Zwartpet / php-certificate-toolbox

src/LEConnector.php

Indentation +127 added lines, -127 removed lines

@@ -46,7 +46,7 @@ 
 
 	public $keyChange;
 	public $newAccount;
-    public $newNonce;
+	public $newNonce;
 	public $newOrder;
 	public $revokeCert;
 
@@ -55,13 +55,13 @@ 
 
 	private $log;
 
-    /**
-     * Initiates the LetsEncrypt Connector class.
-     *
-     * @param int 		$log			The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted.
-     * @param string	$baseURL 		The LetsEncrypt server URL to make requests to.
-     * @param array		$accountKeys 	Array containing location of account keys files.
-     */
+	/**
+	 * Initiates the LetsEncrypt Connector class.
+	 *
+	 * @param int 		$log			The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted.
+	 * @param string	$baseURL 		The LetsEncrypt server URL to make requests to.
+	 * @param array		$accountKeys 	Array containing location of account keys files.
+	 */
 	public function __construct($log, $baseURL, $accountKeys)
 	{
 		$this->baseURL = $baseURL;
@@ -71,9 +71,9 @@ 
 		$this->getNewNonce();
 	}
 
-    /**
-     * Requests the LetsEncrypt Directory and stores the necessary URLs in this LetsEncrypt Connector instance.
-     */
+	/**
+	 * Requests the LetsEncrypt Directory and stores the necessary URLs in this LetsEncrypt Connector instance.
+	 */
 	private function getLEDirectory()
 	{
 		$req = $this->get('/directory');
@@ -84,42 +84,42 @@ 
 		$this->revokeCert = $req['body']['revokeCert'];
 	}
 
-    /**
-     * Requests a new nonce from the LetsEncrypt server and stores it in this LetsEncrypt Connector instance.
-     */
+	/**
+	 * Requests a new nonce from the LetsEncrypt server and stores it in this LetsEncrypt Connector instance.
+	 */
 	private function getNewNonce()
 	{
 		if($this->head($this->newNonce)['status'] !== 200) throw LEConnectorException::NoNewNonceException();
 	}
 
-    /**
-     * Makes a Curl request.
-     *
-     * @param string	$method	The HTTP method to use. Accepting GET, POST and HEAD requests.
-     * @param string 	$URL 	The URL or partial URL to make the request to. If it is partial, the baseURL will be prepended.
-     * @param object 	$data  	The body to attach to a POST request. Expected as a JSON encoded string.
-     *
-     * @return array 	Returns an array with the keys 'request', 'header', 'status' and 'body'.
-     */
+	/**
+	 * Makes a Curl request.
+	 *
+	 * @param string	$method	The HTTP method to use. Accepting GET, POST and HEAD requests.
+	 * @param string 	$URL 	The URL or partial URL to make the request to. If it is partial, the baseURL will be prepended.
+	 * @param object 	$data  	The body to attach to a POST request. Expected as a JSON encoded string.
+	 *
+	 * @return array 	Returns an array with the keys 'request', 'header', 'status' and 'body'.
+	 */
 	private function request($method, $URL, $data = null)
 	{
 		if($this->accountDeactivated) throw LEConnectorException::AccountDeactivatedException();
 
 		$headers = array('Accept: application/json', 'Content-Type: application/jose+json');
 		$requestURL = preg_match('~^http~', $URL) ? $URL : $this->baseURL . $URL;
-        $handle = curl_init();
-        curl_setopt($handle, CURLOPT_URL, $requestURL);
-        curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
-        curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($handle, CURLOPT_HEADER, true);
-
-        switch ($method) {
-            case 'GET':
-                break;
-            case 'POST':
-                curl_setopt($handle, CURLOPT_POST, true);
-                curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
-                break;
+		$handle = curl_init();
+		curl_setopt($handle, CURLOPT_URL, $requestURL);
+		curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_HEADER, true);
+
+		switch ($method) {
+			case 'GET':
+				break;
+			case 'POST':
+				curl_setopt($handle, CURLOPT_POST, true);
+				curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
+				break;
 			case 'HEAD':
 				curl_setopt($handle, CURLOPT_CUSTOMREQUEST, 'HEAD');
 				curl_setopt($handle, CURLOPT_NOBODY, true);
@@ -127,25 +127,25 @@ 
 			default:
 				throw LEConnectorException::MethodNotSupportedException($method);
 				break;
-        }
-        $response = curl_exec($handle);
+		}
+		$response = curl_exec($handle);
 
