Zwartpet / php-certificate-toolbox

examples/exampleDNSInit.php

Indentation +24 added lines, -24 removed lines

@@ -22,36 +22,36 @@
 try {
 // Initiating the client instance. In this case using the staging server (argument 2) and outputting all status
 // and debug information (argument 3).
-    $client = new LEClient($email, true, $logger);
+	$client = new LEClient($email, true, $logger);
 // Initiating the order instance. The keys and certificate will be stored in /example.org/ (argument 1) and the
 // domains in the array (argument 2) will be on the certificate.
-    $order = $client->getOrCreateOrder($basename, $domains);
+	$order = $client->getOrCreateOrder($basename, $domains);
 // Check whether there are any authorizations pending. If that is the case, try to verify the pending authorizations.
-    if (!$order->allAuthorizationsValid()) {
-        // Get the DNS challenges from the pending authorizations.
-        $pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS);
-        // Walk the list of pending authorization DNS challenges.
-        if (!empty($pending)) {
-            foreach ($pending as $challenge) {
-                // For the purpose of this example, a fictitious functions creates or updates the ACME challenge DNS
-                // record for this domain.
-                //setDNSRecord($challenge['identifier'], $challenge['DNSDigest']);
-                printf(
-                    "DNS Challengage identifier = %s digest = %s\n",
-                    $challenge['identifier'],
-                    $challenge['DNSDigest']
-                );
-            }
-        }
-    }
+	if (!$order->allAuthorizationsValid()) {
+		// Get the DNS challenges from the pending authorizations.
+		$pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS);
+		// Walk the list of pending authorization DNS challenges.
+		if (!empty($pending)) {
+			foreach ($pending as $challenge) {
+				// For the purpose of this example, a fictitious functions creates or updates the ACME challenge DNS
+				// record for this domain.
+				//setDNSRecord($challenge['identifier'], $challenge['DNSDigest']);
+				printf(
+					"DNS Challengage identifier = %s digest = %s\n",
+					$challenge['identifier'],
+					$challenge['DNSDigest']
+				);
+			}
+		}
+	}
 }
 catch (\Exception $e) {
-    echo $e->getMessage()."\n";
-    echo $e->getTraceAsString()."\n";
+	echo $e->getMessage()."\n";
+	echo $e->getTraceAsString()."\n";
 
-    echo "\nDiagnostic logs\n";
-    $logger->dumpConsole();
-    exit;
+	echo "\nDiagnostic logs\n";
+	$logger->dumpConsole();
+	exit;
 }
 
 echo "\nDiagnostic logs\n";

Spacing +4 added lines, -4 removed lines

@@ -1,7 +1,7 @@ 
 <?php
 namespace Elphin\LEClient;
 
-require_once(__DIR__.'/../vendor/autoload.php');
+require_once(__DIR__ . '/../vendor/autoload.php');
 
 //Sets the maximum execution time to two minutes, to be sure.
 ini_set('max_execution_time', 120);
@@ -15,7 +15,7 @@ 
 
 $email = ['paul@elphin.com'];
 $basename = 'le.dixo.net';
-$domains=['le.dixo.net'];
+$domains = ['le.dixo.net'];
 
 $logger = new DiagnosticLogger;
 
@@ -46,8 +46,8 @@ 
     }
 }
 catch (\Exception $e) {
-    echo $e->getMessage()."\n";
-    echo $e->getTraceAsString()."\n";
+    echo $e->getMessage() . "\n";
+    echo $e->getTraceAsString() . "\n";
 
     echo "\nDiagnostic logs\n";
     $logger->dumpConsole();

Braces +1 added lines, -2 removed lines

@@ -44,8 +44,7 @@
             }
         }
     }
-}
-catch (\Exception $e) {
+} catch (\Exception $e) {
     echo $e->getMessage()."\n";
     echo $e->getTraceAsString()."\n";
 

examples/exampleDNSFinish.php

Indentation +2 added lines, -2 removed lines

@@ -49,8 +49,8 @@
 	if($order->isFinalized()) $order->getCertificate();
 
 	//finally, here's how we revoke
-    //echo "REVOKING...\n";
-    //$order->revokeCertificate();
+	//echo "REVOKING...\n";
+	//$order->revokeCertificate();
 }
 
 

Spacing +8 added lines, -8 removed lines

@@ -1,7 +1,7 @@ 
 <?php
 namespace Elphin\LEClient;
 
-require_once(__DIR__.'/../vendor/autoload.php');
+require_once(__DIR__ . '/../vendor/autoload.php');
 
 //Sets the maximum execution time to two minutes, to be sure.
 ini_set('max_execution_time', 120);
@@ -15,7 +15,7 @@ 
 
 $email = ['paul@elphin.com'];
 $basename = 'le.dixo.net';
-$domains=['le.dixo.net'];
+$domains = ['le.dixo.net'];
 
 $logger = new DiagnosticLogger;
 
@@ -26,14 +26,14 @@ 
 // in the array (argument 2) will be on the certificate.
 $order = $client->getOrCreateOrder($basename, $domains);
 // Check whether there are any authorizations pending. If that is the case, try to verify the pending authorizations.
-if(!$order->allAuthorizationsValid())
+if (!$order->allAuthorizationsValid())
 {
 	// Get the DNS challenges from the pending authorizations.
 	$pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS);
 	// Walk the list of pending authorization DNS challenges.
-	if(!empty($pending))
+	if (!empty($pending))
 	{
-		foreach($pending as $challenge)
+		foreach ($pending as $challenge)
 		{
 			// Let LetsEncrypt verify this challenge, which should have been fulfilled in exampleDNSStart.php.
 			$order->verifyPendingOrderAuthorization($challenge['identifier'], LEOrder::CHALLENGE_TYPE_DNS);
@@ -41,12 +41,12 @@ 
 	}
 }
 // Check once more whether all authorizations are valid before we can finalize the order.
-if($order->allAuthorizationsValid())
+if ($order->allAuthorizationsValid())
 {
 	// Finalize the order first, if that is not yet done.
-	if(!$order->isFinalized()) $order->finalizeOrder();
+	if (!$order->isFinalized()) $order->finalizeOrder();
 	// Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate.
-	if($order->isFinalized()) $order->getCertificate();
+	if ($order->isFinalized()) $order->getCertificate();
 
 	//finally, here's how we revoke
     //echo "REVOKING...\n";

Braces +6 added lines, -2 removed lines

@@ -44,9 +44,13 @@
 if($order->allAuthorizationsValid())
 {
 	// Finalize the order first, if that is not yet done.
-	if(!$order->isFinalized()) $order->finalizeOrder();
+	if(!$order->isFinalized()) {
+		$order->finalizeOrder();
+	}
 	// Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate.
-	if($order->isFinalized()) $order->getCertificate();
+	if($order->isFinalized()) {
+		$order->getCertificate();
+	}
 
 	//finally, here's how we revoke
     //echo "REVOKING...\n";

examples/exampleHTTP.php

Indentation +1 added lines, -1 removed lines

@@ -32,7 +32,7 @@
 		foreach($pending as $challenge)
 		{
 			// Define the folder in which to store the challenge. For the purpose of this example, a fictitious path is
-            // set.
+			// set.
 			$folder = '/path/to/' . $challenge['identifier'] . '/.well-known/acme-challenge/';
 			// Check if that directory yet exists. If not, create it.
 			if(!file_exists($folder)) mkdir($folder, 0777, true);

Spacing +8 added lines, -8 removed lines

@@ -1,7 +1,7 @@ 
 <?php
 namespace Elphin\LEClient;
 
-require_once(__DIR__.'/../vendor/autoload.php');
+require_once(__DIR__ . '/../vendor/autoload.php');
 
 //Sets the maximum execution time to two minutes, to be sure.
 ini_set('max_execution_time', 120);
@@ -22,20 +22,20 @@ 
 // domains in the array (argument 2) will be on the certificate.
 $order = $client->getOrCreateOrder($basename, $domains);
 // Check whether there are any authorizations pending. If that is the case, try to verify the pending authorizations.
-if(!$order->allAuthorizationsValid())
+if (!$order->allAuthorizationsValid())
 {
 	// Get the HTTP challenges from the pending authorizations.
 	$pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_HTTP);
 	// Walk the list of pending authorization HTTP challenges.
-	if(!empty($pending))
+	if (!empty($pending))
 	{
-		foreach($pending as $challenge)
+		foreach ($pending as $challenge)
 		{
 			// Define the folder in which to store the challenge. For the purpose of this example, a fictitious path is
             // set.
 			$folder = '/path/to/' . $challenge['identifier'] . '/.well-known/acme-challenge/';
 			// Check if that directory yet exists. If not, create it.
-			if(!file_exists($folder)) mkdir($folder, 0777, true);
+			if (!file_exists($folder)) mkdir($folder, 0777, true);
 			// Store the challenge file for this domain.
 			file_put_contents($folder . $challenge['filename'], $challenge['content']);
 			// Let LetsEncrypt verify this challenge.
@@ -44,12 +44,12 @@ 
 	}
 }
 // Check once more whether all authorizations are valid before we can finalize the order.
-if($order->allAuthorizationsValid())
+if ($order->allAuthorizationsValid())
 {
 	// Finalize the order first, if that is not yet done.
-	if(!$order->isFinalized()) $order->finalizeOrder();
+	if (!$order->isFinalized()) $order->finalizeOrder();
 	// Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate.
-	if($order->isFinalized()) $order->getCertificate();
+	if ($order->isFinalized()) $order->getCertificate();
 }
 
 echo "\nDiagnostic logs\n";

