  |             $padlen = 4 - $remainder; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 115 | 2 |  |             $input .= str_repeat('=', $padlen); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 116 |  |  |         } | 
            
                                                                                                            
                            
            
                                    
            
            
                | 117 | 2 |  |         return base64_decode(strtr($input, '-_', '+/')); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 118 |  |  |     } | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 119 |  |  | } | 
            
                                                        
            
                                    
            
            
                | 120 |  |  |  |