WIP

Author: kduma

.gitignore

@@ -6,3 +6,4 @@ composer.lock
 .php-cs-fixer.cache
 .DS_Store
 .idea
+vendor

composer.json

@@ -17,31 +17,31 @@
         }
     ],
     "require": {
-        "kduma/simple-dal": "^0.1",
-        "kduma/simple-dal-adapter-contracts": "^0.1",
-        "kduma/simple-dal-encryption": "^0.1",
-        "kduma/simple-dal-encryption-phpseclib": "^0.1",
-        "kduma/simple-dal-encryption-sodium": "^0.1",
-        "kduma/simple-dal-integrity": "^0.1",
-        "kduma/simple-dal-integrity-contracts": "^0.1",
-        "kduma/simple-dal-integrity-hash": "^0.1",
-        "kduma/simple-dal-integrity-phpseclib": "^0.1",
-        "kduma/simple-dal-integrity-sodium": "^0.1",
-        "kduma/simple-dal-db-adapter": "^0.1",
-        "kduma/simple-dal-flysystem-adapter": "^0.1",
-        "league/flysystem-ziparchive": "^3.0",
-        "kduma/simple-dal-typed": "^0.1",
-        "laravel-zero/framework": "^12.0.2",
-        "league/flysystem": "^3.0",
+        "kduma/simple-dal": "^v0.2",
+        "kduma/simple-dal-adapter-contracts": "^v0.2",
+        "kduma/simple-dal-encryption": "^v0.2",
+        "kduma/simple-dal-encryption-phpseclib": "^v0.2",
+        "kduma/simple-dal-encryption-sodium": "^v0.2",
+        "kduma/simple-dal-integrity": "^v0.2",
+        "kduma/simple-dal-integrity-contracts": "^v0.2",
+        "kduma/simple-dal-integrity-hash": "^v0.2",
+        "kduma/simple-dal-integrity-phpseclib": "^v0.2",
+        "kduma/simple-dal-integrity-sodium": "^v0.2",
+        "kduma/simple-dal-db-adapter": "^v0.2",
+        "kduma/simple-dal-flysystem-adapter": "^v0.2",
+        "league/flysystem-ziparchive": "^3.31",
+        "kduma/simple-dal-typed": "^v0.2",
+        "laravel-zero/framework": "^12.0.5",
+        "league/flysystem": "^3.32",
         "php": "^8.4",
-        "phpseclib/phpseclib": "^3.0",
+        "phpseclib/phpseclib": "^3.0.50",
         "paragonie/sodium_compat": "^2.5"
     },
     "require-dev": {
-        "laravel/pint": "^1.25",
-        "mockery/mockery": "^1.6",
-        "monorepo-php/monorepo": "^12.0",
-        "pestphp/pest": "^3.0|^4.0",
+        "laravel/pint": "^1.29",
+        "mockery/mockery": "^1.6.12",
+        "monorepo-php/monorepo": "^12.5.1",
+        "pestphp/pest": "^3.0|^4.4.2",
         "phpacker/phpacker": "^0.6.4"
     },
     "replace": {
@@ -56,7 +56,10 @@
             "KDuma\\PhpCA\\": "src/library/src/",
             "KDuma\\PhpCA\\ConfigManager\\": "src/config-manager/src/",
             "KDuma\\PhpCA\\Contracts\\": "src/contracts/src/"
-        }
+        },
+        "files": [
+            "src/cli/app/helpers.php"
+        ]
     },
     "autoload-dev": {
         "psr-4": {

php-ca-config.json

@@ -0,0 +1,6 @@
+{
+    "adapter": {
+        "type": "directory",
+        "path": "./workdir/example_data"
+    }
+}

src/cli/app/Commands/BaseCommand.php

@@ -0,0 +1,17 @@
+<?php
+
+namespace App\Commands;
+
+use App\Concerns\DiscoversConfigurationTrait;
+use LaravelZero\Framework\Commands\Command;
+
+abstract class BaseCommand extends Command
+{
+    use DiscoversConfigurationTrait;
+
+    public function __construct()
+    {
+        parent::__construct();
+        $this->bootDiscoversConfigurationTrait();
+    }
+}

src/cli/app/Commands/Ca/ActivateCommand.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Commands\Ca;
+
+use App\Commands\BaseCommand;
+
+use function Laravel\Prompts\error;
+use function Laravel\Prompts\info;
+
+class ActivateCommand extends BaseCommand
+{
+    protected $signature = 'ca:activate {id}';
+    protected $description = 'Set the active CA certificate';
+
+    public function handle(): int
+    {
+        $ca = $this->getCertificationAuthority();
+        $id = $this->argument('id');
+
+        if (! $ca->caCertificates->has($id)) {
+            error("CA certificate \"{$id}\" not found.");
+            return self::FAILURE;
+        }
+
+        $ca->state->setActiveCaCertificateId($id);
+        info("Active CA certificate set to \"{$id}\".");
+
+        return self::SUCCESS;
+    }
+}