Braces +10 added lines, -4 removed lines

@@ -35,7 +35,9 @@ 
             // set.
 			$folder = '/path/to/' . $challenge['identifier'] . '/.well-known/acme-challenge/';
 			// Check if that directory yet exists. If not, create it.
-			if(!file_exists($folder)) mkdir($folder, 0777, true);
+			if(!file_exists($folder)) {
+				mkdir($folder, 0777, true);
+			}
 			// Store the challenge file for this domain.
 			file_put_contents($folder . $challenge['filename'], $challenge['content']);
 			// Let LetsEncrypt verify this challenge.
@@ -47,10 +49,14 @@ 
 if($order->allAuthorizationsValid())
 {
 	// Finalize the order first, if that is not yet done.
-	if(!$order->isFinalized()) $order->finalizeOrder();
+	if(!$order->isFinalized()) {
+		$order->finalizeOrder();
+	}
 	// Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate.
-	if($order->isFinalized()) $order->getCertificate();
-}
+	if($order->isFinalized()) {
+		$order->getCertificate();
+	}
+	}
 
 echo "\nDiagnostic logs\n";
 $logger->dumpConsole();
\ No newline at end of file

src/LEAccount.php

Indentation +230 added lines, -230 removed lines

@@ -13,234 +13,234 @@
  */
 class LEAccount
 {
-    private $connector;
-
-    public $id;
-    public $key;
-    public $contact;
-    public $agreement;
-    public $initialIp;
-    public $createdAt;
-    public $status;
-
-    /** @var LoggerInterface  */
-    private $log;
-
-    /** @var CertificateStorageInterface */
-    private $storage;
-
-    /**
-     * Initiates the LetsEncrypt Account class.
-     *
-     * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
-     * @param LoggerInterface $log   PSR-3 compatible logger
-     * @param array $email           The array of strings containing e-mail addresses. Only used when creating a
-     *                               new account.
-     * @param CertificateStorageInterface $storage  storage for account keys
-     */
-    public function __construct($connector, LoggerInterface $log, $email, CertificateStorageInterface $storage)
-    {
-        $this->connector = $connector;
-        $this->storage = $storage;
-        $this->log = $log;
-
-        if (empty($storage->getAccountPublicKey()) || empty($storage->getAccountPrivateKey())) {
-            $this->log->notice("No account found for ".implode(',', $email).", attempting to create account");
-
-            $accountKey = LEFunctions::RSAgenerateKeys();
-            $storage->setAccountPublicKey($accountKey['public']);
-            $storage->setAccountPrivateKey($accountKey['private']);
-
-            $this->connector->accountURL = $this->createLEAccount($email);
-        } else {
-            $this->connector->accountURL = $this->getLEAccount();
-        }
-        if ($this->connector->accountURL === false) {
-            throw new RuntimeException('Account not found or deactivated.');
-        }
-        $this->getLEAccountData();
-    }
-
-    /**
-     * Creates a new LetsEncrypt account.
-     *
-     * @param array     $email  The array of strings containing e-mail addresses.
-     *
-     * @return string|bool   Returns the new account URL when the account was successfully created, false if not.
-     */
-    private function createLEAccount($email)
-    {
-        $contact = array_map(function ($addr) {
-            return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
-        }, $email);
-
-        $sign = $this->connector->signRequestJWK(
-            ['contact' => $contact, 'termsOfServiceAgreed' => true],
-            $this->connector->newAccount
-        );
-        $post = $this->connector->post($this->connector->newAccount, $sign);
-        if (strpos($post['header'], "201 Created") !== false) {
-            if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
-                return trim($matches[1]);
-            }
-        }
-        //@codeCoverageIgnoreStart
-        return false;
-        //@codeCoverageIgnoreEnd
-    }
-
-    /**
-     * Gets the LetsEncrypt account URL associated with the stored account keys.
-     *
-     * @return string|bool   Returns the account URL if it is found, or false when none is found.
-     */
-    private function getLEAccount()
-    {
-        $sign = $this->connector->signRequestJWK(['onlyReturnExisting' => true], $this->connector->newAccount);
-        $post = $this->connector->post($this->connector->newAccount, $sign);
-
-        if (strpos($post['header'], "200 OK") !== false) {
-            if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
-                return trim($matches[1]);
-            }
-        }
-        return false;
-    }
-
-    /**
-     * Gets the LetsEncrypt account data from the account URL.
-     */
-    private function getLEAccountData()
-    {
-        $sign = $this->connector->signRequestKid(
-            ['' => ''],
-            $this->connector->accountURL,
-            $this->connector->accountURL
-        );
-        $post = $this->connector->post($this->connector->accountURL, $sign);
-        if (strpos($post['header'], "200 OK") !== false) {
-            $this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
-            $this->key = $post['body']['key'];
-            $this->contact = $post['body']['contact'];
-            $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : null;
-            $this->initialIp = $post['body']['initialIp'];
-            $this->createdAt = $post['body']['createdAt'];
-            $this->status = $post['body']['status'];
-        } else {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('Account data cannot be found.');
-            //@codeCoverageIgnoreEnd
-        }
-    }
-
-    /**
-     * Updates account data. Now just supporting new contact information.
-     *
-     * @param array     $email  The array of strings containing e-mail adresses.
-     *
-     * @return boolean  Returns true if the update is successful, false if not.
-     */
-    public function updateAccount($email)
-    {
-        $contact = array_map(function ($addr) {
-            return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
-        }, $email);
-
-        $sign = $this->connector->signRequestKid(
-            ['contact' => $contact],
-            $this->connector->accountURL,
-            $this->connector->accountURL
-        );
-        $post = $this->connector->post($this->connector->accountURL, $sign);
-        if ($post['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('Unable to update account');
-            //@codeCoverageIgnoreEnd
-        }
-
-        $this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
-        $this->key = $post['body']['key'];
-        $this->contact = $post['body']['contact'];
-        $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : '';
-        $this->initialIp = $post['body']['initialIp'];
-        $this->createdAt = $post['body']['createdAt'];
-        $this->status = $post['body']['status'];
-
-        $this->log->notice('Account data updated');
-        return true;
-    }
-
-    /**
-     * Creates new RSA account keys and updates the keys with LetsEncrypt.
-     *
-     * @return boolean  Returns true if the update is successful, false if not.
-     */
-    public function changeAccountKeys()
-    {
-        $new=LEFunctions::RSAgenerateKeys();
-
-        $privateKey = openssl_pkey_get_private($new['private']);
-        if ($privateKey === false) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('Failed to open newly generated private key');
-            //@codeCoverageIgnoreEnd
-        }
-
-
-        $details = openssl_pkey_get_details($privateKey);
-        $innerPayload = ['account' => $this->connector->accountURL, 'newKey' => [
-            "kty" => "RSA",
-            "n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
-            "e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"])
-        ]];
-        $outerPayload = $this->connector->signRequestJWK(
-            $innerPayload,
-            $this->connector->keyChange,
-            $new['private']
-        );
-        $sign = $this->connector->signRequestKid(
-            $outerPayload,
-            $this->connector->accountURL,
-            $this->connector->keyChange
-        );
-        $post = $this->connector->post($this->connector->keyChange, $sign);
-        if ($post['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('Unable to post new account keys');
