Req #38917 [Com]: OpenSSL: signing function for spkac

jason dot gerfen at gmail dot com Wed, 14 Dec 2011 05:52:19 -0800

Edit report at https://bugs.php.net/bug.php?id=38917&edit=1


 ID:                 38917
 Comment by:         jason dot gerfen at gmail dot com
 Reported by:        zeph at purotesto dot it
 Summary:            OpenSSL: signing function for spkac
 Status:             Feedback
 Type:               Feature/Change Request
 Package:            OpenSSL related
 Operating System:   Irrilevant
 PHP Version:        trunk
 Block user comment: N
 Private report:     N

 New Comment:

This will test all five new functions unless you would like one test case per 
function?

--TEST--
openssl_spki_new(), openssl_spki_verify(), openssl_spki_export(), 
openssl_spki_export_challenge(), openssl_spki_details()
--SKIPIF--
<?php
if (!extension_loaded("openssl")) die("skip");
if (!@openssl_pkey_new()) die("skip cannot create private key");
?>
--FILE--
<?php

echo "Creating private key\n";
$key = openssl_pkey_new();
if ($key === false)
 die("failed to create private key\n");

echo "Creating new SPKAC\n";
if (!function_exists("openssl_spki_new"))
 die("openssl_spki_new() does not exist\n");

$spki = openssl_spki_new($key, "sample_challenge_string");
if ($spki === false)
 die("could not create spkac\n");

echo "Verifying SPKAC\n";
if (!function_exists("openssl_spki_verify"))
 die("openssl_spki_verify() does not exist\n");

$x = openssl_spki_verify(preg_replace("/SPKAC=/", "", $spki));
if ($x === false)
 die("could not verify spkac\n");

echo "Exporting challenge\n";
if (!function_exists("openssl_spki_export_challenge"))
 die("openssl_spki_export_challenge() does not exist\n");

$y = openssl_spki_export_challenge(preg_replace("/SPKAC=/", "", $spki));
if ($y !== "sample_challenge_string")
 die("could not verify challenge string from spkac\n");

echo "Exporting public key from SPKAC\n";
if (!function_exists("openssl_spki_export"))
 die("openssl_spki_export() does not exist\n");

$z = openssl_spki_export(preg_replace("/SPKAC=/", '', $spki));
if ($z === "")
 die("could not export public key from spkac\n");

echo "Generating details of SPKAC structure\n";
if (!function_exists("openssl_spki_details"))
 die("openssl_spki_details() does not exist\n");

$w = openssl_spki_details(preg_replace('/SPKAC=/', '', $spki));
if ($w === "")
 die("could not obtain details from spkac\n");

echo "OK!\n";

openssl_free_key($key);
?>
--EXPECT--
Creating private key
Creating new SPKAC
Verifying SPKAC
Exporting challenge
Exporting public key from SPKAC
Generating details of SPKAC structure
OK!


Previous Comments:
------------------------------------------------------------------------
[2011-12-14 12:02:35] [email protected]

Please see the phpt files in ext/openssl/tests/

this is how tests should be written.

Further explanations are available here: http://qa.php.net/

Thanks!

------------------------------------------------------------------------
[2011-12-14 11:40:42] jason dot gerfen at gmail dot com

<form id="spkac" name="spkac" method="post" action="openssl-spki.php">
 <keygen name="spki-key" keytype="rsa" challenge="testing"></keygen>
 <input type="submit">
</form>

<?php

if (!empty($_POST['spki-key'])) {
 echo '<pre>'; print_r($_POST['spki-key']); echo '</pre>';


}

if (empty($_POST['spki-key'])){

 echo "Generating private key...";

 $key = openssl_pkey_new(array('digest_alg' => 'sha1',

                               'private_key_type' => OPENSSL_KEYTYPE_RSA,

                               'private_key_bits' => 2048));

 echo "done<br/>";

 echo "============================<br/>";