-        if(curl_errno($handle)) {
-            throw LEConnectorException::CurlErrorException(curl_error($handle));
-        }
+		if(curl_errno($handle)) {
+			throw LEConnectorException::CurlErrorException(curl_error($handle));
+		}
 
-        $headerSize = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
-        $statusCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
+		$headerSize = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
+		$statusCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
 
-        $header = substr($response, 0, $headerSize);
-        $body = substr($response, $headerSize);
+		$header = substr($response, 0, $headerSize);
+		$body = substr($response, $headerSize);
 		$jsonbody = json_decode($body, true);
 		$jsonresponse = array(
-            'request' => $method . ' ' . $requestURL,
-            'header' => $header,
-            'status' => $statusCode,
-            'body' => $jsonbody === null ? $body : $jsonbody,
-        );
+			'request' => $method . ' ' . $requestURL,
+			'header' => $header,
+			'status' => $statusCode,
+			'body' => $jsonbody === null ? $body : $jsonbody,
+		);
 		if($this->log instanceof \Psr\Log\LoggerInterface) 
 		{
 			$this->log->debug($method . ' response received', $jsonresponse);
@@ -167,122 +167,122 @@ 
 			throw LEConnectorException::InvalidResponseException($jsonresponse);
 		}
 
-        return $jsonresponse;
+		return $jsonresponse;
 	}
 
-    /**
-     * Makes a GET request.
-     *
-     * @param string	$url 	The URL or partial URL to make the request to. If it is partial, the baseURL will be prepended.
-     *
-     * @return array 	Returns an array with the keys 'request', 'header', 'status' and 'body'.
-     */
+	/**
+	 * Makes a GET request.
+	 *
+	 * @param string	$url 	The URL or partial URL to make the request to. If it is partial, the baseURL will be prepended.
+	 *
+	 * @return array 	Returns an array with the keys 'request', 'header', 'status' and 'body'.
+	 */
 	public function get($url)
 	{
 		return $this->request('GET', $url);
 	}
 
 	/**
-     * Makes a POST request.
-     *
-     * @param string 	$url	The URL or partial URL to make the request to. If it is partial, the baseURL will be prepended.
+	 * Makes a POST request.
+	 *
+	 * @param string 	$url	The URL or partial URL to make the request to. If it is partial, the baseURL will be prepended.
 	 * @param object 	$data	The body to attach to a POST request. Expected as a json string.
-     *
-     * @return array 	Returns an array with the keys 'request', 'header', 'status' and 'body'.
-     */
+	 *
+	 * @return array 	Returns an array with the keys 'request', 'header', 'status' and 'body'.
+	 */
 	public function post($url, $data = null)
 	{
 		return $this->request('POST', $url, $data);
 	}
 
 	/**
-     * Makes a HEAD request.
-     *
-     * @param string 	$url	The URL or partial URL to make the request to. If it is partial, the baseURL will be prepended.
-     *
-     * @return array	Returns an array with the keys 'request', 'header', 'status' and 'body'.
-     */
+	 * Makes a HEAD request.
+	 *
+	 * @param string 	$url	The URL or partial URL to make the request to. If it is partial, the baseURL will be prepended.
+	 *
+	 * @return array	Returns an array with the keys 'request', 'header', 'status' and 'body'.
+	 */
 	public function head($url)
 	{
 		return $this->request('HEAD', $url);
 	}
 