-            //@codeCoverageIgnoreEnd
-        }
-
-        $this->getLEAccountData();
-
-        $this->storage->setAccountPublicKey($new['public']);
-        $this->storage->setAccountPrivateKey($new['private']);
-
-        $this->log->notice('Account keys changed');
-        return true;
-    }
-
-    /**
-     * Deactivates the LetsEncrypt account.
-     *
-     * @return boolean  Returns true if the deactivation is successful, false if not.
-     */
-    public function deactivateAccount()
-    {
-        $sign = $this->connector->signRequestKid(
-            ['status' => 'deactivated'],
-            $this->connector->accountURL,
-            $this->connector->accountURL
-        );
-        $post = $this->connector->post($this->connector->accountURL, $sign);
-        if ($post['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            $this->log->error('Account deactivation failed');
-            return false;
-            //@codeCoverageIgnoreEnd
-        }
-
-        $this->connector->accountDeactivated = true;
-        $this->log->info('Account deactivated');
-        return true;
-    }
+	private $connector;
+
+	public $id;
+	public $key;
+	public $contact;
+	public $agreement;
+	public $initialIp;
+	public $createdAt;
+	public $status;
+
+	/** @var LoggerInterface  */
+	private $log;
+
+	/** @var CertificateStorageInterface */
+	private $storage;
+
+	/**
+	 * Initiates the LetsEncrypt Account class.
+	 *
+	 * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
+	 * @param LoggerInterface $log   PSR-3 compatible logger
+	 * @param array $email           The array of strings containing e-mail addresses. Only used when creating a
+	 *                               new account.
+	 * @param CertificateStorageInterface $storage  storage for account keys
+	 */
+	public function __construct($connector, LoggerInterface $log, $email, CertificateStorageInterface $storage)
+	{
+		$this->connector = $connector;
+		$this->storage = $storage;
+		$this->log = $log;
+
+		if (empty($storage->getAccountPublicKey()) || empty($storage->getAccountPrivateKey())) {
+			$this->log->notice("No account found for ".implode(',', $email).", attempting to create account");
+
+			$accountKey = LEFunctions::RSAgenerateKeys();
+			$storage->setAccountPublicKey($accountKey['public']);
+			$storage->setAccountPrivateKey($accountKey['private']);
+
+			$this->connector->accountURL = $this->createLEAccount($email);
+		} else {
+			$this->connector->accountURL = $this->getLEAccount();
+		}
+		if ($this->connector->accountURL === false) {
+			throw new RuntimeException('Account not found or deactivated.');
+		}
+		$this->getLEAccountData();
+	}
+
+	/**
+	 * Creates a new LetsEncrypt account.
+	 *
+	 * @param array     $email  The array of strings containing e-mail addresses.
+	 *
+	 * @return string|bool   Returns the new account URL when the account was successfully created, false if not.
+	 */
+	private function createLEAccount($email)
+	{
+		$contact = array_map(function ($addr) {
+			return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
+		}, $email);
+
+		$sign = $this->connector->signRequestJWK(
+			['contact' => $contact, 'termsOfServiceAgreed' => true],
+			$this->connector->newAccount
+		);
+		$post = $this->connector->post($this->connector->newAccount, $sign);
+		if (strpos($post['header'], "201 Created") !== false) {
+			if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
+				return trim($matches[1]);
+			}
+		}
+		//@codeCoverageIgnoreStart
+		return false;
+		//@codeCoverageIgnoreEnd
+	}
+
+	/**
+	 * Gets the LetsEncrypt account URL associated with the stored account keys.
+	 *
+	 * @return string|bool   Returns the account URL if it is found, or false when none is found.
+	 */
+	private function getLEAccount()
+	{
+		$sign = $this->connector->signRequestJWK(['onlyReturnExisting' => true], $this->connector->newAccount);
+		$post = $this->connector->post($this->connector->newAccount, $sign);
+
+		if (strpos($post['header'], "200 OK") !== false) {
+			if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
+				return trim($matches[1]);
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * Gets the LetsEncrypt account data from the account URL.
+	 */
+	private function getLEAccountData()
+	{
+		$sign = $this->connector->signRequestKid(
+			['' => ''],
+			$this->connector->accountURL,
+			$this->connector->accountURL
+		);
+		$post = $this->connector->post($this->connector->accountURL, $sign);
+		if (strpos($post['header'], "200 OK") !== false) {
+			$this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
+			$this->key = $post['body']['key'];
+			$this->contact = $post['body']['contact'];
+			$this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : null;
+			$this->initialIp = $post['body']['initialIp'];
+			$this->createdAt = $post['body']['createdAt'];
+			$this->status = $post['body']['status'];
+		} else {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('Account data cannot be found.');
+			//@codeCoverageIgnoreEnd
+		}
+	}
+
+	/**
+	 * Updates account data. Now just supporting new contact information.
+	 *
+	 * @param array     $email  The array of strings containing e-mail adresses.
+	 *
+	 * @return boolean  Returns true if the update is successful, false if not.
+	 */
+	public function updateAccount($email)
+	{
+		$contact = array_map(function ($addr) {
+			return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
+		}, $email);
+
+		$sign = $this->connector->signRequestKid(
+			['contact' => $contact],
+			$this->connector->accountURL,
+			$this->connector->accountURL
+		);
+		$post = $this->connector->post($this->connector->accountURL, $sign);
+		if ($post['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('Unable to update account');
+			//@codeCoverageIgnoreEnd
+		}
+
+		$this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
+		$this->key = $post['body']['key'];
+		$this->contact = $post['body']['contact'];
+		$this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : '';
+		$this->initialIp = $post['body']['initialIp'];
+		$this->createdAt = $post['body']['createdAt'];
+		$this->status = $post['body']['status'];
+
+		$this->log->notice('Account data updated');
+		return true;
+	}
+
+	/**
+	 * Creates new RSA account keys and updates the keys with LetsEncrypt.
+	 *
+	 * @return boolean  Returns true if the update is successful, false if not.
+	 */
+	public function changeAccountKeys()
+	{
+		$new=LEFunctions::RSAgenerateKeys();
+
+		$privateKey = openssl_pkey_get_private($new['private']);
+		if ($privateKey === false) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('Failed to open newly generated private key');
+			//@codeCoverageIgnoreEnd
+		}
+
+
+		$details = openssl_pkey_get_details($privateKey);
+		$innerPayload = ['account' => $this->connector->accountURL, 'newKey' => [
+			"kty" => "RSA",
+			"n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
+			"e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"])
+		]];
+		$outerPayload = $this->connector->signRequestJWK(
+			$innerPayload,
+			$this->connector->keyChange,
+			$new['private']
+		);
+		$sign = $this->connector->signRequestKid(
+			$outerPayload,
+			$this->connector->accountURL,
+			$this->connector->keyChange
+		);
+		$post = $this->connector->post($this->connector->keyChange, $sign);
+		if ($post['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('Unable to post new account keys');
+			//@codeCoverageIgnoreEnd
+		}
+
+		$this->getLEAccountData();
+
+		$this->storage->setAccountPublicKey($new['public']);
+		$this->storage->setAccountPrivateKey($new['private']);
+
+		$this->log->notice('Account keys changed');
+		return true;
+	}
+
+	/**
+	 * Deactivates the LetsEncrypt account.
+	 *
+	 * @return boolean  Returns true if the deactivation is successful, false if not.
+	 */
+	public function deactivateAccount()
+	{
+		$sign = $this->connector->signRequestKid(
+			['status' => 'deactivated'],
+			$this->connector->accountURL,
+			$this->connector->accountURL
+		);
+		$post = $this->connector->post($this->connector->accountURL, $sign);
+		if ($post['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			$this->log->error('Account deactivation failed');
+			return false;
+			//@codeCoverageIgnoreEnd
+		}
+
+		$this->connector->accountDeactivated = true;
+		$this->log->info('Account deactivated');
+		return true;
+	}
 }