src/cli/app/Commands/Ca/Csr/CreateCommand.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Commands\Ca\Csr;
+
+use App\Commands\BaseCommand;
+use KDuma\PhpCA\Record\CertificateSubject\CertificateSubject;
+
+use function Laravel\Prompts\error;
+use function Laravel\Prompts\info;
+use function Laravel\Prompts\text;
+
+class CreateCommand extends BaseCommand
+{
+    protected $signature = 'ca:csr:create {--id=} {--key=} {--dn=}';
+    protected $description = 'Create a CSR for the CA';
+
+    public function handle(): int
+    {
+        $ca = $this->getCertificationAuthority();
+
+        $keyId = $this->option('key') ?? text('Key ID', required: true);
+        $dn = $this->option('dn') ?? text('Distinguished Name', required: true);
+
+        try {
+            $builder = $ca->caCsrs->getBuilder()
+                ->key($keyId)
+                ->subject(CertificateSubject::fromString($dn));
+
+            if ($this->option('id')) {
+                $builder->id($this->option('id'));
+            }
+
+            $csr = $builder->save();
+        } catch (\Throwable $e) {
+            error($e->getMessage());
+            return self::FAILURE;
+        }
+
+        info("CA CSR created: {$csr->id}");
+
+        return self::SUCCESS;
+    }
+}

src/cli/app/Commands/Ca/Csr/GetCommand.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Commands\Ca\Csr;
+
+use App\Commands\BaseCommand;
+
+use function Laravel\Prompts\error;
+
+class GetCommand extends BaseCommand
+{
+    protected $signature = 'ca:csr:get {id}';
+    protected $description = 'Output CA CSR PEM';
+
+    public function handle(): int
+    {
+        $ca = $this->getCertificationAuthority();
+        $csr = $ca->caCsrs->findOrNull($this->argument('id'));
+
+        if ($csr === null) {
+            error('CA CSR not found.');
+            return self::FAILURE;
+        }
+
+        $this->output->writeln($csr->csr);
+
+        return self::SUCCESS;
+    }
+}

src/cli/app/Commands/Ca/Csr/ListCommand.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Commands\Ca\Csr;
+
+use App\Commands\BaseCommand;
+
+use function Laravel\Prompts\info;
+
+class ListCommand extends BaseCommand
+{
+    protected $signature = 'ca:csr:list';
+    protected $description = 'List all CA CSRs';
+
+    public function handle(): int
+    {
+        $ca = $this->getCertificationAuthority();
+        $csrs = $ca->caCsrs->all();
+
+        if (empty($csrs)) {
+            info('No CA CSRs found.');
+            return self::SUCCESS;
+        }
+
+        $this->table(
+            ['ID', 'Subject', 'Key ID', 'CA Cert ID'],
+            array_map(fn ($c) => [
+                $c->id,
+                $c->getSubjectString(),
+                $c->keyId,
+                $c->caCertificateId ?? '-',
+            ], $csrs),
+        );
+
+        return self::SUCCESS;
+    }
+}

src/cli/app/Commands/Ca/GetCommand.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Commands\Ca;
+
+use App\Commands\BaseCommand;
+
+use function Laravel\Prompts\error;
+
+class GetCommand extends BaseCommand
+{
+    protected $signature = 'ca:get {id}';
+    protected $description = 'Output CA certificate PEM';
+
+    public function handle(): int
+    {
+        $ca = $this->getCertificationAuthority();
+        $cert = $ca->caCertificates->findOrNull($this->argument('id'));
+
+        if ($cert === null) {
+            error('CA certificate not found.');
+            return self::FAILURE;
+        }
+
+        $this->output->writeln($cert->certificate);
+
+        return self::SUCCESS;
+    }
+}

src/cli/app/Commands/Ca/GetDerCommand.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Commands\Ca;
+
+use App\Commands\BaseCommand;
+use phpseclib3\File\X509;
+
+use function Laravel\Prompts\error;
+use function Laravel\Prompts\info;
+
+class GetDerCommand extends BaseCommand
+{
+    protected $signature = 'ca:get:der {id} {--stdout : Output raw DER to stdout} {--output= : Output file path}';
+    protected $description = 'Output CA certificate in DER format';
+
+    public function handle(): int
+    {
+        $ca = $this->getCertificationAuthority();
+        $cert = $ca->caCertificates->findOrNull($this->argument('id'));
+
+        if ($cert === null) {
+            error('CA certificate not found.');
+            return self::FAILURE;
+        }
+
+        $x509 = new X509();
+        $x509->loadX509($cert->certificate);
+        $der = $x509->saveX509($x509->getCurrentCert(), X509::FORMAT_DER);
+
+        if ($this->option('stdout')) {
+            $this->output->write($der);
+            return self::SUCCESS;
+        }
+
+        $outputPath = $this->option('output') ?? $this->argument('id') . '.der';
+
+        file_put_contents($outputPath, $der);
+        info("DER certificate written to {$outputPath}");
+
+        return self::SUCCESS;
+    }
+}