-    /**
-     * Generates a JSON Web Key signature to attach to the request.
-     *
-     * @param array 	$payload		The payload to add to the signature.
-     * @param string	$url 			The URL to use in the signature.
-     * @param string 	$privateKeyFile The private key to sign the request with. Defaults to 'private.pem'. Defaults to accountKeys[private_key].
-     *
-     * @return string	Returns a JSON encoded string containing the signature.
-     */
+	/**
+	 * Generates a JSON Web Key signature to attach to the request.
+	 *
+	 * @param array 	$payload		The payload to add to the signature.
+	 * @param string	$url 			The URL to use in the signature.
+	 * @param string 	$privateKeyFile The private key to sign the request with. Defaults to 'private.pem'. Defaults to accountKeys[private_key].
+	 *
+	 * @return string	Returns a JSON encoded string containing the signature.
+	 */
 	public function signRequestJWK($payload, $url, $privateKeyFile = '')
-    {
+	{
 		if($privateKeyFile == '') $privateKeyFile = $this->accountKeys['private_key'];
 		$privateKey = openssl_pkey_get_private(file_get_contents($privateKeyFile));
-        $details = openssl_pkey_get_details($privateKey);
-
-        $protected = array(
-            "alg" => "RS256",
-            "jwk" => array(
-                "kty" => "RSA",
-                "n" => LEFunctions::Base64UrlSafeEncode($details["rsa"]["n"]),
-                "e" => LEFunctions::Base64UrlSafeEncode($details["rsa"]["e"]),
-            ),
+		$details = openssl_pkey_get_details($privateKey);
+
+		$protected = array(
+			"alg" => "RS256",
+			"jwk" => array(
+				"kty" => "RSA",
+				"n" => LEFunctions::Base64UrlSafeEncode($details["rsa"]["n"]),
+				"e" => LEFunctions::Base64UrlSafeEncode($details["rsa"]["e"]),
+			),
 			"nonce" => $this->nonce,
 			"url" => $url
-        );
+		);
 
-        $payload64 = LEFunctions::Base64UrlSafeEncode(str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload));
-        $protected64 = LEFunctions::Base64UrlSafeEncode(json_encode($protected));
+		$payload64 = LEFunctions::Base64UrlSafeEncode(str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload));
+		$protected64 = LEFunctions::Base64UrlSafeEncode(json_encode($protected));
 
-        openssl_sign($protected64.'.'.$payload64, $signed, $privateKey, "SHA256");
-        $signed64 = LEFunctions::Base64UrlSafeEncode($signed);
+		openssl_sign($protected64.'.'.$payload64, $signed, $privateKey, "SHA256");
+		$signed64 = LEFunctions::Base64UrlSafeEncode($signed);
 
-        $data = array(
-            'protected' => $protected64,
-            'payload' => $payload64,
-            'signature' => $signed64
-        );
+		$data = array(
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		);
 
-        return json_encode($data);
-    }
+		return json_encode($data);
+	}
 
 	/**
-     * Generates a Key ID signature to attach to the request.
-     *
-     * @param array 	$payload		The payload to add to the signature.
+	 * Generates a Key ID signature to attach to the request.
+	 *
+	 * @param array 	$payload		The payload to add to the signature.
 	 * @param string	$kid			The Key ID to use in the signature.
-     * @param string	$url 			The URL to use in the signature.
-     * @param string 	$privateKeyFile The private key to sign the request with. Defaults to 'private.pem'. Defaults to accountKeys[private_key].
-     *
-     * @return string	Returns a JSON encoded string containing the signature.
-     */
+	 * @param string	$url 			The URL to use in the signature.
+	 * @param string 	$privateKeyFile The private key to sign the request with. Defaults to 'private.pem'. Defaults to accountKeys[private_key].
+	 *
+	 * @return string	Returns a JSON encoded string containing the signature.
+	 */
 	public function signRequestKid($payload, $kid, $url, $privateKeyFile = '')
-    {
+	{
 		if($privateKeyFile == '') $privateKeyFile = $this->accountKeys['private_key'];
-        $privateKey = openssl_pkey_get_private(file_get_contents($privateKeyFile));
-        $details = openssl_pkey_get_details($privateKey);
+		$privateKey = openssl_pkey_get_private(file_get_contents($privateKeyFile));
+		$details = openssl_pkey_get_details($privateKey);
 