Spacing +4 added lines, -4 removed lines

@@ -45,7 +45,7 @@ 
         $this->log = $log;
 
         if (empty($storage->getAccountPublicKey()) || empty($storage->getAccountPrivateKey())) {
-            $this->log->notice("No account found for ".implode(',', $email).", attempting to create account");
+            $this->log->notice("No account found for " . implode(',', $email) . ", attempting to create account");
 
             $accountKey = LEFunctions::RSAgenerateKeys();
             $storage->setAccountPublicKey($accountKey['public']);
@@ -70,7 +70,7 @@ 
      */
     private function createLEAccount($email)
     {
-        $contact = array_map(function ($addr) {
+        $contact = array_map(function($addr) {
             return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
         }, $email);
 
@@ -142,7 +142,7 @@ 
      */
     public function updateAccount($email)
     {
-        $contact = array_map(function ($addr) {
+        $contact = array_map(function($addr) {
             return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
         }, $email);
 
@@ -177,7 +177,7 @@ 
      */
     public function changeAccountKeys()
     {
-        $new=LEFunctions::RSAgenerateKeys();
+        $new = LEFunctions::RSAgenerateKeys();
 
         $privateKey = openssl_pkey_get_private($new['private']);
         if ($privateKey === false) {

src/LEClient.php

Indentation +152 added lines, -152 removed lines

@@ -21,156 +21,156 @@
  */
 class LEClient
 {
-    const LE_PRODUCTION = 'https://acme-v02.api.letsencrypt.org';
-    const LE_STAGING = 'https://acme-staging-v02.api.letsencrypt.org';
-
-    /** @var LEConnector */
-    private $connector;
-
-    /** @var LEAccount */
-    private $account;
-
-    private $baseURL;
-
-    /** @var LoggerInterface */
-    private $log;
-
-    /** @var ClientInterface */
-    private $httpClient;
-
-    /** @var DNSValidatorInterface */
-    private $dns;
-
-    /** @var Sleep */
-    private $sleep;
-
-    /** @var CertificateStorageInterface */
-    private $storage;
-
-
-    private $email;
-
-    /**
-     * Initiates the LetsEncrypt main client.
-     *
-     * @param array $email The array of strings containing e-mail addresses. Only used in this function when
-     *                                creating a new account.
-     * @param string|bool $acmeURL ACME URL, can be string or one of predefined values: LE_STAGING or LE_PRODUCTION.
-     *                                Defaults to LE_STAGING. Can also pass true/false for staging/production
-     * @param LoggerInterface $logger PSR-3 compatible logger
-     * @param ClientInterface|null $httpClient you can pass a custom client used for HTTP requests, if null is passed
-     *                                one will be created
-     * @param CertificateStorageInterface|null $storage service for certificates. If not supplied, a default
-     *                                storage object will retain certificates in the local filesystem in a directory
-     *                                called certificates in the current working directory
-     * @param DNSValidatorInterface|null $dnsValidator service for checking DNS challenges. By default, this will use
-     *                                Google's DNS over HTTPs service, which should insulate you from cached entries,
-     *                                but this can be swapped for 'NativeDNS' or other alternative implementation
-     */
-    public function __construct(
-        $email,
-        $acmeURL = LEClient::LE_STAGING,
-        LoggerInterface $logger = null,
-        ClientInterface $httpClient = null,
-        CertificateStorageInterface $storage = null,
-        DNSValidatorInterface $dnsValidator = null
-    ) {
-        $this->log = $logger ?? new NullLogger();
-
-        $this->initBaseUrl($acmeURL);
-
-        $this->httpClient = $httpClient ?? new Client();
-
-        $this->storage = $storage ?? new FilesystemCertificateStorage();
-        $this->dns = $dnsValidator ?? new DNSOverHTTPS();
-        $this->sleep = new Sleep;
-        $this->email = $email;
-    }
-
-    private function initBaseUrl($acmeURL)
-    {
-        if (is_bool($acmeURL)) {
-            $this->baseURL = $acmeURL ? LEClient::LE_STAGING : LEClient::LE_PRODUCTION;
-        } elseif (is_string($acmeURL)) {
-            $this->baseURL = $acmeURL;
-        } else {
-            throw new LogicException('acmeURL must be set to string or bool (legacy)');
-        }
-    }
-
-    public function getBaseUrl()
-    {
-        return $this->baseURL;
-    }
-
-    /**
-     * Inject alternative DNS resolver for testing
-     * @param DNSValidatorInterface $dns
-     */
-    public function setDNS(DNSValidatorInterface $dns)
-    {
-        $this->dns = $dns;
-    }
-
-    /**
-     * Inject alternative sleep service for testing
-     * @param Sleep $sleep
-     */
-    public function setSleep(Sleep $sleep)
-    {
-        $this->sleep = $sleep;
-    }
-
-    private function getConnector()
-    {
-        if (!isset($this->connector)) {
-            $this->connector = new LEConnector($this->log, $this->httpClient, $this->baseURL, $this->storage);
-
-            //we need to initialize an account before using the connector
-            $this->getAccount();
-        }
-
-        return $this->connector;
-    }
-
-    /**
-     * Returns the LetsEncrypt account used in the current client.
-     *
-     * @return LEAccount    The LetsEncrypt Account instance used by the client.
-     */
-    public function getAccount()
-    {
-        if (!isset($this->account)) {
-            $this->account = new LEAccount($this->getConnector(), $this->log, $this->email, $this->storage);
-        }
-        return $this->account;
-    }
-
-    /**
-     * Returns a LetsEncrypt order. If an order exists, this one is returned. If not, a new order is created and
-     * returned.
-     *
-     * @param string $basename The base name for the order. Preferable the top domain (example.org). Will be the
-     *                          directory in which the keys are stored. Used for the CommonName in the certificate as
-     *                          well.
-     * @param array $domains The array of strings containing the domain names on the certificate.
-     * @param string $keyType Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format
-     *                          (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes)
-     * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the
-     *                          certificate becomes valid. Defaults to the moment the order is finalized. (optional)
-     * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the
-     *                          certificate is valid. Defaults to 90 days past the moment the order is finalized.
-     *                          (optional)
-     *
-     * @return LEOrder  The LetsEncrypt Order instance which is either retrieved or created.
-     */
-    public function getOrCreateOrder($basename, $domains, $keyType = 'rsa-4096', $notBefore = '', $notAfter = '')
-    {
-        $this->log->info("LEClient::getOrCreateOrder($basename,...)");
-
-        $order = new LEOrder($this->getConnector(), $this->storage, $this->log, $this->dns, $this->sleep);
-        $order->loadOrder($basename, $domains, $keyType, $notBefore, $notAfter);
-
-        return $order;
-    }
+	const LE_PRODUCTION = 'https://acme-v02.api.letsencrypt.org';
+	const LE_STAGING = 'https://acme-staging-v02.api.letsencrypt.org';
+
+	/** @var LEConnector */
+	private $connector;
+
+	/** @var LEAccount */
+	private $account;
+
+	private $baseURL;
+
+	/** @var LoggerInterface */
+	private $log;
+
+	/** @var ClientInterface */
+	private $httpClient;
+
+	/** @var DNSValidatorInterface */
+	private $dns;
+
+	/** @var Sleep */
+	private $sleep;
+
+	/** @var CertificateStorageInterface */
+	private $storage;
+
+
+	private $email;
+
+	/**
+	 * Initiates the LetsEncrypt main client.
+	 *
+	 * @param array $email The array of strings containing e-mail addresses. Only used in this function when
+	 *                                creating a new account.
+	 * @param string|bool $acmeURL ACME URL, can be string or one of predefined values: LE_STAGING or LE_PRODUCTION.
+	 *                                Defaults to LE_STAGING. Can also pass true/false for staging/production
+	 * @param LoggerInterface $logger PSR-3 compatible logger
+	 * @param ClientInterface|null $httpClient you can pass a custom client used for HTTP requests, if null is passed
+	 *                                one will be created
+	 * @param CertificateStorageInterface|null $storage service for certificates. If not supplied, a default
+	 *                                storage object will retain certificates in the local filesystem in a directory
+	 *                                called certificates in the current working directory
+	 * @param DNSValidatorInterface|null $dnsValidator service for checking DNS challenges. By default, this will use
+	 *                                Google's DNS over HTTPs service, which should insulate you from cached entries,
+	 *                                but this can be swapped for 'NativeDNS' or other alternative implementation
+	 */
+	public function __construct(
+		$email,
+		$acmeURL = LEClient::LE_STAGING,
+		LoggerInterface $logger = null,
+		ClientInterface $httpClient = null,
+		CertificateStorageInterface $storage = null,
+		DNSValidatorInterface $dnsValidator = null
+	) {
+		$this->log = $logger ?? new NullLogger();
+
+		$this->initBaseUrl($acmeURL);
+
+		$this->httpClient = $httpClient ?? new Client();
+
+		$this->storage = $storage ?? new FilesystemCertificateStorage();
+		$this->dns = $dnsValidator ?? new DNSOverHTTPS();
+		$this->sleep = new Sleep;
+		$this->email = $email;
+	}
+
+	private function initBaseUrl($acmeURL)
+	{
+		if (is_bool($acmeURL)) {
+			$this->baseURL = $acmeURL ? LEClient::LE_STAGING : LEClient::LE_PRODUCTION;
+		} elseif (is_string($acmeURL)) {
+			$this->baseURL = $acmeURL;
+		} else {
+			throw new LogicException('acmeURL must be set to string or bool (legacy)');
+		}
+	}
+
+	public function getBaseUrl()
+	{
+		return $this->baseURL;
+	}
+
+	/**
+	 * Inject alternative DNS resolver for testing
+	 * @param DNSValidatorInterface $dns
+	 */
+	public function setDNS(DNSValidatorInterface $dns)
+	{
+		$this->dns = $dns;
+	}
+
+	/**
+	 * Inject alternative sleep service for testing
+	 * @param Sleep $sleep
+	 */
+	public function setSleep(Sleep $sleep)
+	{
+		$this->sleep = $sleep;
+	}
+
+	private function getConnector()
+	{
+		if (!isset($this->connector)) {
+			$this->connector = new LEConnector($this->log, $this->httpClient, $this->baseURL, $this->storage);
+
+			//we need to initialize an account before using the connector
+			$this->getAccount();
+		}
+
+		return $this->connector;
+	}
+
+	/**
+	 * Returns the LetsEncrypt account used in the current client.
+	 *
+	 * @return LEAccount    The LetsEncrypt Account instance used by the client.
+	 */
+	public function getAccount()
+	{
+		if (!isset($this->account)) {
+			$this->account = new LEAccount($this->getConnector(), $this->log, $this->email, $this->storage);
+		}
+		return $this->account;
+	}
+
+	/**
+	 * Returns a LetsEncrypt order. If an order exists, this one is returned. If not, a new order is created and
+	 * returned.
+	 *
+	 * @param string $basename The base name for the order. Preferable the top domain (example.org). Will be the
+	 *                          directory in which the keys are stored. Used for the CommonName in the certificate as
+	 *                          well.
+	 * @param array $domains The array of strings containing the domain names on the certificate.
+	 * @param string $keyType Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format
+	 *                          (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes)
+	 * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the
+	 *                          certificate becomes valid. Defaults to the moment the order is finalized. (optional)
+	 * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the
+	 *                          certificate is valid. Defaults to 90 days past the moment the order is finalized.
+	 *                          (optional)
+	 *
+	 * @return LEOrder  The LetsEncrypt Order instance which is either retrieved or created.
+	 */
+	public function getOrCreateOrder($basename, $domains, $keyType = 'rsa-4096', $notBefore = '', $notAfter = '')
+	{
+		$this->log->info("LEClient::getOrCreateOrder($basename,...)");
+
+		$order = new LEOrder($this->getConnector(), $this->storage, $this->log, $this->dns, $this->sleep);
+		$order->loadOrder($basename, $domains, $keyType, $notBefore, $notAfter);
+
+		return $order;
+	}
 }

