有谁能告诉我如何在PHP中使用openssl smime -sign -signer cert.pem -inkey key.pem -certfile ca-bundle.pem -nodetach -outform der -in profile-uns.mobileconfig -out profile-sig.mobileconfig
这个(这个工作正常!)?
我试过
$path = __DIR__ . DIRECTORY_SEPARATOR; // my actual directory
$infilename = $path . 'profile.mobileconfig'; // my unsigned profile
$outfilename = $path . 'profile-sig.mobileconfig'; // my signed profile
$signcert = file_get_contents($path . 'cert.pem'); // my certificate to sign
$privkey = file_get_contents($path . 'key.pem'); // my private key of the certificate
$extracerts = $path . 'ca-bundle.pem'; // the cert chain of my CA
echo openssl_pkcs7_sign($infilename, $outfilename , $signcert, $privkey, array(), PKCS7_NOATTR,$extracerts);
没有成功。我也尝试了所有PKCS7属性......
答案 0 :(得分:4)
使用openssl smime
致电exec
可以正常工作:
exec('openssl smime -sign -signer cert.pem -inkey key.pem -certfile ca-bundle.pem -nodetach -outform der -in profile.mobileconfig -out profile-sig.mobileconfig');
答案 1 :(得分:1)
实际上,有一种简单的方法可以解决此问题:
/**
* Sign MobileConfig
*
* @string $file_full_pathname e.g. /tmp/example.mobileconfig
* @string $certificate_pathname e.g. /etc/cert.d/apple_distribution.cert.pem
* @string $private_key_pathname e.g. /etc/cert.d/apple_distribution.key.pem
* @bool $remove_file Optional, default is true, if you want to keep your file then set to false.
*
* @return string
*/
function signMobileConfig (
string $file_full_pathname,
string $certificate_pathname,
string $private_key_pathname,
bool $remove_file = true
) {
openssl_pkcs7_sign(
$file_full_pathname,
$file_full_pathname.'.sig',
file_get_contents($certificate_pathname),
file_get_contents($private_key_pathname),
[], 0
);
$signed = file_get_contents($file_full_pathname.'.sig');
if ($remove_file) {
unlink($file_full_pathname.'.sig');
unlink($file_full_pathname);
}
$trimmed = preg_replace('/(.+\n)+\n/', '', $signed, 1);
return base64_decode($trimmed);
}
可以随意修改上面的代码来满足您的要求。