}



if (empty($_POST['spki-key'])){

 echo "Creating SPKAC...<br/>";

 if (function_exists('openssl_spki_new')){

  $spki = openssl_spki_new($key, 'wtfd00d');

  echo "<pre>".$spki."</pre>";

 }

 echo "<br/>done<br/>";

 echo "============================<br/>";

}



echo "Verifying SPKAC...<br/>";

if (function_exists('openssl_spki_verify')){

 $y = (empty($_POST['spki-key'])) ?

  openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :

  openssl_spki_verify($_POST['spki-key']);

 var_dump($y);

}

echo "<br/>============================<br/>";



echo "Exporting challenge from SPKAC...<br/>";

if (function_exists('openssl_spki_export_challenge')){

 $x = (empty($_POST['spki-key'])) ?

  openssl_spki_export_challenge(preg_replace('/SPKAC=/', '', $spki)) :

  openssl_spki_export_challenge($_POST['spki-key']);

 echo $x;

}

echo "<br/>done<br/>";

echo "============================<br/>";



echo "Exporting public key from SPKAC...<br/>";

if (function_exists('openssl_spki_export')){

 $z = (empty($_POST['spki-key'])) ?

  openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :

  openssl_spki_export($_POST['spki-key']);

 echo '<pre>'; print_r($z); echo '</pre>';

}

echo "<br/>============================<br/>";



echo "SPKAC details...<br/>";

if (function_exists('openssl_spki_details')){

 $w = (empty($_POST['spki-key'])) ?

  openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :

  openssl_spki_details($_POST['spki-key']);

 echo '<pre>'; print_r($w); echo '</pre>';

}

echo "done<br/>";

echo "============================<br/>";



if (empty($_POST['spki-key'])){

 openssl_free_key($key);

}



?>

------------------------------------------------------------------------
[2011-12-13 17:04:07] [email protected]

Hi!

Thanks for the patch, please add some test cases as well (phpt format) so we 
can 
easily valid the new functions.

Also be sure that the patched ssl can still be built against older openssl 
version 
as we still support them (0.9.x serie for trunk and 5.4).

------------------------------------------------------------------------
[2011-12-13 16:56:43] jason dot gerfen at gmail dot com

Since I have not seen any changes on this I am going to post the patch to php-
internals list.

------------------------------------------------------------------------
[2011-12-08 10:57:03] jason dot gerfen at gmail dot com

I modified the test case and fixed a slight memory problem that would 
occasionally take place when allocating memory for the openssl_spki_new() 
return value.

echo "Generating private key...";
$key = openssl_pkey_new(array('digest_alg' => 'sha1',
                              'private_key_type' => OPENSSL_KEYTYPE_RSA,
                              'private_key_bits' => 2048));
echo "done\n";
echo "============================\n";

echo "Creating SPKAC...\n";
if (function_exists('openssl_spki_new')){
 $spki = openssl_spki_new($key, 'wtfd00d');
 echo $spki;
}
echo "done\n";
echo "============================\n";

echo "SPKAC details...\n";
if (function_exists('openssl_spki_details')){
 $x = (empty($_POST['spki-key'])) ?
  openssl_spki_details(preg_replace('/SPKAC=/', '', $spki)) :
  openssl_spki_details($_POST['spki-key']);
 var_dump($x);
}
echo "done\n";
echo "============================\n";

echo "Verifying SPKAC...\n";
if (function_exists('openssl_spki_verify')){
 $y = (empty($_POST['spki-key'])) ?
  openssl_spki_verify(preg_replace('/SPKAC=/', '', $spki)) :
  openssl_spki_verify($_POST['spki-key']);
 var_dump($y);
}
echo "\n============================\n";

echo "Exporting public key from SPKAC...\n";
if (function_exists('openssl_spki_export')){
 $z = (empty($_POST['spki-key'])) ?
  openssl_spki_export(preg_replace('/SPKAC=/', '', $spki)) :
  openssl_spki_export($_POST['spki-key']);
 var_dump($z);
}

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=38917


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=38917&edit=1

Req #38917 [Com]: OpenSSL: signing function for spkac

Reply via email to