Files
kulakpos_web/vendor/thecodingmachine/safe/generated/8.5/openssl.php
triagungbiantoro 417b7b7453
All checks were successful
Build, Push and Deploy / build-and-push (push) Successful in 3m27s
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 16s
Build, Push and Deploy / deploy-staging (push) Successful in 31s
Build, Push and Deploy / deploy-production (push) Has been skipped
harga pada beranda terhubung ke manage plans di dashboard admin
2026-04-25 21:57:25 +07:00

1954 lines
60 KiB
PHP
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
namespace Safe;
use Safe\Exceptions\OpensslException;
/**
* Gets the cipher initialization vector (iv) length.
*
* @param string $cipher_algo The cipher method, see openssl_get_cipher_methods for a list of potential values.
* @return int Returns the cipher length on success.
* @throws OpensslException
*
*/
function openssl_cipher_iv_length(string $cipher_algo): int
{
error_clear_last();
$safeResult = \openssl_cipher_iv_length($cipher_algo);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* Gets the cipher key length.
*
* @param string $cipher_algo The cipher method, see openssl_get_cipher_methods for a list of potential values.
* @return int Returns the cipher length on success.
* @throws OpensslException
*
*/
function openssl_cipher_key_length(string $cipher_algo): int
{
error_clear_last();
$safeResult = \openssl_cipher_key_length($cipher_algo);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* Decrypts a CMS message.
*
* @param string $input_filename The name of a file containing encrypted content.
* @param string $output_filename The name of the file to deposit the decrypted content.
* @param \OpenSSLCertificate|string $certificate The name of the file containing a certificate of the recipient.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|null|string $private_key The name of the file containing a PKCS#8 key.
* @param int $encoding The encoding of the input file. One of OPENSSL_ENCODING_SMIME,
* OPENSSL_ENCODING_DER or OPENSSL_ENCODING_PEM.
* @throws OpensslException
*
*/
function openssl_cms_decrypt(string $input_filename, string $output_filename, $certificate, $private_key = null, int $encoding = OPENSSL_ENCODING_SMIME): void
{
error_clear_last();
if ($encoding !== OPENSSL_ENCODING_SMIME) {
$safeResult = \openssl_cms_decrypt($input_filename, $output_filename, $certificate, $private_key, $encoding);
} elseif ($private_key !== null) {
$safeResult = \openssl_cms_decrypt($input_filename, $output_filename, $certificate, $private_key);
} else {
$safeResult = \openssl_cms_decrypt($input_filename, $output_filename, $certificate);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* This function encrypts content to one or more recipients,
* based on the certificates that are passed to it.
*
* @param string $input_filename The file to be encrypted.
* @param string $output_filename The output file.
* @param \OpenSSLCertificate|array|string $certificate Recipients to encrypt to.
* @param array|null $headers Headers to include when S/MIME is used.
* @param int $flags Flags to be passed to CMS_sign.
* @param int $encoding An encoding to output. One of OPENSSL_ENCODING_SMIME,
* OPENSSL_ENCODING_DER or OPENSSL_ENCODING_PEM.
* @param int $cipher_algo A cypher to use.
* @throws OpensslException
*
*/
function openssl_cms_encrypt(string $input_filename, string $output_filename, $certificate, ?array $headers, int $flags = 0, int $encoding = OPENSSL_ENCODING_SMIME, int $cipher_algo = OPENSSL_CIPHER_AES_128_CBC): void
{
error_clear_last();
$safeResult = \openssl_cms_encrypt($input_filename, $output_filename, $certificate, $headers, $flags, $encoding, $cipher_algo);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* Performs the exact analog to openssl_pkcs7_read.
*
* @param string $input_filename
* @param array $certificates
* @throws OpensslException
*
*/
function openssl_cms_read(string $input_filename, array &$certificates): void
{
error_clear_last();
$safeResult = \openssl_cms_read($input_filename, $certificates);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* This function signs a file with an X.509 certificate and key.
*
* @param string $input_filename The name of the file to be signed.
* @param string $output_filename The name of the file to deposit the results.
* @param \OpenSSLCertificate|string $certificate The signing certificate.
* See Key/Certificate parameters for a list of valid values.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key The key associated with certificate.
* See Key/Certificate parameters for a list of valid values.
* @param array|null $headers An array of headers to be included in S/MIME output.
* @param int $flags Flags to be passed to cms_sign.
* @param int $encoding The encoding of the output file. One of OPENSSL_ENCODING_SMIME,
* OPENSSL_ENCODING_DER or OPENSSL_ENCODING_PEM.
* @param null|string $untrusted_certificates_filename Intermediate certificates to be included in the signature.
* @throws OpensslException
*
*/
function openssl_cms_sign(string $input_filename, string $output_filename, $certificate, $private_key, ?array $headers, int $flags = 0, int $encoding = OPENSSL_ENCODING_SMIME, ?string $untrusted_certificates_filename = null): void
{
error_clear_last();
if ($untrusted_certificates_filename !== null) {
$safeResult = \openssl_cms_sign($input_filename, $output_filename, $certificate, $private_key, $headers, $flags, $encoding, $untrusted_certificates_filename);
} else {
$safeResult = \openssl_cms_sign($input_filename, $output_filename, $certificate, $private_key, $headers, $flags, $encoding);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* This function verifies a CMS signature, either attached or detached, with the specified encoding.
*
* @param string $input_filename The input file.
* @param int $flags Flags to pass to cms_verify.
* @param null|string $certificates A file with the signer certificate and optionally intermediate certificates.
* @param array $ca_info An array containing self-signed certificate authority certificates.
* @param null|string $untrusted_certificates_filename A file containing additional intermediate certificates.
* @param null|string $content A file pointing to the content when signatures are detached.
* @param null|string $pk7
* @param null|string $sigfile A file to save the signature to.
* @param int $encoding The encoding of the input file. One of OPENSSL_ENCODING_SMIME,
* OPENSSL_ENCODING_DER or OPENSSL_ENCODING_PEM.
