mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-03 12:39:25 +01:00
* SAML: generate a self-signed certificate (not just the public key)
This commit is contained in:
parent
0ca7508cd3
commit
733770ea36
@ -650,37 +650,40 @@ class Saml implements BackendSSO
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// create a default configuration
|
// create a key-pair, if not existing
|
||||||
if (!file_exists($config_dir.'/config.php') || filesize($config_dir.'/config.php') < 1000)
|
|
||||||
{
|
|
||||||
// create a key-pair
|
|
||||||
$cert_dir = $config_dir.'/cert';
|
$cert_dir = $config_dir.'/cert';
|
||||||
$private_key_path = $cert_dir.'/saml.pem';
|
$private_key_path = $cert_dir.'/saml.pem';
|
||||||
$public_key_path = $cert_dir.'/saml.crt';
|
$public_key_path = $cert_dir.'/saml.crt';
|
||||||
|
|
||||||
if (!file_exists($private_key_path) || !file_exists($public_key_path))
|
if (!file_exists($private_key_path) || !file_exists($public_key_path) ||
|
||||||
|
!preg_match('/^-----BEGIN CERTIFICATE-----$/m', file_get_contents($public_key_path)))
|
||||||
{
|
{
|
||||||
// Create the private and public key
|
$config = [
|
||||||
$res = openssl_pkey_new([
|
|
||||||
"digest_alg" => "sha512",
|
"digest_alg" => "sha512",
|
||||||
"private_key_bits" => 2048,
|
"private_key_bits" => 2048,
|
||||||
"private_key_type" => OPENSSL_KEYTYPE_RSA,
|
"private_key_type" => OPENSSL_KEYTYPE_RSA,
|
||||||
]);
|
];
|
||||||
|
// Read or generate the private key
|
||||||
if ($res === false)
|
if ((!file_exists($private_key_path) ||
|
||||||
|
($pkey = openssl_pkey_get_private(file_get_contents($private_key_path))) === false) &&
|
||||||
|
($pkey = openssl_pkey_new($config)) === false)
|
||||||
{
|
{
|
||||||
throw new Exception('Error generating key-pair!');
|
throw new Exception('Error generating key-pair!');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// generate CSR and self-sign it
|
||||||
|
if (($csr = openssl_csr_new([
|
||||||
|
'commonName' => Api\Header\Http::host(),
|
||||||
|
], $pkey, $config)) === false ||
|
||||||
|
($cert = openssl_csr_sign($csr, null, $pkey, 3650, $config)) === false)
|
||||||
|
{
|
||||||
|
throw new Exception('Error self-signing cert!');
|
||||||
|
}
|
||||||
|
|
||||||
// Extract the public key from $res to $pubKey
|
// Extract the public key from $res to $pubKey
|
||||||
$details = openssl_pkey_get_details($res);
|
if (openssl_x509_export_to_file($cert, $public_key_path) === false ||
|
||||||
|
// Extract the private key
|
||||||
// Extract the private key from $res
|
openssl_pkey_export_to_file($pkey, $private_key_path) === false) // ToDo: db-password as passphrase
|
||||||
$public_key = null;
|
|
||||||
openssl_pkey_export($res, $public_key); // ToDo: db-password as passphrase
|
|
||||||
|
|
||||||
if (!file_put_contents($public_key_path, $details["key"]) ||
|
|
||||||
!file_put_contents($private_key_path, $public_key.$details["key"]))
|
|
||||||
{
|
{
|
||||||
throw new Exception('Error storing key-pair!');
|
throw new Exception('Error storing key-pair!');
|
||||||
}
|
}
|
||||||
@ -690,6 +693,9 @@ class Saml implements BackendSSO
|
|||||||
chmod($private_key_path, 0600);
|
chmod($private_key_path, 0600);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// create a default configuration
|
||||||
|
if (!file_exists($config_dir.'/config.php') || filesize($config_dir.'/config.php') < 1000)
|
||||||
|
{
|
||||||
$simplesaml_dir = EGW_SERVER_ROOT.'/vendor/simplesamlphp/simplesamlphp';
|
$simplesaml_dir = EGW_SERVER_ROOT.'/vendor/simplesamlphp/simplesamlphp';
|
||||||
|
|
||||||
foreach(glob($simplesaml_dir.'/config-templates/*.php') as $path)
|
foreach(glob($simplesaml_dir.'/config-templates/*.php') as $path)
|
||||||
|
Loading…
Reference in New Issue
Block a user