php把java pem转pfx,php自动转换pfx到pem和cer(dem格式)到pem

私钥pfx转pem

//filePath为pfx文件路径

function signfrompfx($strData,$filePath,$keyPass)

{

if(!file_exists($filePath)) {

return false;

}

$pkcs12 = file_get_contents($filePath);

if (openssl_pkcs12_read($pkcs12, $certs, $keyPass)) {

$privateKey = $certs['pkey'];

$publicKey = $certs['cert'];

$signedMsg = "";

if (openssl_sign($strData, $signedMsg, $privateKey)) {

$signedMsg=bin2hex($signedMsg);//这个看情况。有些不需要转换成16进制，有些需要base64编码。看各个接口

return $signedMsg;

} else {

return '';

}

} else {

return '0';

}

}

公钥cer转pem(即x.509证书dem格式转换为pem)

function verifyReturn($data,$signature,$filePath){

/*
filePath为crt,cert文件路径。x.509证书

cer to dem， Convert .cer to .pem, cURL uses .pem

*/

$certificateCAcerContent = file_get_contents($filePath);

$certificateCApemContent =  '-----BEGIN CERTIFICATE-----'.PHP_EOL

.chunk_split(base64_encode($certificateCAcerContent), 64, PHP_EOL)

.'-----END CERTIFICATE-----'.PHP_EOL;*/

file_put_contents('文件地址',$certificateCApemContent);把.cer公钥转成.pem保存

$pubkeyid = openssl_get_publickey($certificateCApemContent);

$len = strlen($signature);

$signature= pack("H" . $len, $signature); //Php-16进制转换为2进制,看情况。有些接口不需要，有些需要base64解码

$data=str_replace('<?xml version=\"1.0\" encoding=\"GBK\"?>', '<?xml version="1.0" encoding="GBK"?>', $data);//这个看情况。

// state whether signature is okay or not

$ok = openssl_verify($data, $signature, $pubkeyid);

openssl_free_key($pubkeyid);

return $ok;

}