* @throws OpensslException
*
*/
function openssl_cms_verify(string $input_filename, int $flags = 0, ?string $certificates = null, array $ca_info = [], ?string $untrusted_certificates_filename = null, ?string $content = null, ?string $pk7 = null, ?string $sigfile = null, int $encoding = OPENSSL_ENCODING_SMIME): void
{
error_clear_last();
if ($encoding !== OPENSSL_ENCODING_SMIME) {
$safeResult = \openssl_cms_verify($input_filename, $flags, $certificates, $ca_info, $untrusted_certificates_filename, $content, $pk7, $sigfile, $encoding);
} elseif ($sigfile !== null) {
$safeResult = \openssl_cms_verify($input_filename, $flags, $certificates, $ca_info, $untrusted_certificates_filename, $content, $pk7, $sigfile);
} elseif ($pk7 !== null) {
$safeResult = \openssl_cms_verify($input_filename, $flags, $certificates, $ca_info, $untrusted_certificates_filename, $content, $pk7);
} elseif ($content !== null) {
$safeResult = \openssl_cms_verify($input_filename, $flags, $certificates, $ca_info, $untrusted_certificates_filename, $content);
} elseif ($untrusted_certificates_filename !== null) {
$safeResult = \openssl_cms_verify($input_filename, $flags, $certificates, $ca_info, $untrusted_certificates_filename);
} elseif ($ca_info !== []) {
$safeResult = \openssl_cms_verify($input_filename, $flags, $certificates, $ca_info);
} elseif ($certificates !== null) {
$safeResult = \openssl_cms_verify($input_filename, $flags, $certificates);
} else {
$safeResult = \openssl_cms_verify($input_filename, $flags);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_csr_export_to_file takes the Certificate
* Signing Request represented by csr and saves it
* in PEM format into the file named by
* output_filename.
*
* @param \OpenSSLCertificateSigningRequest|string $csr See CSR parameters for a list of valid values.
* @param string $output_filename Path to the output file.
* @param bool $no_text
* The optional parameter notext affects
* the verbosity of the output; if it is FALSE, then additional human-readable
* information is included in the output. The default value of
* notext is TRUE.
* @throws OpensslException
*
*/
function openssl_csr_export_to_file($csr, string $output_filename, bool $no_text = true): void
{
error_clear_last();
$safeResult = \openssl_csr_export_to_file($csr, $output_filename, $no_text);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_csr_export takes the Certificate Signing
* Request represented by csr and stores it in
* PEM format in output, which is passed by
* reference.
*
* @param \OpenSSLCertificateSigningRequest|string $csr See CSR parameters for a list of valid values.
* @param null|string $output on success, this string will contain the PEM
* encoded CSR
* @param bool $no_text
* The optional parameter notext affects
* the verbosity of the output; if it is FALSE, then additional human-readable
* information is included in the output. The default value of
* notext is TRUE.
* @throws OpensslException
*
*/
function openssl_csr_export($csr, ?string &$output, bool $no_text = true): void
{
error_clear_last();
$safeResult = \openssl_csr_export($csr, $output, $no_text);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_csr_get_public_key extracts the public key
* from csr and prepares it for use by other functions.
*
* @param \OpenSSLCertificateSigningRequest|string $csr See CSR parameters for a list of valid values.
* @param bool $short_names This parameter is ignored
* @return \OpenSSLAsymmetricKey Returns an OpenSSLAsymmetricKey on success.
* @throws OpensslException
*
*/
function openssl_csr_get_public_key($csr, bool $short_names = true): \OpenSSLAsymmetricKey
{
error_clear_last();
$safeResult = \openssl_csr_get_public_key($csr, $short_names);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_csr_get_subject returns subject
* distinguished name information encoded in the csr
* including fields commonName (CN), organizationName (O), countryName (C) etc.
*
* @param \OpenSSLCertificateSigningRequest|string $csr See CSR parameters for a list of valid values.
* @param bool $short_names short_names controls how the data is indexed in the
* array - if short_names is TRUE (the default) then
* fields will be indexed with the short name form, otherwise, the long name
* form will be used - e.g.: CN is the shortname form of commonName.
* @return array Returns an associative array with subject description.
* @throws OpensslException
*
*/
function openssl_csr_get_subject($csr, bool $short_names = true): array
{
error_clear_last();
$safeResult = \openssl_csr_get_subject($csr, $short_names);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_csr_new generates a new CSR
* based on the information provided by distinguished_names.
*
* @param array $distinguished_names The Distinguished Name or subject fields to be included in the
* certificate. The distinguished_names is an
* associative array where the keys represent the attribute names of
* Distinguished Names and the values can either be strings (for single
* value) or arrays (if multiple values need to be set).
* @param \OpenSSLAsymmetricKey|null $private_key private_key should be set to a private key that
* was previously generated by openssl_pkey_new (or
* otherwise obtained from the other openssl_pkey family of functions), or
* NULL variable. If its value is NULL variable, a new private key is
* generated based on the supplied options and
* assigned to supplied variable. The corresponding public portion of the
* key will be used to sign the CSR.
* @param array|null $options By default, the information in your system openssl.conf
* is used to initialize the request; you can specify a configuration file
* section by setting the config_section_section key in
* options. You can also specify an alternative
* OpenSSL configuration file by setting the value of the
* config key to the path of the file you want to use.
* The following keys, if present in options
* behave as their equivalents in the openssl.conf, as
* listed in the table below.
*
* Configuration overrides
*
*
*
* options key
* type
* openssl.conf equivalent
* description
*
*
*
*
* digest_alg
* string
* default_md
* Digest method or signature hash, usually one of openssl_get_md_methods
*
*
* x509_extensions
* string
* x509_extensions
* Selects which extensions should be used when creating an x509
* certificate
*
*
* req_extensions
* string
* req_extensions
* Selects which extensions should be used when creating a CSR
*
*
* private_key_bits
* int
* default_bits
* Specifies how many bits should be used to generate a private key
*
*
* private_key_type
* int
* none
* Specifies the type of private key to create. This can be one
* of OPENSSL_KEYTYPE_DSA,
* OPENSSL_KEYTYPE_DH,
* OPENSSL_KEYTYPE_RSA or
* OPENSSL_KEYTYPE_EC.
* The default value is OPENSSL_KEYTYPE_RSA.
*
*
*
* encrypt_key
* bool
* encrypt_key
* Should an exported key (with passphrase) be encrypted?
*
*
* encrypt_key_cipher
* int
* none
*
* One of cipher constants.
*
*
*
* curve_name
* string
* none
*
* One of openssl_get_curve_names.
*
*
*
* config
* string
* N/A
*
* Path to your own alternative openssl.conf file.
*
*
*
*
*
* @param array|null $extra_attributes extra_attributes is used to specify additional
* attributes for the CSR. It is an associative arrays
* where the keys are converted to OIDs and applied as
* CSR attributes.
* @return \OpenSSLCertificateSigningRequest|bool Returns the CSR on success, TRUE if
* CSR creation is successful but signing
* fails.