src/DiagnosticLogger.php

Indentation +84 added lines, -84 removed lines

@@ -13,88 +13,88 @@
  */
 class DiagnosticLogger extends AbstractLogger
 {
-    private $logs = [];
-
-    public function log($level, $message, array $context = [])
-    {
-        $this->logs[] = [$level, $message, $context];
-    }
-
-    public function dumpConsole($useColours = true)
-    {
-        $colours = [
-            'alert' => "\e[97m\e[41m",
-            'emergency' => "\e[97m\e[41m",
-            'critical' => "\e[97m\e[41m",
-            'error' => "\e[91m",
-            'warning' => "\e[93m",
-            'notice' => "\e[96m",
-            'info' => "\e[92m",
-            'debug' => "\e[2m",
-        ];
-
-        $reset = $useColours ? "\e[0m" : '';
-
-        foreach ($this->logs as $log) {
-            $col = $useColours ? $colours[$log[0]] : '';
-            echo $col . $log[0] . ': ' . $this->interpolateMessage($log[1], $log[2]) . $reset . "\n";
-        }
-    }
-
-    public function dumpHTML($echo = true)
-    {
-        $html = '<div class="liblynx-diagnostic-log">';
-        $html .= '<table class="table"><thead><tr><th>Level</th><th>Message</th></tr></thead><tbody>';
-        $html .= "\n";
-
-        foreach ($this->logs as $log) {
-            $html .= '<tr class="level-' . $log[0] . '"><td>' . $log[0] . '</td><td>' .
-                htmlentities($this->interpolateMessage($log[1], $log[2])) .
-                "</td></tr>\n";
-        }
-        $html .= "</tbody></table></div>\n";
-
-        if ($echo) {
-            echo $html; //@codeCoverageIgnore
-        }
-        return $html;
-    }
-
-    /**
-     * Interpolates context values into the message placeholders.
-     */
-    private function interpolateMessage($message, array $context = [])
-    {
-        // build a replacement array with braces around the context keys
-        $replace = [];
-        foreach ($context as $key => $val) {
-            // check that the value can be casted to string
-            if (!is_array($val) && (!is_object($val) || method_exists($val, '__toString'))) {
-                $replace['{' . $key . '}'] = $val;
-            }
-        }
-
-        // interpolate replacement values into the message and return
-        return strtr($message, $replace);
-    }
-
-
-    public function cleanLogs()
-    {
-        $logs = $this->logs;
-        $this->logs = [];
-
-        return $logs;
-    }
-
-    public function countLogs($level)
-    {
-        $count = 0;
-        foreach ($this->logs as $log) {
-            if ($log[0] == $level) {
-                $count++;
-            }
-        }
-        return $count;
-    }
+	private $logs = [];
+
+	public function log($level, $message, array $context = [])
+	{
+		$this->logs[] = [$level, $message, $context];
+	}
+
+	public function dumpConsole($useColours = true)
+	{
+		$colours = [
+			'alert' => "\e[97m\e[41m",
+			'emergency' => "\e[97m\e[41m",
+			'critical' => "\e[97m\e[41m",
+			'error' => "\e[91m",
+			'warning' => "\e[93m",
+			'notice' => "\e[96m",
+			'info' => "\e[92m",
+			'debug' => "\e[2m",
+		];
+
+		$reset = $useColours ? "\e[0m" : '';
+
+		foreach ($this->logs as $log) {
+			$col = $useColours ? $colours[$log[0]] : '';
+			echo $col . $log[0] . ': ' . $this->interpolateMessage($log[1], $log[2]) . $reset . "\n";
+		}
+	}
+
+	public function dumpHTML($echo = true)
+	{
+		$html = '<div class="liblynx-diagnostic-log">';
+		$html .= '<table class="table"><thead><tr><th>Level</th><th>Message</th></tr></thead><tbody>';
+		$html .= "\n";
+
+		foreach ($this->logs as $log) {
+			$html .= '<tr class="level-' . $log[0] . '"><td>' . $log[0] . '</td><td>' .
+				htmlentities($this->interpolateMessage($log[1], $log[2])) .
+				"</td></tr>\n";
+		}
+		$html .= "</tbody></table></div>\n";
+
+		if ($echo) {
+			echo $html; //@codeCoverageIgnore
+		}
+		return $html;
+	}
+
+	/**
+	 * Interpolates context values into the message placeholders.
+	 */
+	private function interpolateMessage($message, array $context = [])
+	{
+		// build a replacement array with braces around the context keys
+		$replace = [];
+		foreach ($context as $key => $val) {
+			// check that the value can be casted to string
+			if (!is_array($val) && (!is_object($val) || method_exists($val, '__toString'))) {
+				$replace['{' . $key . '}'] = $val;
+			}
+		}
+
+		// interpolate replacement values into the message and return
+		return strtr($message, $replace);
+	}
+
+
+	public function cleanLogs()
+	{
+		$logs = $this->logs;
+		$this->logs = [];
+
+		return $logs;
+	}
+
+	public function countLogs($level)
+	{
+		$count = 0;
+		foreach ($this->logs as $log) {
+			if ($log[0] == $level) {
+				$count++;
+			}
+		}
+		return $count;
+	}
 }

src/FilesystemCertificateStorage.php

Indentation +157 added lines, -157 removed lines

@@ -10,161 +10,161 @@
  */
 class FilesystemCertificateStorage implements CertificateStorageInterface
 {
-    private $dir;
-
-    public function __construct($dir = null)
-    {
-        $this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'certificates';
-
-        if (!is_dir($this->dir)) {
-            /** @scrutinizer ignore-unhandled */ @mkdir($this->dir);
-        }
-        if (!is_writable($this->dir)) {
-            throw new RuntimeException("{$this->dir} is not writable");
-        }
-    }
-
-
-    /**
-     * @inheritdoc
-     */
-    public function getAccountPublicKey()
-    {
-        return $this->getMetadata('account.public');
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setAccountPublicKey($key)
-    {
-        $this->setMetadata('account.public', $key);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function getAccountPrivateKey()
-    {
-        return $this->getMetadata('account.key');
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setAccountPrivateKey($key)
-    {
-        $this->setMetadata('account.key', $key);
-    }
-
-    private function getDomainKey($domain, $suffix)
-    {
-        return str_replace('*', 'wildcard', $domain).'.'.$suffix;
-    }
-    /**
-     * @inheritdoc
-     */
-    public function getCertificate($domain)
-    {
-        return $this->getMetadata($this->getDomainKey($domain, 'crt'));
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setCertificate($domain, $certificate)
-    {
-        $this->setMetadata($this->getDomainKey($domain, 'crt'), $certificate);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function getFullChainCertificate($domain)
-    {
-        return $this->getMetadata($this->getDomainKey($domain, 'fullchain.crt'));
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setFullChainCertificate($domain, $certificate)
-    {
-        $this->setMetadata($this->getDomainKey($domain, 'fullchain.crt'), $certificate);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function getPrivateKey($domain)
-    {
-        return $this->getMetadata($this->getDomainKey($domain, 'key'));
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setPrivateKey($domain, $key)
-    {
-        $this->setMetadata($this->getDomainKey($domain, 'key'), $key);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function getPublicKey($domain)
-    {
-        return $this->getMetadata($this->getDomainKey($domain, 'public'));
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setPublicKey($domain, $key)
-    {
-        $this->setMetadata($this->getDomainKey($domain, 'public'), $key);
-    }
-
-    private function getMetadataFilename($key)
-    {
-        $key=str_replace('*', 'wildcard', $key);
-        $file=$this->dir.DIRECTORY_SEPARATOR.$key;
-        return $file;
-    }
-    /**
-     * @inheritdoc
-     */
-    public function getMetadata($key)
-    {
-        $file=$this->getMetadataFilename($key);
-        if (!file_exists($file)) {
-            return null;
-        }
-        return file_get_contents($file);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setMetadata($key, $value)
-    {
-        $file=$this->getMetadataFilename($key);
-        if (is_null($value)) {
-            //nothing to store, ensure file is removed
-            if (file_exists($file)) {
-                unlink($file);
-            }
-        } else {
-            file_put_contents($file, $value);
-        }
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function hasMetadata($key)
-    {
-        $file=$this->getMetadataFilename($key);
-        return file_exists($file);
-    }
+	private $dir;
+
+	public function __construct($dir = null)
+	{
+		$this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'certificates';
+
+		if (!is_dir($this->dir)) {
+			/** @scrutinizer ignore-unhandled */ @mkdir($this->dir);
+		}
+		if (!is_writable($this->dir)) {
+			throw new RuntimeException("{$this->dir} is not writable");
+		}
+	}
+
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getAccountPublicKey()
+	{
+		return $this->getMetadata('account.public');
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setAccountPublicKey($key)
+	{
+		$this->setMetadata('account.public', $key);
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getAccountPrivateKey()
+	{
+		return $this->getMetadata('account.key');
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setAccountPrivateKey($key)
+	{
+		$this->setMetadata('account.key', $key);
+	}
+
+	private function getDomainKey($domain, $suffix)
+	{
+		return str_replace('*', 'wildcard', $domain).'.'.$suffix;
+	}
+	/**
+	 * @inheritdoc
+	 */
+	public function getCertificate($domain)
+	{
+		return $this->getMetadata($this->getDomainKey($domain, 'crt'));
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setCertificate($domain, $certificate)
+	{
+		$this->setMetadata($this->getDomainKey($domain, 'crt'), $certificate);
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getFullChainCertificate($domain)
+	{
+		return $this->getMetadata($this->getDomainKey($domain, 'fullchain.crt'));
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setFullChainCertificate($domain, $certificate)
+	{
+		$this->setMetadata($this->getDomainKey($domain, 'fullchain.crt'), $certificate);
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getPrivateKey($domain)
+	{
+		return $this->getMetadata($this->getDomainKey($domain, 'key'));
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setPrivateKey($domain, $key)
+	{
+		$this->setMetadata($this->getDomainKey($domain, 'key'), $key);
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getPublicKey($domain)
+	{
+		return $this->getMetadata($this->getDomainKey($domain, 'public'));
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setPublicKey($domain, $key)
+	{
+		$this->setMetadata($this->getDomainKey($domain, 'public'), $key);
+	}
+
+	private function getMetadataFilename($key)
+	{
+		$key=str_replace('*', 'wildcard', $key);
+		$file=$this->dir.DIRECTORY_SEPARATOR.$key;
+		return $file;
+	}
+	/**
+	 * @inheritdoc
+	 */
+	public function getMetadata($key)
+	{
+		$file=$this->getMetadataFilename($key);
+		if (!file_exists($file)) {
+			return null;
+		}
+		return file_get_contents($file);
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setMetadata($key, $value)
+	{
+		$file=$this->getMetadataFilename($key);
+		if (is_null($value)) {
+			//nothing to store, ensure file is removed
+			if (file_exists($file)) {
+				unlink($file);
+			}
+		} else {
+			file_put_contents($file, $value);
+		}
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function hasMetadata($key)
+	{
+		$file=$this->getMetadataFilename($key);
+		return file_exists($file);
+	}
 }

