From 02475c5232735f9cd5bea9afc8198c65c8be90aa Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Fri, 31 Jan 2025 13:37:34 +0100 Subject: [PATCH] feat(ssl): improve SSL helper - improve function parameters - set default validity to 1 year as resources need to be manually restarted to use the new certificates - use the CA cert to sign certificates --- app/Helpers/SslHelper.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php index 3a8efd540..4797113b7 100644 --- a/app/Helpers/SslHelper.php +++ b/app/Helpers/SslHelper.php @@ -11,10 +11,14 @@ class SslHelper public static function generateSslCertificate( string $commonName, - array $additionalSans, - string $resourceType, - int $resourceId, + array $additionalSans = [], + ?string $resourceType = null, + ?int $resourceId = null, + ?int $serverId = null, ?string $organizationName = null, + int $validityDays = 365, + ?string $caCert = null, + ?string $caKey = null ): SslCertificate { $organizationName ??= self::DEFAULT_ORGANIZATION_NAME; @@ -50,9 +54,9 @@ class SslHelper $certificate = openssl_csr_sign( $csr, - null, - $privateKey, - 90, + $caCert ?? null, + $caKey ?? $privateKey, + $validityDays, [ 'digest_alg' => 'sha512', 'config' => null, @@ -73,7 +77,8 @@ class SslHelper 'ssl_private_key' => $privateKeyStr, 'resource_type' => $resourceType, 'resource_id' => $resourceId, - 'valid_until' => CarbonImmutable::now()->addDays(90), + 'server_id' => $serverId, + 'valid_until' => CarbonImmutable::now()->addDays($validityDays), ]); } catch (\Throwable $e) { throw new \RuntimeException('SSL Certificate generation failed: '.$e->getMessage(), 0, $e);