* @throws OpensslException
*
*/
function openssl_csr_new(array $distinguished_names, ?\OpenSSLAsymmetricKey &$private_key, ?array $options = null, ?array $extra_attributes = null)
{
error_clear_last();
if ($extra_attributes !== null) {
$safeResult = \openssl_csr_new($distinguished_names, $private_key, $options, $extra_attributes);
} elseif ($options !== null) {
$safeResult = \openssl_csr_new($distinguished_names, $private_key, $options);
} else {
$safeResult = \openssl_csr_new($distinguished_names, $private_key);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_csr_sign generates an x509 certificate from the given CSR.
*
* @param \OpenSSLCertificateSigningRequest|string $csr A CSR previously generated by openssl_csr_new.
* It can also be the path to a PEM encoded CSR when specified as
* file://path/to/csr or an exported string generated
* by openssl_csr_export.
* @param \OpenSSLCertificate|null|string $ca_certificate The generated certificate will be signed by ca_certificate.
* If ca_certificate is NULL, the generated certificate
* will be a self-signed certificate.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key private_key is the private key that corresponds to
* ca_certificate.
* @param int $days days specifies the length of time for which the
* generated certificate will be valid, in days.
* @param array|null $options You can finetune the CSR signing by options.
* See openssl_csr_new for more information about
* options.
* @param int $serial An optional the serial number of issued certificate. If not specified
* it will default to 0.
* @param null|string $serial_hex An optional hexadecimal string representing the serial number of the
* issued certificate. If set, it takes precedence over the
* serial parameter value. If not specified or set
* to NULL, the serial parameter value is used
* instead.
* @return \OpenSSLCertificate Returns an OpenSSLCertificate on success.
* @throws OpensslException
*
*/
function openssl_csr_sign($csr, $ca_certificate, $private_key, int $days, ?array $options = null, int $serial = 0, ?string $serial_hex = null): \OpenSSLCertificate
{
error_clear_last();
if ($serial_hex !== null) {
$safeResult = \openssl_csr_sign($csr, $ca_certificate, $private_key, $days, $options, $serial, $serial_hex);
} elseif ($serial !== 0) {
$safeResult = \openssl_csr_sign($csr, $ca_certificate, $private_key, $days, $options, $serial);
} elseif ($options !== null) {
$safeResult = \openssl_csr_sign($csr, $ca_certificate, $private_key, $days, $options);
} else {
$safeResult = \openssl_csr_sign($csr, $ca_certificate, $private_key, $days);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* Takes a raw or base64 encoded string and decrypts it using a given method and passphrase.
*
* @param string $data The encrypted message to be decrypted.
* @param string $cipher_algo The cipher method. For a list of available cipher methods, use
* openssl_get_cipher_methods.
* @param string $passphrase The passphrase. If the passphrase is shorter than expected, it is silently padded with
* NUL characters; if the passphrase is longer than expected, it is
* silently truncated.
* @param int $options options can be one of
* OPENSSL_RAW_DATA,
* OPENSSL_ZERO_PADDING
* or OPENSSL_DONT_ZERO_PAD_KEY.
* @param string $iv A non-NULL Initialization Vector. If the IV is shorter than expected, it is padded with
* NUL characters and warning is emitted; if the passphrase is longer
* than expected, it is truncated and warning is emitted.
* @param null|string $tag The authentication tag in AEAD cipher mode. If it is incorrect, the authentication fails and the function returns FALSE.
* @param string $aad Additional authenticated data.
* @return string The decrypted string on success.
* @throws OpensslException
*
*/
function openssl_decrypt(string $data, string $cipher_algo, string $passphrase, int $options = 0, string $iv = "", ?string $tag = null, string $aad = ""): string
{
error_clear_last();
if ($aad !== "") {
$safeResult = \openssl_decrypt($data, $cipher_algo, $passphrase, $options, $iv, $tag, $aad);
} elseif ($tag !== null) {
$safeResult = \openssl_decrypt($data, $cipher_algo, $passphrase, $options, $iv, $tag);
} else {
$safeResult = \openssl_decrypt($data, $cipher_algo, $passphrase, $options, $iv);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* The shared secret returned by openssl_dh_compute_key is
* often used as an encryption key to secretly communicate with a remote party.
* This is known as the Diffie-Hellman key exchange.
*
* @param string $public_key DH Public key of the remote party.
* @param \OpenSSLAsymmetricKey $private_key A local DH private key, corresponding to the public key to be shared with the remote party.
* @return string Returns shared secret on success.
* @throws OpensslException
*
*/
function openssl_dh_compute_key(string $public_key, \OpenSSLAsymmetricKey $private_key): string
{
error_clear_last();
$safeResult = \openssl_dh_compute_key($public_key, $private_key);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* Computes a digest hash value for the given data using a given method,
* and returns a raw or binhex encoded string.
*
* @param string $data The data.
* @param string $digest_algo The digest method to use, e.g. "sha256", see openssl_get_md_methods for a list of available digest methods.
* @param bool $binary Setting to TRUE will return as raw output data, otherwise the return
* value is binhex encoded.
* @return string Returns the digested hash value on success.
* @throws OpensslException
*
*/
function openssl_digest(string $data, string $digest_algo, bool $binary = false): string
{
error_clear_last();
$safeResult = \openssl_digest($data, $digest_algo, $binary);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* Gets the list of available curve names for use in Elliptic curve
* cryptography (ECC) for public/private key operations. The two most widely
* standardized/supported curves are prime256v1
* (NIST P-256) and secp384r1 (NIST P-384).
*
* Approximate Equivalancies of AES, RSA, DSA and ECC Keysizes
*
*
*
* AES Symmetric Keysize (Bits)
* RSA and DSA Keysize (Bits)
* ECC Keysize (Bits)
*
*
*
*
* 80
* 1024
* 160
*
*
* 112
* 2048
* 224
*
*
* 128
* 3072
* 256
*
*
* 192
* 7680
* 384
*
*
* 256
* 15360
* 512
*
*
*
*
* NIST
* recommends using ECC curves with at least 256 bits.
*
* @return list An array of available curve names.
* @throws OpensslException
*
*/
function openssl_get_curve_names(): array
{
error_clear_last();
$safeResult = \openssl_get_curve_names();
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_open opens (decrypts) data using an envelope
* key that is decrypted from encrypted_key using
* private_key. The decryption is done using
* cipher_algo and iv. The IV is required only if the
* cipher method requires it. The function fills output with the decrypted
* data. The envelope key is usually generated when the data are sealed using a public key that is
* associated with the private key. See openssl_seal for more information.
