在 PHP 服务器上签署 .mobileconfig
Sign .mobileconfig on a PHP server
谁能告诉我如何在 PHP 中使用 openssl smime -sign -signer cert.pem -inkey key.pem -certfile ca-bundle.pem -nodetach -outform der -in profile-uns.mobileconfig -out profile-sig.mobileconfig 这个(这个工作正常!)?
我试过了
$path = __DIR__ . DIRECTORY_SEPARATOR; // my actual directory
$infilename = $path . 'profile.mobileconfig'; // my unsigned profile
$outfilename = $path . 'profile-sig.mobileconfig'; // my signed profile
$signcert = file_get_contents($path . 'cert.pem'); // my certificate to sign
$privkey = file_get_contents($path . 'key.pem'); // my private key of the certificate
$extracerts = $path . 'ca-bundle.pem'; // the cert chain of my CA
echo openssl_pkcs7_sign($infilename, $outfilename , $signcert, $privkey, array(), PKCS7_NOATTR,$extracerts);
没有成功。我还尝试了所有 PKCS7 属性...
用 exec 调用 openssl smime 工作正常:
exec('openssl smime -sign -signer cert.pem -inkey key.pem -certfile ca-bundle.pem -nodetach -outform der -in profile.mobileconfig -out profile-sig.mobileconfig');
其实,有一个简单的方法可以解决这个问题:
/**
* Sign MobileConfig
*
* @string $file_full_pathname e.g. /tmp/example.mobileconfig
* @string $certificate_pathname e.g. /etc/cert.d/apple_distribution.cert.pem
* @string $private_key_pathname e.g. /etc/cert.d/apple_distribution.key.pem
* @bool $remove_file Optional, default is true, if you want to keep your file then set to false.
*
* @return string
*/
function signMobileConfig (
string $file_full_pathname,
string $certificate_pathname,
string $private_key_pathname,
bool $remove_file = true
) {
openssl_pkcs7_sign(
$file_full_pathname,
$file_full_pathname.'.sig',
file_get_contents($certificate_pathname),
file_get_contents($private_key_pathname),
[], 0
);
$signed = file_get_contents($file_full_pathname.'.sig');
if ($remove_file) {
unlink($file_full_pathname.'.sig');
unlink($file_full_pathname);
}
$trimmed = preg_replace('/(.+\n)+\n/', '', $signed, 1);
return base64_decode($trimmed);
}
请随意修改上面的代码以满足您的需求。
谁能告诉我如何在 PHP 中使用 openssl smime -sign -signer cert.pem -inkey key.pem -certfile ca-bundle.pem -nodetach -outform der -in profile-uns.mobileconfig -out profile-sig.mobileconfig 这个(这个工作正常!)?
我试过了
$path = __DIR__ . DIRECTORY_SEPARATOR; // my actual directory
$infilename = $path . 'profile.mobileconfig'; // my unsigned profile
$outfilename = $path . 'profile-sig.mobileconfig'; // my signed profile
$signcert = file_get_contents($path . 'cert.pem'); // my certificate to sign
$privkey = file_get_contents($path . 'key.pem'); // my private key of the certificate
$extracerts = $path . 'ca-bundle.pem'; // the cert chain of my CA
echo openssl_pkcs7_sign($infilename, $outfilename , $signcert, $privkey, array(), PKCS7_NOATTR,$extracerts);
没有成功。我还尝试了所有 PKCS7 属性...
用 exec 调用 openssl smime 工作正常:
exec('openssl smime -sign -signer cert.pem -inkey key.pem -certfile ca-bundle.pem -nodetach -outform der -in profile.mobileconfig -out profile-sig.mobileconfig');
其实,有一个简单的方法可以解决这个问题:
/**
* Sign MobileConfig
*
* @string $file_full_pathname e.g. /tmp/example.mobileconfig
* @string $certificate_pathname e.g. /etc/cert.d/apple_distribution.cert.pem
* @string $private_key_pathname e.g. /etc/cert.d/apple_distribution.key.pem
* @bool $remove_file Optional, default is true, if you want to keep your file then set to false.
*
* @return string
*/
function signMobileConfig (
string $file_full_pathname,
string $certificate_pathname,
string $private_key_pathname,
bool $remove_file = true
) {
openssl_pkcs7_sign(
$file_full_pathname,
$file_full_pathname.'.sig',
file_get_contents($certificate_pathname),
file_get_contents($private_key_pathname),
[], 0
);
$signed = file_get_contents($file_full_pathname.'.sig');
if ($remove_file) {
unlink($file_full_pathname.'.sig');
unlink($file_full_pathname);
}
$trimmed = preg_replace('/(.+\n)+\n/', '', $signed, 1);
return base64_decode($trimmed);
}
请随意修改上面的代码以满足您的需求。