Spacing +7 added lines, -7 removed lines

@@ -14,7 +14,7 @@ 
 
     public function __construct($dir = null)
     {
-        $this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'certificates';
+        $this->dir = $dir ?? getcwd() . DIRECTORY_SEPARATOR . 'certificates';
 
         if (!is_dir($this->dir)) {
             /** @scrutinizer ignore-unhandled */ @mkdir($this->dir);
@@ -59,7 +59,7 @@ 
 
     private function getDomainKey($domain, $suffix)
     {
-        return str_replace('*', 'wildcard', $domain).'.'.$suffix;
+        return str_replace('*', 'wildcard', $domain) . '.' . $suffix;
     }
     /**
      * @inheritdoc
@@ -127,8 +127,8 @@ 
 
     private function getMetadataFilename($key)
     {
-        $key=str_replace('*', 'wildcard', $key);
-        $file=$this->dir.DIRECTORY_SEPARATOR.$key;
+        $key = str_replace('*', 'wildcard', $key);
+        $file = $this->dir . DIRECTORY_SEPARATOR . $key;
         return $file;
     }
     /**
@@ -136,7 +136,7 @@ 
      */
     public function getMetadata($key)
     {
-        $file=$this->getMetadataFilename($key);
+        $file = $this->getMetadataFilename($key);
         if (!file_exists($file)) {
             return null;
         }
@@ -148,7 +148,7 @@ 
      */
     public function setMetadata($key, $value)
     {
-        $file=$this->getMetadataFilename($key);
+        $file = $this->getMetadataFilename($key);
         if (is_null($value)) {
             //nothing to store, ensure file is removed
             if (file_exists($file)) {
@@ -164,7 +164,7 @@ 
      */
     public function hasMetadata($key)
     {
-        $file=$this->getMetadataFilename($key);
+        $file = $this->getMetadataFilename($key);
         return file_exists($file);
     }
 }

src/CertificateStorageInterface.php

Indentation +104 added lines, -104 removed lines

@@ -9,108 +9,108 @@
  */
 interface CertificateStorageInterface
 {
-    /**
-     * Get the public key for the ACME account
-     * @return string
-     */
-    public function getAccountPublicKey();
-
-    /**
-     * Set the public key for the ACME account
-     * @return string
-     */
-    public function setAccountPublicKey($key);
-
-    /**
-     * Get the private key for the ACME account
-     * @return string
-     */
-    public function getAccountPrivateKey();
-
-    /**
-     * Set the private key for the ACME account
-     * @return string
-     */
-    public function setAccountPrivateKey($key);
-
-    /**
-     * Get the certificate for the given domain
-     *
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @return string|null returns null if no certificate is available for domain
-     */
-    public function getCertificate($domain);
-
-    /**
-     * Set the certificate for the given domain
-     *
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @param $certificate string containing certificate
-     */
-    public function setCertificate($domain, $certificate);
-
-    /**
-     * Get the full chain certificate for the given domain
-     *
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @return string|null returns null if no certificate is available for domain
-     */
-    public function getFullChainCertificate($domain);
-
-    /**
-     * Set the full chain certificate for the given domain
-     *
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @param $certificate string containing certificate with any necessary chained certificates
-     */
-    public function setFullChainCertificate($domain, $certificate);
-
-    /**
-     * Get public key for given certificate
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @return string|null returns null if no certificate is available for domain
-     */
-    public function getPublicKey($domain);
-
-    /**
-     * Set public key for domain
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @param $key string containing private key for domain
-     */
-    public function setPublicKey($domain, $key);
-
-    /**
-     * Get private key for given certificate
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @return string|null returns null if no certificate is available for domain
-     */
-    public function getPrivateKey($domain);
-
-    /**
-     * Set private key for domain
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @param $key string containing private key for domain
-     */
-    public function setPrivateKey($domain, $key);
-
-    /**
-     * Get arbitrary persistent metadata
-     * @param $key string unique key
-     * @return mixed
-     */
-    public function getMetadata($key);
-
-    /**
-     * Store persistent metadata
-     * @param $key string unique key
-     * @param $value string value to store under given key
-     */
-    public function setMetadata($key, $value);
-
-    /**
-     * Check if persistent metadata for given key is available
-     * @param $key
-     * @return string|null
-     */
-    public function hasMetadata($key);
+	/**
+	 * Get the public key for the ACME account
+	 * @return string
+	 */
+	public function getAccountPublicKey();
+
+	/**
+	 * Set the public key for the ACME account
+	 * @return string
+	 */
+	public function setAccountPublicKey($key);
+
+	/**
+	 * Get the private key for the ACME account
+	 * @return string
+	 */
+	public function getAccountPrivateKey();
+
+	/**
+	 * Set the private key for the ACME account
+	 * @return string
+	 */
+	public function setAccountPrivateKey($key);
+
+	/**
+	 * Get the certificate for the given domain
+	 *
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @return string|null returns null if no certificate is available for domain
+	 */
+	public function getCertificate($domain);
+
+	/**
+	 * Set the certificate for the given domain
+	 *
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @param $certificate string containing certificate
+	 */
+	public function setCertificate($domain, $certificate);
+
+	/**
+	 * Get the full chain certificate for the given domain
+	 *
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @return string|null returns null if no certificate is available for domain
+	 */
+	public function getFullChainCertificate($domain);
+
+	/**
+	 * Set the full chain certificate for the given domain
+	 *
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @param $certificate string containing certificate with any necessary chained certificates
+	 */
+	public function setFullChainCertificate($domain, $certificate);
+
+	/**
+	 * Get public key for given certificate
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @return string|null returns null if no certificate is available for domain
+	 */
+	public function getPublicKey($domain);
+
+	/**
+	 * Set public key for domain
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @param $key string containing private key for domain
+	 */
+	public function setPublicKey($domain, $key);
+
+	/**
+	 * Get private key for given certificate
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @return string|null returns null if no certificate is available for domain
+	 */
+	public function getPrivateKey($domain);
+
+	/**
+	 * Set private key for domain
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @param $key string containing private key for domain
+	 */
+	public function setPrivateKey($domain, $key);
+
+	/**
+	 * Get arbitrary persistent metadata
+	 * @param $key string unique key
+	 * @return mixed
+	 */
+	public function getMetadata($key);
+
+	/**
+	 * Store persistent metadata
+	 * @param $key string unique key
+	 * @param $value string value to store under given key
+	 */
+	public function setMetadata($key, $value);
+
+	/**
+	 * Check if persistent metadata for given key is available
+	 * @param $key
+	 * @return string|null
+	 */
+	public function hasMetadata($key);
 }