*
* @param string $data The sealed data.
* @param null|string $output If the call is successful the opened data is returned in this parameter.
* @param string $encrypted_key The encrypted symmetric key that can be decrypted using private_key.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key The private key used for decrypting encrypted_key.
* @param string $cipher_algo The cipher method used for decryption of data.
*
*
* The default value for PHP versions prior to 8.0 is ('RC4') which is
* considered insecure. It is strongly recommended to explicitly specify a secure cipher
* method.
*
*
* @param null|string $iv The initialization vector used for decryption of data. It is required
* if the cipher method requires IV. This can be found out by calling
* openssl_cipher_iv_length with cipher_algo.
* @throws OpensslException
*
*/
function openssl_open(string $data, ?string &$output, string $encrypted_key, $private_key, string $cipher_algo, ?string $iv = null): void
{
error_clear_last();
if ($iv !== null) {
$safeResult = \openssl_open($data, $output, $encrypted_key, $private_key, $cipher_algo, $iv);
} else {
$safeResult = \openssl_open($data, $output, $encrypted_key, $private_key, $cipher_algo);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_pbkdf2 computes PBKDF2 (Password-Based Key Derivation Function 2),
* a key derivation function defined in PKCS5 v2.
*
* @param string $password Password from which the derived key is generated.
* @param string $salt PBKDF2 recommends a crytographic salt of at least 128 bits (16 bytes).
* @param int $key_length Length of desired output key.
* @param int $iterations The number of iterations desired.
* NIST
* recommends at least 1,000. As of 2023, OWASP recommends 600,000 iterations for
* PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512.
* @param string $digest_algo Optional hash or digest algorithm from openssl_get_md_methods. Defaults
* to SHA-1. It is recommended to set it to SHA-256 or SHA-512.
* @return string Returns raw binary string.
* @throws OpensslException
*
*/
function openssl_pbkdf2(string $password, string $salt, int $key_length, int $iterations, string $digest_algo = "sha1"): string
{
error_clear_last();
$safeResult = \openssl_pbkdf2($password, $salt, $key_length, $iterations, $digest_algo);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_pkcs12_export_to_file stores
* certificate into a file named by
* output_filename in a PKCS#12 file format.
*
* @param \OpenSSLCertificate|string $certificate See Key/Certificate parameters for a list of valid values.
* @param string $output_filename Path to the output file.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key Private key component of PKCS#12 file.
* See Public/Private Key parameters for a list of valid values.
* @param string $passphrase Encryption password for unlocking the PKCS#12 file.
* @param array $options Optional array, other keys will be ignored.
*
*
*
*
* Key
* Description
*
*
*
*
* "extracerts"
* array of extra certificates or a single certificate to be included in the PKCS#12 file.
*
*
* "friendly_name"
* string to be used for the supplied certificate and key
*
*
*
*
* @throws OpensslException
*
*/
function openssl_pkcs12_export_to_file($certificate, string $output_filename, $private_key, string $passphrase, array $options = []): void
{
error_clear_last();
$safeResult = \openssl_pkcs12_export_to_file($certificate, $output_filename, $private_key, $passphrase, $options);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_pkcs12_export stores
* certificate into a string named by
* output in a PKCS#12 file format.
*
* @param \OpenSSLCertificate|string $certificate See Key/Certificate parameters for a list of valid values.
* @param null|string $output On success, this will hold the PKCS#12.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key Private key component of PKCS#12 file.
* See Public/Private Key parameters for a list of valid values.
* @param string $passphrase Encryption password for unlocking the PKCS#12 file.
* @param array $options Optional array, other keys will be ignored.
*
*
*
*
* Key
* Description
*
*
*
*
* "extracerts"
* array of extra certificates or a single certificate to be included in the PKCS#12 file.
*
*
* "friendly_name"
* string to be used for the supplied certificate and key
*
*
*
*
* @throws OpensslException
*
*/
function openssl_pkcs12_export($certificate, ?string &$output, $private_key, string $passphrase, array $options = []): void
{
error_clear_last();
$safeResult = \openssl_pkcs12_export($certificate, $output, $private_key, $passphrase, $options);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_pkcs12_read parses the PKCS#12 certificate store supplied by
* pkcs12 into a array named
* certificates.
*
* @param string $pkcs12 The certificate store contents, not its file name.
* @param array|null $certificates On success, this will hold the Certificate Store Data.
* @param string $passphrase Encryption password for unlocking the PKCS#12 file.
* @throws OpensslException
*
*/
function openssl_pkcs12_read(string $pkcs12, ?array &$certificates, string $passphrase): void
{
error_clear_last();
$safeResult = \openssl_pkcs12_read($pkcs12, $certificates, $passphrase);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* Decrypts the S/MIME encrypted message contained in the file specified by
* input_filename using the certificate and its
* associated private key specified by certificate and
* private_key.
*
* @param string $input_filename
* @param string $output_filename The decrypted message is written to the file specified by
* output_filename.
* @param \OpenSSLCertificate|string $certificate
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|null|string $private_key
* @throws OpensslException
*
*/
function openssl_pkcs7_decrypt(string $input_filename, string $output_filename, $certificate, $private_key = null): void
{
error_clear_last();
if ($private_key !== null) {
$safeResult = \openssl_pkcs7_decrypt($input_filename, $output_filename, $certificate, $private_key);
} else {
$safeResult = \openssl_pkcs7_decrypt($input_filename, $output_filename, $certificate);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_pkcs7_encrypt takes the contents of the
* file named input_filename and encrypts them using an RC2
* 40-bit cipher so that they can only be read by the intended recipients
* specified by certificate.
*
* @param string $input_filename
* @param string $output_filename
* @param \OpenSSLCertificate|array|string $certificate Either a lone X.509 certificate, or an array of X.509 certificates.
* @param array $headers headers is an array of headers that
* will be prepended to the data after it has been encrypted.
*
* headers can be either an associative array
* keyed by header name, or an indexed array, where each element contains
* a single header line.
* @param int $flags flags can be used to specify options that affect
* the encoding process - see PKCS7
* constants.
* @param int $cipher_algo One of cipher constants.
