fpdf官网:http://www.fpdf.org/?lang=zh
tcpdf官网:https://tcpdf.org/
1、对证书签名与验签逻辑优化,在linux系统中生成根证书CA,用CA为子证书签名,最后使用子证书为pdf做签名,防止pdf伪造自签证书。
1 2 3 4 5 6 7 8 | #1、生成根证书 #a).生成根证书私钥(key文件) openssl genrsa -aes256 -out ca.key 2048 #b).生成根证书签发申请文件(csr文件) openssl req -new -key ca.key -out ca.csr -config /usr/lib/ssl/openssl.cnf #c).自签发根证书(crt文件) openssl x509 -req -days 3650 -sha1 -extensions v3_ca -signkey ca.key -in ca.csr -out ca.crt |
1 2 3 4 5 6 7 8 9 10 11 | #2、用根证书签发server端证书 #a).生成根证书私钥(key文件) openssl genrsa -aes256 -out tcpdf.key 2048 #b).生成根证书签发申请文件(csr文件) openssl req -new -key tcpdf.key -out tcpdf.csr -config /usr/lib/ssl/openssl.cnf #c).使用根证书签发服务端证书 openssl ca -in tcpdf.csr -out tcpdf.crt -days 730 -cert ca.crt -keyfile ca.key -config /usr/lib/ssl/openssl.cnf #The organizationName field needed to be the same in the CA certificate (Timeswealth Global Root CA) |
若发生错误: I am unable to access the ./demoCA/newcerts directory ./demoCA/newcerts: No such file or directory
做如下处理
1 2 3 4 5 | mkdir demoCA mkdir demoCA/newcerts mkdir demoCA/private touch demoCA/index.txt echo "01" >> demoCA/serial |
备注:一下是tcpdf官方提供的生成自签名证书方法,测试用,如果用于实际会有逻辑漏洞,没有根证书约束。
1 2 3 4 5 6 7 8 9 10 11 | /* NOTES: - To create self-signed signature: openssl req -x509 -nodes -days 365000 -newkey rsa:1024 -keyout tcpdf.crt -out tcpdf.crt - To export crt to p12: openssl pkcs12 -export -in tcpdf.crt -out tcpdf.p12 - To export p12 to pfx: openssl pkcs12 -export -inkey tcpdf.crt -in tcpdf.crt -out tcpdf.pfx - To convert pfx certificate to pem: openssl pkcs12 -in tcpdf.pfx -out tcpdf.crt -nodes */ |
自己封装的tcpdf操作类
GeSHi Error: GeSHi could not find the language php (using path /home/wwwroot/www.hillmatrix.com/wp-content/plugins/codecolorer/lib/geshi/) (code 2)
操作类的使用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | <pre>require_once APP_ROOT_PATH."/system/utils/tcpdf_proxy.php"; $tcpdf = new TcpdfProxy(); $html = '<html>content</html>'; $singConf = array(); $singConf['image'] = APP_ROOT_PATH.app_conf('CONTRACT_SEAL'); $singConf['sign_info'] = array( 'Name' => app_conf('SHOP_TITLE'), ); $tcpdf->setSignConf($singConf); $tcpdf->outputPdf($html,'contract.pdf');</pre> |