-        $protected = array(
-            "alg" => "RS256",
-            "kid" => $kid,
+		$protected = array(
+			"alg" => "RS256",
+			"kid" => $kid,
 			"nonce" => $this->nonce,
 			"url" => $url
-        );
+		);
 
-        $payload64 = LEFunctions::Base64UrlSafeEncode(str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload));
-        $protected64 = LEFunctions::Base64UrlSafeEncode(json_encode($protected));
+		$payload64 = LEFunctions::Base64UrlSafeEncode(str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload));
+		$protected64 = LEFunctions::Base64UrlSafeEncode(json_encode($protected));
 
-        openssl_sign($protected64.'.'.$payload64, $signed, $privateKey, "SHA256");
-        $signed64 = LEFunctions::Base64UrlSafeEncode($signed);
+		openssl_sign($protected64.'.'.$payload64, $signed, $privateKey, "SHA256");
+		$signed64 = LEFunctions::Base64UrlSafeEncode($signed);
 
-        $data = array(
-            'protected' => $protected64,
-            'payload' => $payload64,
-            'signature' => $signed64
-        );
+		$data = array(
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		);
 
-        return json_encode($data);
-    }
+		return json_encode($data);
+	}
 }

src/LEAccount.php

Indentation +40 added lines, -40 removed lines

@@ -52,14 +52,14 @@ 
 
 	private $log;
 
-    /**
-     * Initiates the LetsEncrypt Account class.
-     *
-     * @param LEConnector	$connector 		The LetsEncrypt Connector instance to use for HTTP requests.
-     * @param int 			$log 			The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted.
-     * @param array 		$email	 		The array of strings containing e-mail addresses. Only used when creating a new account.
-     * @param array 		$accountKeys 	Array containing location of account keys files.
-     */
+	/**
+	 * Initiates the LetsEncrypt Account class.
+	 *
+	 * @param LEConnector	$connector 		The LetsEncrypt Connector instance to use for HTTP requests.
+	 * @param int 			$log 			The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted.
+	 * @param array 		$email	 		The array of strings containing e-mail addresses. Only used when creating a new account.
+	 * @param array 		$accountKeys 	Array containing location of account keys files.
+	 */
 	public function __construct($connector, $log, $email, $accountKeys)
 	{
 		$this->connector = $connector;
@@ -85,13 +85,13 @@ 
 		$this->getLEAccountData();
 	}
 
-    /**
-     * Creates a new LetsEncrypt account.
-     *
-     * @param array 	$email 	The array of strings containing e-mail addresses.
-     *
-     * @return object	Returns the new account URL when the account was successfully created, false if not.
-     */
+	/**
+	 * Creates a new LetsEncrypt account.
+	 *
+	 * @param array 	$email 	The array of strings containing e-mail addresses.
+	 *
+	 * @return object	Returns the new account URL when the account was successfully created, false if not.
+	 */
 	private function createLEAccount($email)
 	{
 		$contact = array_map(function($addr) { return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr); }, $email);
@@ -105,11 +105,11 @@ 
 		return false;
 	}
 
-    /**
-     * Gets the LetsEncrypt account URL associated with the stored account keys.
-     *
-     * @return object	Returns the account URL if it is found, or false when none is found.
-     */
+	/**
+	 * Gets the LetsEncrypt account URL associated with the stored account keys.
+	 *
+	 * @return object	Returns the account URL if it is found, or false when none is found.
+	 */
 	private function getLEAccount()
 	{
 		$sign = $this->connector->signRequestJWK(array('onlyReturnExisting' => true), $this->connector->newAccount);
@@ -122,9 +122,9 @@ 
 		return false;
 	}
 
-    /**
-     * Gets the LetsEncrypt account data from the account URL.
-     */
+	/**
+	 * Gets the LetsEncrypt account data from the account URL.
+	 */
 	private function getLEAccountData()
 	{
 		$sign = $this->connector->signRequestKid(array('' => ''), $this->connector->accountURL, $this->connector->accountURL);
@@ -145,13 +145,13 @@ 
 		}
 	}
 