* @throws OpensslException
*
*/
function openssl_pkcs7_encrypt(string $input_filename, string $output_filename, $certificate, array $headers, int $flags = 0, int $cipher_algo = OPENSSL_CIPHER_AES_128_CBC): void
{
error_clear_last();
$safeResult = \openssl_pkcs7_encrypt($input_filename, $output_filename, $certificate, $headers, $flags, $cipher_algo);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
*
*
* @param string $data The string of data you wish to parse (p7b format).
* @param array|null $certificates The array of PEM certificates from the p7b input data.
* @throws OpensslException
*
*/
function openssl_pkcs7_read(string $data, ?array &$certificates): void
{
error_clear_last();
$safeResult = \openssl_pkcs7_read($data, $certificates);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_pkcs7_sign takes the contents of the file
* named input_filename and signs them using the
* certificate and its matching private key specified by
* certificate and private_key
* parameters.
*
* @param string $input_filename The input file you are intending to digitally sign.
* @param string $output_filename The file which the digital signature will be written to.
* @param \OpenSSLCertificate|string $certificate The X.509 certificate used to digitally sign input_filename.
* See Key/Certificate parameters for a list of valid values.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key private_key is the private key corresponding to certificate.
* See Public/Private Key parameters for a list of valid values.
* @param array $headers headers is an array of headers that
* will be prepended to the data after it has been signed (see
* openssl_pkcs7_encrypt for more information about
* the format of this parameter).
* @param int $flags flags can be used to alter the output - see PKCS7 constants.
* @param null|string $untrusted_certificates_filename untrusted_certificates_filename specifies the name of a file containing
* a bunch of extra certificates to include in the signature which can for
* example be used to help the recipient to verify the certificate that you used.
* @throws OpensslException
*
*/
function openssl_pkcs7_sign(string $input_filename, string $output_filename, $certificate, $private_key, array $headers, int $flags = PKCS7_DETACHED, ?string $untrusted_certificates_filename = null): void
{
error_clear_last();
if ($untrusted_certificates_filename !== null) {
$safeResult = \openssl_pkcs7_sign($input_filename, $output_filename, $certificate, $private_key, $headers, $flags, $untrusted_certificates_filename);
} else {
$safeResult = \openssl_pkcs7_sign($input_filename, $output_filename, $certificate, $private_key, $headers, $flags);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_pkey_derive takes a set of a public_key
* and private_key and derives a shared secret, for either DH or EC keys.
*
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $public_key public_key is the public key for the derivation.
* See Public/Private Key parameters for a list of valid values.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key private_key is the private key for the derivation.
* See Public/Private Key parameters for a list of valid values.
* @param int $key_length If not zero, will attempt to set the desired length of the derived secret.
* @return string The derived secret on success.
* @throws OpensslException
*
*/
function openssl_pkey_derive($public_key, $private_key, int $key_length = 0): string
{
error_clear_last();
$safeResult = \openssl_pkey_derive($public_key, $private_key, $key_length);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_pkey_export_to_file saves an ascii-armoured
* (PEM encoded) rendition of key into the file named
* by output_filename.
*
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $key
* @param string $output_filename Path to the output file.
* @param null|string $passphrase The key can be optionally protected by a
* passphrase.
* @param array|null $options options can be used to fine-tune the export
* process by specifying and/or overriding options for the openssl
* configuration file. See openssl_csr_new for more
* information about options.
* @throws OpensslException
*
*/
function openssl_pkey_export_to_file($key, string $output_filename, ?string $passphrase = null, ?array $options = null): void
{
error_clear_last();
if ($options !== null) {
$safeResult = \openssl_pkey_export_to_file($key, $output_filename, $passphrase, $options);
} elseif ($passphrase !== null) {
$safeResult = \openssl_pkey_export_to_file($key, $output_filename, $passphrase);
} else {
$safeResult = \openssl_pkey_export_to_file($key, $output_filename);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_pkey_export exports
* key as a PEM encoded string and stores it into
* output (which is passed by reference).
*
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $key
* @param null|string $output
* @param null|string $passphrase The key is optionally protected by passphrase.
* @param array|null $options options can be used to fine-tune the export
* process by specifying and/or overriding options for the openssl
* configuration file. See openssl_csr_new for more
* information about options.
* @throws OpensslException
*
*/
function openssl_pkey_export($key, ?string &$output, ?string $passphrase = null, ?array $options = null): void
{
error_clear_last();
if ($options !== null) {
$safeResult = \openssl_pkey_export($key, $output, $passphrase, $options);
} elseif ($passphrase !== null) {
$safeResult = \openssl_pkey_export($key, $output, $passphrase);
} else {
$safeResult = \openssl_pkey_export($key, $output);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* This function returns the key details (bits, key, type).
*
* @param \OpenSSLAsymmetricKey $key Resource holding the key.
* @return array Returns an array with the key details on success.
* Returned array has indexes bits (number of bits),
* key (string representation of the public key) and
* type (type of the key which is one of
* OPENSSL_KEYTYPE_RSA,
* OPENSSL_KEYTYPE_DSA,
* OPENSSL_KEYTYPE_DH,
* OPENSSL_KEYTYPE_EC,
* OPENSSL_KEYTYPE_X25519,
* OPENSSL_KEYTYPE_ED25519,
* OPENSSL_KEYTYPE_X448,
* OPENSSL_KEYTYPE_ED448,
* or -1 meaning unknown).
*
* Depending on the key type used, additional details may be returned. Note that
* some elements may not always be available.
* @throws OpensslException
*
*/
function openssl_pkey_get_details(\OpenSSLAsymmetricKey $key): array
{
error_clear_last();
$safeResult = \openssl_pkey_get_details($key);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_pkey_get_private parses
* private_key and prepares it for use by other functions.
*
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key private_key can be one of the following:
*
* a string having the format
* file://path/to/file.pem. The named file must
* contain a PEM encoded certificate/private key (it may contain both).
*
*
* A PEM formatted private key.
*
* @param null|string $passphrase The optional parameter passphrase must be used
* if the specified key is encrypted (protected by a passphrase).
* @return \OpenSSLAsymmetricKey Returns an OpenSSLAsymmetricKey instance on success.
* @throws OpensslException
*
*/
function openssl_pkey_get_private($private_key, ?string $passphrase = null): \OpenSSLAsymmetricKey
{
error_clear_last();
if ($passphrase !== null) {
$safeResult = \openssl_pkey_get_private($private_key, $passphrase);
} else {
$safeResult = \openssl_pkey_get_private($private_key);
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_pkey_get_public extracts the public key from
* public_key and prepares it for use by other
* functions.
