PHP把.cer证书内容转.pem格式字符串的封装函数

IOS的.cer证书内容转为pem格式内容

<?php 
// PHP解密cer证书
// 加密 解密 签名 验签
// 加密公钥  public_key.cer
// 解密私钥  private_key.key
// 签名私钥 sign_key.key
// 验签公钥 verify.cer
class RSAUtils{

	private $puKey = 'D:\1\public_key.cer';
	private $prKey = 'D:\1\private_key.key';
	private $siKey = 'D:\2\sign_key.key';
	private $veKey = 'D:\2\verify.cer';

	function __construct($keys=null){
		if(is_array($keys)){
			// 如果能保证参数传递的正确性，可以不用这么严谨，不用这么多的判断
			$this->puKey = isset($keys['puKey']) ? $keys['puKey'] : $this->puKey;
			$this->prKey = isset($keys['prKey']) ? $keys['prKey'] : $this->prKey;
			$this->siKey = isset($keys['siKey']) ? $keys['siKey'] : $this->siKey;
			$this->veKey = isset($keys['veKey']) ? $keys['veKey'] : $this->veKey;
		}
	}

	//加密公钥
	function redPukey()
	{
		//拼接加密公钥路径
		$encryptionKey4Server = file_get_contents($this->puKey);

		// 如果不是pem格式内容则需要转为pem格式字符串
		$pem = chunk_split(base64_encode($encryptionKey4Server), 64, PHP_EOL); //转换为pem格式的公钥
		$pem = "-----BEGIN CERTIFICATE-----" . PHP_EOL . $pem . "-----END CERTIFICATE-----".PHP_EOL;
		$publicKey = openssl_pkey_get_public($pem);
		// $publicKey 为真则变量会保存资源ID，如：Resource id #4
		if(!$publicKey){ // 打印错误信息
			$msgs = '';
			while($msg = openssl_error_string()){
				$msgs = "$msg<br>\n$msgs<br>\n";
			}
			echo $msgs;
			exit;
		}
		return $publicKey;
	}

	//解密私钥
	function redPrkey()
	{       
		// 拼接解密私钥路径
		$decryptKeyPath = $this->prKey;
		$decryptKey4Server = file_get_contents($decryptKeyPath);

		// 如果不是pem格式内容则需要转为pem格式字符串
		$pem = chunk_split($decryptKey4Server,64,"\n");//转换为pem格式的私钥
		$pem = "-----BEGIN RSA PRIVATE KEY-----\n".$pem."-----END RSA PRIVATE KEY-----\n";
		$privateKey = openssl_pkey_get_private($pem);
		return $privateKey;
	}

	//签名私钥
	function redSignkey()
	{       
		//拼接签名路径
		$signKeyPath = $this->siKey;
		$signKey4Server = file_get_contents($signKeyPath);

		$pem = chunk_split($signKey4Server,64,"\n");//转换为pem格式的私钥
		$pem = "-----BEGIN RSA PRIVATE KEY-----\n".$pem."-----END RSA PRIVATE KEY-----\n";
		$signKey = openssl_pkey_get_private($pem);
		return $signKey;
	}

	//验签公钥
	function redVerifykey()
	{       
		//拼接验签路径
		$verifyKeyPath = $this->veKey;    
		$verifyKey4Server = file_get_contents($verifyKeyPath);

		$pem = chunk_split(base64_encode($verifyKey4Server),64,"\n");//转换为pem格式的公钥
		$pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";
		$verifyKey = openssl_pkey_get_public($pem);
		return $verifyKey;
	}

	//公钥加密
	function pubkeyEncrypt($source_data, $pu_key) {
		$data = "";
		$dataArray = str_split($source_data, 117);
		foreach ($dataArray as $value) {
			$encryptedTemp = ""; 
			openssl_public_encrypt($value,$encryptedTemp,$pu_key);//公钥加密
			$data .= base64_encode($encryptedTemp);
		}
		return $data;
	}

	//私钥解密
	function prkeyDecrypt($eccryptData,$decryptKey) {
		$decrypted = "";
		// 使用 str_replace 替换，为了防止传输中把 + 替换成了 空格的情况而产生错误
		$decodeStr = base64_decode(str_replace(" ","+", $eccryptData));
		$enArray = str_split($decodeStr, 256);

		foreach ($enArray as $va) {
			openssl_private_decrypt($va,$decryptedTemp,$decryptKey); //私钥解密
			$decrypted .= $decryptedTemp;
		}
		return $decrypted;
	}

	// base64在url传递过程中需要注意的
	// 把base64加密后在url传输，会把“+“，”/”分别替换为”-”，”_”，以及会把末尾的等号“=”去掉。
	// 另外base64加密后的长度必然是4的倍数，所以可以根据这个还原“=”号
	function base64url_encode($data) {
		return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
		// return $data;  //不处理会乱码
		// return base64_encode($data);
	}

	function base64url_decode($data) {
		return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
	}
}

$rsa = new RSAUtils();
$data = '这是测试数据：哈哈，sldfkjsldfkj= =测试';
echo "数据：$data<br>";
$pukey = $rsa->redPukey(); // 获取公钥
echo "公钥<br>$pukey<br>";
$enData = $rsa->pubkeyEncrypt($data, $pukey); // 加密数据
echo "加密数据 $enData<br>";
$prkey = $rsa->redPrkey(); // 获取私钥
$deData = $rsa->prkeyDecrypt($enData, $prKey); // 解密数据
echo "解密数据 $deData<br>";

echo "数据：$data<br>";
$pukey = $rsa->redSignkey(); // 获取验签公钥
echo "公钥<br>$pukey<br>";
$enData = $rsa->pubkeyEncrypt($data, $pukey); // 加密数据
echo "加密数据 $enData<br>";
$prkey = $rsa->redVerifykey(); // 获取签名私钥
$deData = $rsa->prkeyDecrypt($enData, $prKey); // 解密数据
echo "解密数据 $deData<br>";
exit;