src/LEConnector.php

Indentation +331 added lines, -331 removed lines

@@ -21,335 +21,335 @@
  */
 class LEConnector
 {
-    public $baseURL;
-
-    private $nonce;
-
-    public $keyChange;
-    public $newAccount;
-    public $newNonce;
-    public $newOrder;
-    public $revokeCert;
-
-    public $accountURL;
-    public $accountDeactivated = false;
-
-    /** @var LoggerInterface */
-    private $log;
-
-    /** @var ClientInterface */
-    private $httpClient;
-
-    /** @var CertificateStorageInterface */
-    private $storage;
-
-    /**
-     * Initiates the LetsEncrypt Connector class.
-     *
-     * @param LoggerInterface $log
-     * @param ClientInterface $httpClient
-     * @param string $baseURL The LetsEncrypt server URL to make requests to.
-     * @param CertificateStorageInterface $storage
-     */
-    public function __construct(
-        LoggerInterface $log,
-        ClientInterface $httpClient,
-        $baseURL,
-        CertificateStorageInterface $storage
-    ) {
-
-        $this->baseURL = $baseURL;
-        $this->storage = $storage;
-        $this->log = $log;
-        $this->httpClient = $httpClient;
-
-        $this->getLEDirectory();
-        $this->getNewNonce();
-    }
-
-    /**
-     * Requests the LetsEncrypt Directory and stores the necessary URLs in this LetsEncrypt Connector instance.
-     */
-    private function getLEDirectory()
-    {
-        $req = $this->get('/directory');
-        $this->keyChange = $req['body']['keyChange'];
-        $this->newAccount = $req['body']['newAccount'];
-        $this->newNonce = $req['body']['newNonce'];
-        $this->newOrder = $req['body']['newOrder'];
-        $this->revokeCert = $req['body']['revokeCert'];
-    }
-
-    /**
-     * Requests a new nonce from the LetsEncrypt server and stores it in this LetsEncrypt Connector instance.
-     */
-    private function getNewNonce()
-    {
-        $result = $this->head($this->newNonce);
-
-        if ($result['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException("No new nonce - fetched {$this->newNonce} got " . $result['header']);
-            //@codeCoverageIgnoreEnd
-        }
-    }
-
-    /**
-     * Makes a request to the HTTP challenge URL and checks whether the authorization is valid for the given $domain.
-     *
-     * @param string $domain The domain to check the authorization for.
-     * @param string $token The token (filename) to request.
-     * @param string $keyAuthorization the keyAuthorization (file content) to compare.
-     *
-     * @return boolean  Returns true if the challenge is valid, false if not.
-     */
-    public function checkHTTPChallenge($domain, $token, $keyAuthorization)
-    {
-        $requestURL = $domain . '/.well-known/acme-challenge/' . $token;
-
-        $request = new Request('GET', $requestURL);
-
-        try {
-            $response = $this->httpClient->send($request);
-        } catch (\Exception $e) {
-            $this->log->warning(
-                "HTTP check on $requestURL failed ({msg})",
-                ['msg' => $e->getMessage()]
-            );
-            return false;
-        }
-
-        $content = $response->getBody()->getContents();
-        return $content == $keyAuthorization;
-    }
-
-    /**
-     * Makes a Curl request.
-     *
-     * @param string $method The HTTP method to use. Accepting GET, POST and HEAD requests.
-     * @param string $URL The URL or partial URL to make the request to.
-     *                       If it is partial, the baseURL will be prepended.
-     * @param string $data The body to attach to a POST request. Expected as a JSON encoded string.
-     *
-     * @return array Returns an array with the keys 'request', 'header' and 'body'.
-     */
-    private function request($method, $URL, $data = null)
-    {
-        if ($this->accountDeactivated) {
-            throw new LogicException('The account was deactivated. No further requests can be made.');
-        }
-
-        $requestURL = preg_match('~^http~', $URL) ? $URL : $this->baseURL . $URL;
-
-        $hdrs = ['Accept' => 'application/json'];
-        if (!empty($data)) {
-            $hdrs['Content-Type'] = 'application/jose+json';
-        }
-
-        $request = new Request($method, $requestURL, $hdrs, $data);
-
-        try {
-            $response = $this->httpClient->send($request);
-        } catch (BadResponseException $e) {
-            //4xx/5xx failures are not expected and we throw exceptions for them
-            $msg = "$method $URL failed";
-            if ($e->hasResponse()) {
-                $body = (string)$e->getResponse()->getBody();
-                $json = json_decode($body, true);
-                if (!empty($json) && isset($json['detail'])) {
-                    $msg .= " ({$json['detail']})";
-                }
-            }
-            throw new RuntimeException($msg, 0, $e);
-        } catch (GuzzleException $e) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException("$method $URL failed", 0, $e);
-            //@codeCoverageIgnoreEnd
-        }
-
-        //uncomment this to generate a test simulation of this request
-        //TestResponseGenerator::dumpTestSimulation($method, $requestURL, $response);
-
-        $this->maintainNonce($method, $response);
-
-        return $this->formatResponse($method, $requestURL, $response);
-    }
-
-    private function formatResponse($method, $requestURL, ResponseInterface $response)
-    {
-        $body = $response->getBody();
-
-        $header = $response->getStatusCode() . ' ' . $response->getReasonPhrase() . "\n";
-        $allHeaders = $response->getHeaders();
-        foreach ($allHeaders as $name => $values) {
-            foreach ($values as $value) {
-                $header .= "$name: $value\n";
-            }
-        }
-
-        $decoded = $body;
-        if ($response->getHeaderLine('Content-Type') === 'application/json') {
-            $decoded = json_decode($body, true);
-            if (!$decoded) {
-                //@codeCoverageIgnoreStart
-                throw new RuntimeException('Bad JSON received ' . $body);
-                //@codeCoverageIgnoreEnd
-            }
-        }
-
-        $jsonresponse = [
-            'request' => $method . ' ' . $requestURL,
-            'header' => $header,
-            'body' => $decoded,
-            'raw' => $body,
-            'status' => $response->getStatusCode()
-        ];
-
-        //$this->log->debug('{request} got {status} header = {header} body = {raw}', $jsonresponse);
-
-        return $jsonresponse;
-    }
-
-    private function maintainNonce($requestMethod, ResponseInterface $response)
-    {
-        if ($response->hasHeader('Replay-Nonce')) {
-            $this->nonce = $response->getHeader('Replay-Nonce')[0];
-            $this->log->debug("got new nonce " . $this->nonce);
-        } elseif ($requestMethod == 'POST') {
-            $this->getNewNonce(); // Not expecting a new nonce with GET and HEAD requests.
-        }
-    }
-
-    /**
-     * Makes a GET request.
-     *
-     * @param string $url The URL or partial URL to make the request to.
-     *                    If it is partial, the baseURL will be prepended.
-     *
-     * @return array Returns an array with the keys 'request', 'header' and 'body'.
-     */
-    public function get($url)
-    {
-        return $this->request('GET', $url);
-    }
-
-    /**
-     * Makes a POST request.
-     *
-     * @param string $url The URL or partial URL for the request to. If it is partial, the baseURL will be prepended.
-     * @param string $data The body to attach to a POST request. Expected as a json string.
-     *
-     * @return array Returns an array with the keys 'request', 'header' and 'body'.
-     */
-    public function post($url, $data = null)
-    {
-        return $this->request('POST', $url, $data);
-    }
-
-    /**
-     * Makes a HEAD request.
-     *
-     * @param string $url The URL or partial URL to make the request to.
-     *                    If it is partial, the baseURL will be prepended.
-     *
-     * @return array Returns an array with the keys 'request', 'header' and 'body'.
-     */
-    public function head($url)
-    {
-        return $this->request('HEAD', $url);
-    }
-
-    /**
-     * Generates a JSON Web Key signature to attach to the request.
-     *
-     * @param array|string $payload The payload to add to the signature.
-     * @param string $url The URL to use in the signature.
-     * @param string $privateKey The private key to sign the request with.
-     *
-     * @return string   Returns a JSON encoded string containing the signature.
-     */
-    public function signRequestJWK($payload, $url, $privateKey = '')
-    {
-        if ($privateKey == '') {
-            $privateKey = $this->storage->getAccountPrivateKey();
-        }
-        $privateKey = openssl_pkey_get_private($privateKey);
-        if ($privateKey === false) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('LEConnector::signRequestJWK failed to get private key');
-            //@codeCoverageIgnoreEnd
-        }
-
-        $details = openssl_pkey_get_details($privateKey);
-
-        $protected = [
-            "alg" => "RS256",
-            "jwk" => [
-                "kty" => "RSA",
-                "n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
-                "e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]),
-            ],
-            "nonce" => $this->nonce,
-            "url" => $url
-        ];
-
-        $payload64 = LEFunctions::base64UrlSafeEncode(
-            str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload)
-        );
-        $protected64 = LEFunctions::base64UrlSafeEncode(json_encode($protected));
-
-        openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, OPENSSL_ALGO_SHA256);
-        $signed64 = LEFunctions::base64UrlSafeEncode($signed);
-
-        $data = [
-            'protected' => $protected64,
-            'payload' => $payload64,
-            'signature' => $signed64
-        ];
-
-        return json_encode($data);
-    }
-
-    /**
-     * Generates a Key ID signature to attach to the request.
-     *
-     * @param array|string $payload The payload to add to the signature.
-     * @param string $kid The Key ID to use in the signature.
-     * @param string $url The URL to use in the signature.
-     * @param string $privateKey The private key to sign the request with. Defaults to account key
-     *
-     * @return string   Returns a JSON encoded string containing the signature.
-     */
-    public function signRequestKid($payload, $kid, $url, $privateKey = '')
-    {
-        if ($privateKey == '') {
-            $privateKey = $this->storage->getAccountPrivateKey();
-        }
-        $privateKey = openssl_pkey_get_private($privateKey);
-
-        //$details = openssl_pkey_get_details($privateKey);
-
-        $protected = [
-            "alg" => "RS256",
-            "kid" => $kid,
-            "nonce" => $this->nonce,
-            "url" => $url