*
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $public_key public_key can be one of the following:
*
* an OpenSSLAsymmetricKey instance
* a string having the format
* file://path/to/file.pem. The named file must
* contain a PEM encoded certificate/public key (it may contain both).
*
*
* A PEM formatted public key.
*
* @return \OpenSSLAsymmetricKey Returns an OpenSSLAsymmetricKey instance on success.
* @throws OpensslException
*
*/
function openssl_pkey_get_public($public_key): \OpenSSLAsymmetricKey
{
error_clear_last();
$safeResult = \openssl_pkey_get_public($public_key);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_pkey_new generates a new private
* key.
* How to obtain the public component of the key is shown in an example below.
*
* @param array|null $options It is possible to fine-tune the key generation (e.g. specifying the number of
* bits or parameters) using the options parameter.
* These options can either be algorithm-specific parameters used for key generation,
* or generic options used also in CSRgeneration if not specified.
* See openssl_csr_new for more information
* about how to use options for a CSR.
* Among those options only private_key_bits,
* private_key_type, curve_name,
* and config are used for key generation.
* Algorithm-specific options are used if the associative array includes one of the specific keys.
*
*
*
* "rsa" key for setting RSA parameters.
*
*
*
*
*
* options
* type
* format
* required
* description
*
*
*
*
* "n"
* string
* binary number
* yes
* modulus
*
*
* "e"
* string
* binary number
* no
* public exponent
*
*
* "d"
* string
* binary number
* yes
* private exponent
*
*
* "p"
* string
* binary number
* no
* prime 1
*
*
* "q"
* string
* binary number
* no
* prime 2
*
*
* "dmp1"
* string
* binary number
* no
* exponent1, d mod (p-1)
*
*
* "dmq1"
* string
* binary number
* no
* exponent2, d mod (q-1)
*
*
* "iqmp"
* string
* binary number
* no
* coefficient, (inverse of q) mod p
*
*
*
*
*
*
*
* "dsa" key for setting DSA parameters.
*
*
*
*
*
* options
* type
* format
* required
* description
*
*
*
*
* "p"
* string
* binary number
* no
* prime number (public)
*
*
* "q"
* string
* binary number
* no
* 160-bit subprime, q | p-1 (public)
*
*
* "g"
* string
* binary number
* no
* generator of subgroup (public)
*
*
* "priv_key"
* string
* PEM key
* no
* private key x
*
*
* "pub_key"
* string
* PEM key
* no
* public key y = g^x
*
*
*
*
*
*
*
* "dh" key for DH (DiffieHellman key exchange) parameters.
*
*
*
*
*
* Options
* Type
* Format
* Required
* Description
*
*
*
*
* "p"
* string
* binary number
* no
* prime number (shared)
*
*
* "g"
* string
* binary number
* no
* generator of Z_p (shared)
*
*
* "priv_key"
* string
* PEM key
* no
* private DH value x
*
*
* "pub_key"
* string
* PEM key
* no
* public DH value g^x
*
*
*
*
*
*
*
* "ec" key for Elliptic curve parameters
*
*
*
*
*
* Options
* Type
* Format
* Required
* Description
*
*
*
*
* "curve_name"
* string
* name
* no
* name of curve, see openssl_get_curve_names
*
*
* "p"
* string
* binary number
* no
* prime of the field for curve over Fp
*
*
* "a"
* string
* binary number
* no
* coofecient a of the curve for Fp: y^2 mod p = x^3 + ax + b mod p
*
*
* "b"
* string
* binary number
* no
* coofecient b of the curve for Fp: y^2 mod p = x^3 + ax + b mod p
*
*
* "seed"
* string
* binary number
* no
* optional random number seed used to generate coefficient b
*
*
* "generator"
* string
* binary encoded point
* no
* curve generator point
*
*
* "g_x"
* string
* binary number
* no
* curver generator point x coordinat
*
*
* "g_y"
* string
* binary number
* no
* curver generator point y coordinat
*
*
* "cofactor"
* string
* binary number
* no
* curve cofactor
*
*
* "order"
* string
* binary number
* no
* curve order
*
*
* "x"
* string
* binary number
* no
* x coordinate (public)
*
*
* "y"
* string
* binary number
* no
* y coordinate (public)
*
*
* "d"
* string
* binary number
* no
* private key
*
*
*
*
*
*
*
* "x25519", "x448",
* "ed25519", "ed448" keys for
* Curve25519 and Curve448 parameters.
*
*
*
*
*
* Options
* Type
* Format
* Required
* Description
*
*
*
*
* "priv_key"
* string
* PEM key
* no
* private key
*
*
* "pub_key"
* string
* PEM key
* no
* public key
*
*
*
*
*
*
* @return \OpenSSLAsymmetricKey Returns an OpenSSLAsymmetricKey instance for
* the pkey on success.
* @throws OpensslException
*
*/
function openssl_pkey_new(?array $options = null): \OpenSSLAsymmetricKey
{
error_clear_last();
if ($options !== null) {
$safeResult = \openssl_pkey_new($options);
} else {
$safeResult = \openssl_pkey_new();
}
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_private_decrypt decrypts
* data that was previously encrypted via
* openssl_public_encrypt and stores the result into
* decrypted_data.
*
* You can use this function e.g. to decrypt data which is supposed to only be available to you.
*
* @param string $data
* @param null|string $decrypted_data
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key private_key must be the private key that corresponds
* to the public key that was used to encrypt the data.
* @param int $padding padding can be one of
* OPENSSL_PKCS1_PADDING,
* OPENSSL_SSLV23_PADDING,
* OPENSSL_PKCS1_OAEP_PADDING,
* OPENSSL_NO_PADDING.
* @throws OpensslException
*
*/
function openssl_private_decrypt(string $data, ?string &$decrypted_data, $private_key, int $padding = OPENSSL_PKCS1_PADDING): void
{
error_clear_last();
$safeResult = \openssl_private_decrypt($data, $decrypted_data, $private_key, $padding);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_private_encrypt encrypts data
* with private private_key and stores the result into
* encrypted_data. Encrypted data can be decrypted via
* openssl_public_decrypt.
*
* This function can be used e.g. to sign data (or its hash) to prove that it
* is not written by someone else.
*
* @param string $data
* @param null|string $encrypted_data
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key private_key must be the private key that corresponds
* to the public key that will be used to decrypt the data.
* @param int $padding padding can be one of
* OPENSSL_PKCS1_PADDING,
* OPENSSL_NO_PADDING.