-    /**
-     * Updates account data. Now just supporting new contact information.
-     *
-     * @param array 	$email	The array of strings containing e-mail adresses.
-     *
-     * @return boolean	Returns true if the update is successful, false if not.
-     */
+	/**
+	 * Updates account data. Now just supporting new contact information.
+	 *
+	 * @param array 	$email	The array of strings containing e-mail adresses.
+	 *
+	 * @return boolean	Returns true if the update is successful, false if not.
+	 */
 	public function updateAccount($email)
 	{
 		$contact = array_map(function($addr) { return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr); }, $email);
@@ -180,11 +180,11 @@ 
 		}
 	}
 
-    /**
-     * Creates new RSA account keys and updates the keys with LetsEncrypt.
-     *
-     * @return boolean	Returns true if the update is successful, false if not.
-     */
+	/**
+	 * Creates new RSA account keys and updates the keys with LetsEncrypt.
+	 *
+	 * @return boolean	Returns true if the update is successful, false if not.
+	 */
 	public function changeAccountKeys()
 	{
 		LEFunctions::RSAgenerateKeys(null, $this->accountKeys['private_key'].'.new', $this->accountKeys['public_key'].'.new');
@@ -220,11 +220,11 @@ 
 		}
 	}
 
-    /**
-     * Deactivates the LetsEncrypt account.
-     *
-     * @return boolean	Returns true if the deactivation is successful, false if not.
-     */
+	/**
+	 * Deactivates the LetsEncrypt account.
+	 *
+	 * @return boolean	Returns true if the deactivation is successful, false if not.
+	 */
 	public function deactivateAccount()
 	{
 		$sign = $this->connector->signRequestKid(array('status' => 'deactivated'), $this->connector->accountURL, $this->connector->accountURL);

src/LEAuthorization.php

Indentation +17 added lines, -17 removed lines

@@ -49,13 +49,13 @@ 
 
 	private $log;
 
-    /**
-     * Initiates the LetsEncrypt Authorization class. Child of a LetsEncrypt Order instance.
-     *
-     * @param LEConnector	$connector			The LetsEncrypt Connector instance to use for HTTP requests.
-     * @param int 			$log 				The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted.
-     * @param string 		$authorizationURL 	The URL of the authorization, given by a LetsEncrypt order request.
-     */
+	/**
+	 * Initiates the LetsEncrypt Authorization class. Child of a LetsEncrypt Order instance.
+	 *
+	 * @param LEConnector	$connector			The LetsEncrypt Connector instance to use for HTTP requests.
+	 * @param int 			$log 				The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted.
+	 * @param string 		$authorizationURL 	The URL of the authorization, given by a LetsEncrypt order request.
+	 */
 	public function __construct($connector, $log, $authorizationURL)
 	{
 		$this->connector = $connector;
@@ -81,9 +81,9 @@ 
 		}
 	}
 
-    /**
-     * Updates the data associated with the current LetsEncrypt Authorization instance.
-     */
+	/**
+	 * Updates the data associated with the current LetsEncrypt Authorization instance.
+	 */
 
 	public function updateData()
 	{
@@ -106,14 +106,14 @@ 
 		}
 	}
 
-    /**
-     * Gets the challenge of the given $type for this LetsEncrypt Authorization instance. Throws a Runtime Exception if the given $type is not found in this
+	/**
+	 * Gets the challenge of the given $type for this LetsEncrypt Authorization instance. Throws a Runtime Exception if the given $type is not found in this
 	 * LetsEncrypt Authorization instance.
-     *
-     * @param int	$type 	The type of verification. Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS.
-     *
-     * @return array	Returns an array with the challenge of the requested $type.
-     */
+	 *
+	 * @param int	$type 	The type of verification. Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS.
+	 *
+	 * @return array	Returns an array with the challenge of the requested $type.
+	 */
 	public function getChallenge($type)
 	{
 		foreach($this->challenges as $challenge)