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

<?php

// PHP解密cer证书

// 加密解密签名验签

// 加密公钥 public_key.cer

// 解密私钥 private_key.key

// 签名私钥 sign_key.key

// 验签公钥 verify.cer

class RSAUtils{

private $puKey = 'D:\1\public_key.cer';

private $prKey = 'D:\1\private_key.key';

private $siKey = 'D:\2\sign_key.key';

private $veKey = 'D:\2\verify.cer';

function __construct($keys=null){

if(is_array($keys)){

// 如果能保证参数传递的正确性，可以不用这么严谨，不用这么多的判断

$this->puKey = isset($keys['puKey']) ? $keys['puKey'] : $this->puKey;

$this->prKey = isset($keys['prKey']) ? $keys['prKey'] : $this->prKey;

$this->siKey = isset($keys['siKey']) ? $keys['siKey'] : $this->siKey;

$this->veKey = isset($keys['veKey']) ? $keys['veKey'] : $this->veKey;

}

//加密公钥

function redPukey()

{

//拼接加密公钥路径

$encryptionKey4Server = file_get_contents($this->puKey);

// 如果不是pem格式内容则需要转为pem格式字符串

$pem = chunk_split(base64_encode($encryptionKey4Server), 64, PHP_EOL); //转换为pem格式的公钥

$pem = "-----BEGIN CERTIFICATE-----" . PHP_EOL . $pem . "-----END CERTIFICATE-----".PHP_EOL;

$publicKey = openssl_pkey_get_public($pem);

// $publicKey 为真则变量会保存资源ID，如：Resource id #4

if(!$publicKey){ // 打印错误信息

$msgs = '';

while($msg = openssl_error_string()){

$msgs = "$msg \n$msgs \n";

}

echo $msgs;

exit;

}

return $publicKey;

}

//解密私钥

function redPrkey()

{

// 拼接解密私钥路径

$decryptKeyPath = $this->prKey;

$decryptKey4Server = file_get_contents($decryptKeyPath);

// 如果不是pem格式内容则需要转为pem格式字符串

$pem = chunk_split($decryptKey4Server,64,"\n");//转换为pem格式的私钥

$pem = "-----BEGIN RSA PRIVATE KEY-----\n".$pem."-----END RSA PRIVATE KEY-----\n";

$privateKey = openssl_pkey_get_private($pem);

return $privateKey;

}

//签名私钥

function redSignkey()

{

//拼接签名路径

$signKeyPath = $this->siKey;

$signKey4Server = file_get_contents($signKeyPath);

$pem = chunk_split($signKey4Server,64,"\n");//转换为pem格式的私钥

$pem = "-----BEGIN RSA PRIVATE KEY-----\n".$pem."-----END RSA PRIVATE KEY-----\n";

$signKey = openssl_pkey_get_private($pem);

return $signKey;

}

//验签公钥

function redVerifykey()

{

//拼接验签路径

$verifyKeyPath = $this->veKey;

$verifyKey4Server = file_get_contents($verifyKeyPath);

$pem = chunk_split(base64_encode($verifyKey4Server),64,"\n");//转换为pem格式的公钥

$pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n";

$verifyKey = openssl_pkey_get_public($pem);

return $verifyKey;

}

//公钥加密

function pubkeyEncrypt($source_data, $pu_key) {

$data = "";

$dataArray = str_split($source_data, 117);

foreach ($dataArray as $value) {

$encryptedTemp = "";

openssl_public_encrypt($value,$encryptedTemp,$pu_key);//公钥加密

$data .= base64_encode($encryptedTemp);

}

return $data;

}

//私钥解密

function prkeyDecrypt($eccryptData,$decryptKey) {

$decrypted = "";

// 使用 str_replace 替换，为了防止传输中把 + 替换成了空格的情况而产生错误

$decodeStr = base64_decode(str_replace(" ","+", $eccryptData));

$enArray = str_split($decodeStr, 256);

foreach ($enArray as $va) {

openssl_private_decrypt($va,$decryptedTemp,$decryptKey); //私钥解密

$decrypted .= $decryptedTemp;

}

return $decrypted;

}

// base64在url传递过程中需要注意的

// 把base64加密后在url传输，会把“+“，”/”分别替换为”-”，”_”，以及会把末尾的等号“=”去掉。

// 另外base64加密后的长度必然是4的倍数，所以可以根据这个还原“=”号

function base64url_encode($data) {

return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');

// return $data; //不处理会乱码

// return base64_encode($data);

}

function base64url_decode($data) {

return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));

}

$rsa = new RSAUtils();

$data = '这是测试数据：哈哈，sldfkjsldfkj= =测试';

echo "数据：$data ";

$pukey = $rsa->redPukey(); // 获取公钥

echo "公钥 $pukey ";

$enData = $rsa->pubkeyEncrypt($data, $pukey); // 加密数据

echo "加密数据 $enData ";

$prkey = $rsa->redPrkey(); // 获取私钥

$deData = $rsa->prkeyDecrypt($enData, $prKey); // 解密数据

echo "解密数据 $deData ";

echo "数据：$data ";

$pukey = $rsa->redSignkey(); // 获取验签公钥