* @throws OpensslException
*
*/
function openssl_private_encrypt(string $data, ?string &$encrypted_data, $private_key, int $padding = OPENSSL_PKCS1_PADDING): void
{
error_clear_last();
$safeResult = \openssl_private_encrypt($data, $encrypted_data, $private_key, $padding);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_public_decrypt decrypts
* data that was previous encrypted via
* openssl_private_encrypt and stores the result into
* decrypted_data.
*
* You can use this function e.g. to check if the message was written by the
* owner of the private key.
*
* @param string $data
* @param null|string $decrypted_data
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $public_key public_key must be the public key that corresponds
* to the private key that was used to encrypt the data.
* @param int $padding padding can be one of
* OPENSSL_PKCS1_PADDING,
* OPENSSL_NO_PADDING.
* @throws OpensslException
*
*/
function openssl_public_decrypt(string $data, ?string &$decrypted_data, $public_key, int $padding = OPENSSL_PKCS1_PADDING): void
{
error_clear_last();
$safeResult = \openssl_public_decrypt($data, $decrypted_data, $public_key, $padding);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_public_encrypt encrypts data
* with public public_key and stores the result into
* encrypted_data. Encrypted data can be decrypted via
* openssl_private_decrypt.
*
* This function can be used e.g. to encrypt message which can be then read
* only by owner of the private key. It can be also used to store secure data
* in database.
*
* @param string $data
* @param null|string $encrypted_data This will hold the result of the encryption.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $public_key public_key must be the public key that corresponds
* to the private key that will be used to decrypt the data.
* @param int $padding padding can be one of
* OPENSSL_PKCS1_PADDING,
* OPENSSL_SSLV23_PADDING,
* OPENSSL_PKCS1_OAEP_PADDING,
* OPENSSL_NO_PADDING.
* @throws OpensslException
*
*/
function openssl_public_encrypt(string $data, ?string &$encrypted_data, $public_key, int $padding = OPENSSL_PKCS1_PADDING): void
{
error_clear_last();
$safeResult = \openssl_public_encrypt($data, $encrypted_data, $public_key, $padding);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* Generates a string of pseudo-random bytes, with the number of bytes
* determined by the length parameter.
*
* It also indicates if a cryptographically strong algorithm was used to produce the
* pseudo-random bytes, and does this via the optional strong_result
* parameter. It's rare for this to be FALSE, but some systems may be broken or old.
*
* @param int $length The length of the desired string of bytes. Must be a positive integer less than or equal to 2147483647. PHP will
* try to cast this parameter to a non-null integer to use it.
* @param bool|null $strong_result If passed into the function, this will hold a bool value that determines
* if the algorithm used was "cryptographically strong", e.g., safe for usage with GPG,
* passwords, etc. TRUE if it did, otherwise FALSE
* @return string Returns the generated string of bytes.
*
*/
function openssl_random_pseudo_bytes(int $length, ?bool &$strong_result = null): string
{
error_clear_last();
$safeResult = \openssl_random_pseudo_bytes($length, $strong_result);
return $safeResult;
}
/**
* openssl_seal seals (encrypts) data using the
* specified cipher_algo with a randomly generated secret key. The key is
* then encrypted with each of the public keys in public_key array,
* and each encrypted envelope key is returned in encrypted_keys. This allows
* sealed data to be sent to multiple recipients (provided their public keys are available). Each
* recipient must receive both the sealed data and the envelope key that was encrypted with the
* recipient's public key. The IV (Initialization Vector) is generated, and its value is returned in
* iv.
*
* @param string $data The data to seal.
* @param null|string $sealed_data The sealed data.
* @param array|null $encrypted_keys Array of encrypted keys.
* @param array $public_key Array of OpenSSLAsymmetricKey instances containing public keys.
* @param string $cipher_algo The cipher method.
*
*
* The default value for PHP versions prior to 8.0 is ('RC4') which is
* considered insecure. It is strongly recommended to explicitly specify a secure cipher
* method.
*
*
* @param null|string $iv The initialization vector for decryption of data. It is required if
* the cipher method requires IV. This can be found out by calling
* openssl_cipher_iv_length with cipher_algo.
* @return int Returns the length of the sealed data on success.
* If successful the sealed data is returned in
* sealed_data, and the envelope keys in
* encrypted_keys.
* @throws OpensslException
*
*/
function openssl_seal(string $data, ?string &$sealed_data, ?array &$encrypted_keys, array $public_key, string $cipher_algo, ?string &$iv = null): int
{
error_clear_last();
$safeResult = \openssl_seal($data, $sealed_data, $encrypted_keys, $public_key, $cipher_algo, $iv);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_sign computes a signature for the
* specified data by generating a cryptographic
* digital signature using the private key associated with
* private_key. Note that the data itself is
* not encrypted.
*
* @param string $data The string of data you wish to sign
* @param null|string $signature If the call was successful the signature is returned in
* signature.
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $private_key OpenSSLAsymmetricKey - a key, returned by openssl_get_privatekey
*
* string - a PEM formatted key
* @param int|string $algorithm int - one of these Signature Algorithms.
*
* string - a valid string returned by openssl_get_md_methods example, "sha256WithRSAEncryption" or "sha384".
* @throws OpensslException
*
*/
function openssl_sign(string $data, ?string &$signature, $private_key, $algorithm = OPENSSL_ALGO_SHA1): void
{
error_clear_last();
$safeResult = \openssl_sign($data, $signature, $private_key, $algorithm);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* Exports challenge from encoded signed public key and challenge
*
* @param string $spki Expects a valid signed public key and challenge
* @return null|string Returns the associated challenge string.
* @throws OpensslException
*
*/
function openssl_spki_export_challenge(string $spki): ?string
{
error_clear_last();
$safeResult = \openssl_spki_export_challenge($spki);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* Exports PEM formatted public key from encoded signed public key and challenge
*
* @param string $spki Expects a valid signed public key and challenge
* @return null|string Returns the associated PEM formatted public key.
* @throws OpensslException
*
*/
function openssl_spki_export(string $spki): ?string
{
error_clear_last();
$safeResult = \openssl_spki_export($spki);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* Generates a signed public key and challenge using specified hashing algorithm
*
* @param \OpenSSLAsymmetricKey $private_key private_key should be set to a private key that was
* previously generated by openssl_pkey_new (or
* otherwise obtained from the other openssl_pkey family of functions).
* The corresponding public portion of the key will be used to sign the
* CSR.
* @param string $challenge The challenge associated to associate with the SPKAC
* @param int $digest_algo The digest algorithm. See openssl_get_md_method().