-        ];
-
-        $payload64 = LEFunctions::base64UrlSafeEncode(
-            str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload)
-        );
-        $protected64 = LEFunctions::base64UrlSafeEncode(json_encode($protected));
-
-        openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, OPENSSL_ALGO_SHA256);
-        $signed64 = LEFunctions::base64UrlSafeEncode($signed);
-
-        $data = [
-            'protected' => $protected64,
-            'payload' => $payload64,
-            'signature' => $signed64
-        ];
-
-        return json_encode($data);
-    }
+	public $baseURL;
+
+	private $nonce;
+
+	public $keyChange;
+	public $newAccount;
+	public $newNonce;
+	public $newOrder;
+	public $revokeCert;
+
+	public $accountURL;
+	public $accountDeactivated = false;
+
+	/** @var LoggerInterface */
+	private $log;
+
+	/** @var ClientInterface */
+	private $httpClient;
+
+	/** @var CertificateStorageInterface */
+	private $storage;
+
+	/**
+	 * Initiates the LetsEncrypt Connector class.
+	 *
+	 * @param LoggerInterface $log
+	 * @param ClientInterface $httpClient
+	 * @param string $baseURL The LetsEncrypt server URL to make requests to.
+	 * @param CertificateStorageInterface $storage
+	 */
+	public function __construct(
+		LoggerInterface $log,
+		ClientInterface $httpClient,
+		$baseURL,
+		CertificateStorageInterface $storage
+	) {
+
+		$this->baseURL = $baseURL;
+		$this->storage = $storage;
+		$this->log = $log;
+		$this->httpClient = $httpClient;
+
+		$this->getLEDirectory();
+		$this->getNewNonce();
+	}
+
+	/**
+	 * Requests the LetsEncrypt Directory and stores the necessary URLs in this LetsEncrypt Connector instance.
+	 */
+	private function getLEDirectory()
+	{
+		$req = $this->get('/directory');
+		$this->keyChange = $req['body']['keyChange'];
+		$this->newAccount = $req['body']['newAccount'];
+		$this->newNonce = $req['body']['newNonce'];
+		$this->newOrder = $req['body']['newOrder'];
+		$this->revokeCert = $req['body']['revokeCert'];
+	}
+
+	/**
+	 * Requests a new nonce from the LetsEncrypt server and stores it in this LetsEncrypt Connector instance.
+	 */
+	private function getNewNonce()
+	{
+		$result = $this->head($this->newNonce);
+
+		if ($result['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException("No new nonce - fetched {$this->newNonce} got " . $result['header']);
+			//@codeCoverageIgnoreEnd
+		}
+	}
+
+	/**
+	 * Makes a request to the HTTP challenge URL and checks whether the authorization is valid for the given $domain.
+	 *
+	 * @param string $domain The domain to check the authorization for.
+	 * @param string $token The token (filename) to request.
+	 * @param string $keyAuthorization the keyAuthorization (file content) to compare.
+	 *
+	 * @return boolean  Returns true if the challenge is valid, false if not.
+	 */
+	public function checkHTTPChallenge($domain, $token, $keyAuthorization)
+	{
+		$requestURL = $domain . '/.well-known/acme-challenge/' . $token;
+
+		$request = new Request('GET', $requestURL);
+
+		try {
+			$response = $this->httpClient->send($request);
+		} catch (\Exception $e) {
+			$this->log->warning(
+				"HTTP check on $requestURL failed ({msg})",
+				['msg' => $e->getMessage()]
+			);
+			return false;
+		}
+
+		$content = $response->getBody()->getContents();
+		return $content == $keyAuthorization;
+	}
+
+	/**
+	 * Makes a Curl request.
+	 *
+	 * @param string $method The HTTP method to use. Accepting GET, POST and HEAD requests.
+	 * @param string $URL The URL or partial URL to make the request to.
+	 *                       If it is partial, the baseURL will be prepended.
+	 * @param string $data The body to attach to a POST request. Expected as a JSON encoded string.
+	 *
+	 * @return array Returns an array with the keys 'request', 'header' and 'body'.
+	 */
+	private function request($method, $URL, $data = null)
+	{
+		if ($this->accountDeactivated) {
+			throw new LogicException('The account was deactivated. No further requests can be made.');
+		}
+
+		$requestURL = preg_match('~^http~', $URL) ? $URL : $this->baseURL . $URL;
+
+		$hdrs = ['Accept' => 'application/json'];
+		if (!empty($data)) {
+			$hdrs['Content-Type'] = 'application/jose+json';
+		}
+
+		$request = new Request($method, $requestURL, $hdrs, $data);
+
+		try {
+			$response = $this->httpClient->send($request);
+		} catch (BadResponseException $e) {
+			//4xx/5xx failures are not expected and we throw exceptions for them
+			$msg = "$method $URL failed";
+			if ($e->hasResponse()) {
+				$body = (string)$e->getResponse()->getBody();
+				$json = json_decode($body, true);
+				if (!empty($json) && isset($json['detail'])) {
+					$msg .= " ({$json['detail']})";
+				}
+			}
+			throw new RuntimeException($msg, 0, $e);
+		} catch (GuzzleException $e) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException("$method $URL failed", 0, $e);
+			//@codeCoverageIgnoreEnd
+		}
+
+		//uncomment this to generate a test simulation of this request
+		//TestResponseGenerator::dumpTestSimulation($method, $requestURL, $response);
+
+		$this->maintainNonce($method, $response);
+
+		return $this->formatResponse($method, $requestURL, $response);
+	}
+
+	private function formatResponse($method, $requestURL, ResponseInterface $response)
+	{
+		$body = $response->getBody();
+
+		$header = $response->getStatusCode() . ' ' . $response->getReasonPhrase() . "\n";
+		$allHeaders = $response->getHeaders();
+		foreach ($allHeaders as $name => $values) {
+			foreach ($values as $value) {
+				$header .= "$name: $value\n";
+			}
+		}
+
+		$decoded = $body;
+		if ($response->getHeaderLine('Content-Type') === 'application/json') {
+			$decoded = json_decode($body, true);
+			if (!$decoded) {
+				//@codeCoverageIgnoreStart
+				throw new RuntimeException('Bad JSON received ' . $body);
+				//@codeCoverageIgnoreEnd
+			}
+		}
+
+		$jsonresponse = [
+			'request' => $method . ' ' . $requestURL,
+			'header' => $header,
+			'body' => $decoded,
+			'raw' => $body,
+			'status' => $response->getStatusCode()
+		];
+
+		//$this->log->debug('{request} got {status} header = {header} body = {raw}', $jsonresponse);
+
+		return $jsonresponse;
+	}
+
+	private function maintainNonce($requestMethod, ResponseInterface $response)
+	{
+		if ($response->hasHeader('Replay-Nonce')) {
+			$this->nonce = $response->getHeader('Replay-Nonce')[0];
+			$this->log->debug("got new nonce " . $this->nonce);
+		} elseif ($requestMethod == 'POST') {
+			$this->getNewNonce(); // Not expecting a new nonce with GET and HEAD requests.
+		}
+	}
+
+	/**
+	 * Makes a GET request.
+	 *
+	 * @param string $url The URL or partial URL to make the request to.
+	 *                    If it is partial, the baseURL will be prepended.
+	 *
+	 * @return array Returns an array with the keys 'request', 'header' and 'body'.
+	 */
+	public function get($url)
+	{
+		return $this->request('GET', $url);
+	}
+
+	/**
+	 * Makes a POST request.
+	 *
+	 * @param string $url The URL or partial URL for the request to. If it is partial, the baseURL will be prepended.
+	 * @param string $data The body to attach to a POST request. Expected as a json string.
+	 *
+	 * @return array Returns an array with the keys 'request', 'header' and 'body'.
+	 */
+	public function post($url, $data = null)
+	{
+		return $this->request('POST', $url, $data);
+	}
+
+	/**
+	 * Makes a HEAD request.
+	 *
+	 * @param string $url The URL or partial URL to make the request to.
+	 *                    If it is partial, the baseURL will be prepended.
+	 *
+	 * @return array Returns an array with the keys 'request', 'header' and 'body'.
+	 */
+	public function head($url)
+	{
+		return $this->request('HEAD', $url);
+	}
+
+	/**
+	 * Generates a JSON Web Key signature to attach to the request.
+	 *
+	 * @param array|string $payload The payload to add to the signature.
+	 * @param string $url The URL to use in the signature.
+	 * @param string $privateKey The private key to sign the request with.
+	 *
+	 * @return string   Returns a JSON encoded string containing the signature.
+	 */
+	public function signRequestJWK($payload, $url, $privateKey = '')
+	{
+		if ($privateKey == '') {
+			$privateKey = $this->storage->getAccountPrivateKey();
+		}
+		$privateKey = openssl_pkey_get_private($privateKey);
+		if ($privateKey === false) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('LEConnector::signRequestJWK failed to get private key');
+			//@codeCoverageIgnoreEnd
+		}
+
+		$details = openssl_pkey_get_details($privateKey);
+
+		$protected = [
+			"alg" => "RS256",
+			"jwk" => [
+				"kty" => "RSA",
+				"n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
+				"e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]),
+			],
+			"nonce" => $this->nonce,
+			"url" => $url
+		];
+
+		$payload64 = LEFunctions::base64UrlSafeEncode(
+			str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload)
+		);
+		$protected64 = LEFunctions::base64UrlSafeEncode(json_encode($protected));
+
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, OPENSSL_ALGO_SHA256);
+		$signed64 = LEFunctions::base64UrlSafeEncode($signed);
+
+		$data = [
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		];
+
+		return json_encode($data);
+	}
+
+	/**
+	 * Generates a Key ID signature to attach to the request.
+	 *
+	 * @param array|string $payload The payload to add to the signature.
+	 * @param string $kid The Key ID to use in the signature.
+	 * @param string $url The URL to use in the signature.
+	 * @param string $privateKey The private key to sign the request with. Defaults to account key
+	 *
+	 * @return string   Returns a JSON encoded string containing the signature.
+	 */
+	public function signRequestKid($payload, $kid, $url, $privateKey = '')
+	{
+		if ($privateKey == '') {
+			$privateKey = $this->storage->getAccountPrivateKey();
+		}
+		$privateKey = openssl_pkey_get_private($privateKey);
+
+		//$details = openssl_pkey_get_details($privateKey);
+
+		$protected = [
+			"alg" => "RS256",
+			"kid" => $kid,
+			"nonce" => $this->nonce,
+			"url" => $url
+		];
+
+		$payload64 = LEFunctions::base64UrlSafeEncode(
+			str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload)
+		);
+		$protected64 = LEFunctions::base64UrlSafeEncode(json_encode($protected));
+
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, OPENSSL_ALGO_SHA256);
+		$signed64 = LEFunctions::base64UrlSafeEncode($signed);
+
+		$data = [
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		];
+
+		return json_encode($data);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -154,7 +154,7 @@
             //4xx/5xx failures are not expected and we throw exceptions for them
             $msg = "$method $URL failed";
             if ($e->hasResponse()) {
-                $body = (string)$e->getResponse()->getBody();
+                $body = (string) $e->getResponse()->getBody();
                 $json = json_decode($body, true);
                 if (!empty($json) && isset($json['detail'])) {
                     $msg .= " ({$json['detail']})";