WIP

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Author: vitormattos

lib/Handler/CertificateEngine/OpenSslHandler.php

@@ -67,6 +67,7 @@ public function generateRootCert(
 
 	private function getRootCertOptions(): array {
 		$this->generateRootCertConfig();
+		$this->generateCaConfig();
 		$configPath = $this->getConfigPath();
 
 		$options = [
@@ -99,8 +100,14 @@ public function generateCertificate(): string {
 
 		$serialNumber = random_int(1000000, 2147483647);
 
+		// Use CA config for certificate signing if available
+		$configFile = $this->getCaConfigPath();
+		if (!file_exists($configFile)) {
+			$configFile = $this->getFilenameToLeafCert();
+		}
+
 		$x509 = openssl_csr_sign($csr, $rootCertificate, $rootPrivateKey, $this->expirity(), [
-			'config' => $this->getFilenameToLeafCert(),
+			'config' => $configFile,
 			'x509_extensions' => 'v3_req',
 		], $serialNumber);
 
@@ -179,6 +186,92 @@ private function generateRootCertConfig(): void {
 		CertificateHelper::saveFile($configFile, $iniContent);
 	}
 
+	private function generateCaConfig(): void {
+		$configPath = $this->getConfigPath();
+
+		// Generate CA configuration for advanced operations (including CRL)
+		$config = [
+			'[ ca ]' => null,
+			'default_ca' => 'CA_default',
+			'',
+			'[ CA_default ]' => null,
+			'dir' => $configPath,
+			'certs' => '$dir',
+			'crl_dir' => '$dir/crl',
+			'database' => '$dir/index.txt',
+			'new_certs_dir' => '$dir/newcerts',
+			'certificate' => '$dir/ca.pem',
+			'serial' => '$dir/serial',
+			'crlnumber' => '$dir/crlnumber',
+			'crl' => '$dir/crl.pem',
+			'private_key' => '$dir/ca-key.pem',
+			'RANDFILE' => '$dir/.rand',
+			'default_days' => 365,
+			'default_crl_days' => 30,
+			'default_md' => 'sha256',
+			'preserve' => 'no',
+			'policy' => 'policy_strict',
+			'',
+			'[ policy_strict ]' => null,
+			'countryName' => 'match',
+			'stateOrProvinceName' => 'match',
+			'organizationName' => 'match',
+			'organizationalUnitName' => 'optional',
+			'commonName' => 'supplied',
+			'emailAddress' => 'optional',
+		];
+
+		$configContent = '';
+		foreach ($config as $key => $value) {
+			if ($value === null) {
+				$configContent .= "$key\n";
+			} elseif ($key === '') {
+				$configContent .= "\n";
+			} else {
+				$configContent .= "$key = $value\n";
+			}
+		}
+
+		$configFile = $configPath . '/ca.conf';
+		CertificateHelper::saveFile($configFile, $configContent);
+
+		// Initialize required files for CA operations
+		$this->initializeCaFiles($configPath);
+	}
+
+	private function initializeCaFiles(string $configPath): void {
+		// Create necessary directories
+		$directories = ['crl', 'newcerts'];
+		foreach ($directories as $dir) {
+			$dirPath = $configPath . '/' . $dir;
+			if (!is_dir($dirPath)) {
+				mkdir($dirPath, 0755, true);
+			}
+		}
+
+		// Initialize index.txt (certificate database)
+		$indexFile = $configPath . '/index.txt';
+		if (!file_exists($indexFile)) {
+			CertificateHelper::saveFile($indexFile, '');
+		}
+
+		// Initialize serial number file
+		$serialFile = $configPath . '/serial';
+		if (!file_exists($serialFile)) {
+			CertificateHelper::saveFile($serialFile, '1000');
+		}
+
+		// Initialize CRL number file
+		$crlNumberFile = $configPath . '/crlnumber';
+		if (!file_exists($crlNumberFile)) {
+			CertificateHelper::saveFile($crlNumberFile, '01');
+		}
+	}
+
+	private function getCaConfigPath(): string {
+		return $this->getConfigPath() . '/ca.conf';
+	}
+
 	private function getSubjectAltNames(): string {
 		$hosts = $this->getHosts();
 		$altNames = [];
@@ -226,7 +319,10 @@ public function isSetupOk(): bool {
 		$configPath = $this->getConfigPath();
 		$certificate = file_exists($configPath . DIRECTORY_SEPARATOR . 'ca.pem');
 		$privateKey = file_exists($configPath . DIRECTORY_SEPARATOR . 'ca-key.pem');
-		return $certificate && $privateKey;
+		$opensslConfig = file_exists($configPath . DIRECTORY_SEPARATOR . 'openssl.cnf');
+		$caConfig = file_exists($configPath . DIRECTORY_SEPARATOR . 'ca.conf');
+
+		return $certificate && $privateKey && $opensslConfig && $caConfig;
 	}
 
 	#[\Override]