* @return null|string Returns a signed public key and challenge string.
* @throws OpensslException
*
*/
function openssl_spki_new(\OpenSSLAsymmetricKey $private_key, string $challenge, int $digest_algo = OPENSSL_ALGO_MD5): ?string
{
error_clear_last();
$safeResult = \openssl_spki_new($private_key, $challenge, $digest_algo);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* Validates the supplied signed public key and challenge
*
* @param string $spki Expects a valid signed public key and challenge
* @throws OpensslException
*
*/
function openssl_spki_verify(string $spki): void
{
error_clear_last();
$safeResult = \openssl_spki_verify($spki);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_verify verifies that the
* signature is correct for the specified
* data using the public key associated with
* public_key. This must be the public key
* corresponding to the private key used for signing.
*
* @param string $data The string of data used to generate the signature previously
* @param string $signature A raw binary string, generated by openssl_sign or similar means
* @param \OpenSSLAsymmetricKey|\OpenSSLCertificate|array|string $public_key OpenSSLAsymmetricKey - a key, returned by openssl_get_publickey
*
* string - a PEM formatted key (e.g. -----BEGIN PUBLIC KEY-----
* MIIBCgK...)
* @param int|string $algorithm int - one of these Signature Algorithms.
*
* string - a valid string returned by openssl_get_md_methods example, "sha1WithRSAEncryption" or "sha512".
* @return -1|0|1 Returns 1 if the signature is correct, 0 if it is incorrect, and
* -1.
* @throws OpensslException
*
*/
function openssl_verify(string $data, string $signature, $public_key, $algorithm = OPENSSL_ALGO_SHA1): int
{
error_clear_last();
$safeResult = \openssl_verify($data, $signature, $public_key, $algorithm);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_x509_checkpurpose examines a certificate to
* see if it can be used for the specified purpose.
*
* @param \OpenSSLCertificate|string $certificate The examined certificate.
* @param int $purpose
* openssl_x509_checkpurpose purposes
*
*
*
* Constant
* Description
*
*
*
*
* X509_PURPOSE_SSL_CLIENT
* Can the certificate be used for the client side of an SSL
* connection?
*
*
* X509_PURPOSE_SSL_SERVER
* Can the certificate be used for the server side of an SSL
* connection?
*
*
* X509_PURPOSE_NS_SSL_SERVER
* Can the cert be used for Netscape SSL server?
*
*
* X509_PURPOSE_SMIME_SIGN
* Can the cert be used to sign S/MIME email?
*
*
* X509_PURPOSE_SMIME_ENCRYPT
* Can the cert be used to encrypt S/MIME email?
*
*
* X509_PURPOSE_CRL_SIGN
* Can the cert be used to sign a certificate revocation list
* (CRL)?
*
*
* X509_PURPOSE_ANY
* Can the cert be used for Any/All purposes?
*
*
*
*
* These options are not bitfields - you may specify one only!
* @param array $ca_info ca_info should be an array of trusted CA files/dirs
* as described in Certificate
* Verification.
* @param null|string $untrusted_certificates_file If specified, this should be the name of a PEM encoded file holding
* certificates that can be used to help verify the certificate, although
* no trust is placed in the certificates that come from that file.
* @return bool|int Returns TRUE if the certificate can be used for the intended purpose,
* FALSE if it cannot.
* @throws OpensslException
*
*/
function openssl_x509_checkpurpose($certificate, int $purpose, array $ca_info = [], ?string $untrusted_certificates_file = null)
{
error_clear_last();
if ($untrusted_certificates_file !== null) {
$safeResult = \openssl_x509_checkpurpose($certificate, $purpose, $ca_info, $untrusted_certificates_file);
} else {
$safeResult = \openssl_x509_checkpurpose($certificate, $purpose, $ca_info);
}
if ($safeResult === -1) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_x509_export_to_file stores
* certificate into a file named by
* output_filename in a PEM encoded format.
*
* @param \OpenSSLCertificate|string $certificate See Key/Certificate parameters for a list of valid values.
* @param string $output_filename Path to the output file.
* @param bool $no_text
* The optional parameter notext affects
* the verbosity of the output; if it is FALSE, then additional human-readable
* information is included in the output. The default value of
* notext is TRUE.
* @throws OpensslException
*
*/
function openssl_x509_export_to_file($certificate, string $output_filename, bool $no_text = true): void
{
error_clear_last();
$safeResult = \openssl_x509_export_to_file($certificate, $output_filename, $no_text);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_x509_export stores
* certificate into a string named by
* output in a PEM encoded format.
*
* @param \OpenSSLCertificate|string $certificate See Key/Certificate parameters for a list of valid values.
* @param null|string $output On success, this will hold the PEM.
* @param bool $no_text
* The optional parameter notext affects
* the verbosity of the output; if it is FALSE, then additional human-readable
* information is included in the output. The default value of
* notext is TRUE.
* @throws OpensslException
*
*/
function openssl_x509_export($certificate, ?string &$output, bool $no_text = true): void
{
error_clear_last();
$safeResult = \openssl_x509_export($certificate, $output, $no_text);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
}
/**
* openssl_x509_fingerprint returns the digest of
* certificate as a string.
*
* @param \OpenSSLCertificate|string $certificate See Key/Certificate parameters for a list of valid values.
* @param string $digest_algo The digest method or hash algorithm to use, e.g. "sha256", one of openssl_get_md_methods.
* @param bool $binary When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.
* @return string Returns a string containing the calculated certificate fingerprint as lowercase hexits unless binary is set to TRUE in which case the raw binary representation of the message digest is returned.
*
* Returns FALSE on failure.
* @throws OpensslException
*
*/
function openssl_x509_fingerprint($certificate, string $digest_algo = "sha1", bool $binary = false): string
{
error_clear_last();
$safeResult = \openssl_x509_fingerprint($certificate, $digest_algo, $binary);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}
/**
* openssl_x509_read parses the certificate supplied by
* certificate and returns an OpenSSLCertificate object for
* it.
*
* @param \OpenSSLCertificate|string $certificate X509 certificate. See Key/Certificate parameters for a list of valid values.
* @return \OpenSSLCertificate Returns an OpenSSLCertificate on success.
* @throws OpensslException
*
*/
function openssl_x509_read($certificate): \OpenSSLCertificate
{
error_clear_last();
$safeResult = \openssl_x509_read($certificate);
if ($safeResult === false) {
throw OpensslException::createFromPhpError();
}
return $safeResult;
}