src/LEFunctions.php

Indentation +78 added lines, -78 removed lines

@@ -40,14 +40,14 @@ 
  */
 class LEFunctions
 {
-    /**
-     * Generates a new RSA keypair and saves both keys to a new file.
-     *
-     * @param string	$directory		The directory in which to store the new keys. If set to null or empty string - privateKeyFile and publicKeyFile will be treated as absolute paths.
-     * @param string	$privateKeyFile	The filename for the private key file.
-     * @param string	$publicKeyFile  The filename for the public key file.
-     * @param string	$keySize 		RSA key size, must be between 2048 and 4096 (default is 4096)
-     */
+	/**
+	 * Generates a new RSA keypair and saves both keys to a new file.
+	 *
+	 * @param string	$directory		The directory in which to store the new keys. If set to null or empty string - privateKeyFile and publicKeyFile will be treated as absolute paths.
+	 * @param string	$privateKeyFile	The filename for the private key file.
+	 * @param string	$publicKeyFile  The filename for the public key file.
+	 * @param string	$keySize 		RSA key size, must be between 2048 and 4096 (default is 4096)
+	 */
 	public static function RSAGenerateKeys($directory, $privateKeyFile = 'private.pem', $publicKeyFile = 'public.pem', $keySize = 4096)
 	{
 		if ($keySize < 2048 || $keySize > 4096) throw LEFunctionsException::InvalidArgumentException('RSA key size must be between 2048 and 4096.');
@@ -87,14 +87,14 @@ 
 		openssl_pkey_free($res);
 	}
 
-    /**
-     * Generates a new EC prime256v1 keypair and saves both keys to a new file.
-     *
-     * @param string	$directory		The directory in which to store the new keys. If set to null or empty string - privateKeyFile and publicKeyFile will be treated as absolute paths.
-     * @param string	$privateKeyFile	The filename for the private key file.
-     * @param string	$publicKeyFile  The filename for the public key file.
-     * @param string	$keysize  		EC key size, possible values are 256 (prime256v1) or 384 (secp384r1), default is 256
-     */
+	/**
+	 * Generates a new EC prime256v1 keypair and saves both keys to a new file.
+	 *
+	 * @param string	$directory		The directory in which to store the new keys. If set to null or empty string - privateKeyFile and publicKeyFile will be treated as absolute paths.
+	 * @param string	$privateKeyFile	The filename for the private key file.
+	 * @param string	$publicKeyFile  The filename for the public key file.
+	 * @param string	$keysize  		EC key size, possible values are 256 (prime256v1) or 384 (secp384r1), default is 256
+	 */
 	public static function ECGenerateKeys($directory, $privateKeyFile = 'private.pem', $publicKeyFile = 'public.pem', $keySize = 256)
 	{
 		if (version_compare(PHP_VERSION, '7.1.0') == -1) throw LEFunctionsException::PHPVersionException();
@@ -134,43 +134,43 @@ 
 
 
 
-    /**
-     * Encodes a string input to a base64 encoded string which is URL safe.
-     *
-     * @param string	$input 	The input string to encode.
-     *
-     * @return string	Returns a URL safe base64 encoded string.
-     */
+	/**
+	 * Encodes a string input to a base64 encoded string which is URL safe.
+	 *
+	 * @param string	$input 	The input string to encode.
+	 *
+	 * @return string	Returns a URL safe base64 encoded string.
+	 */
 	public static function Base64UrlSafeEncode($input)
-    {
-        return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
-    }
+	{
+		return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
+	}
 
-    /**
-     * Decodes a string that is URL safe base64 encoded.
-     *
-     * @param string	$input	The encoded input string to decode.
-     *
-     * @return string	Returns the decoded input string.
-     */
-    public static function Base64UrlSafeDecode($input)
-    {
-        $remainder = strlen($input) % 4;
-        if ($remainder) {
-            $padlen = 4 - $remainder;
-            $input .= str_repeat('=', $padlen);
-        }
-        return base64_decode(strtr($input, '-_', '+/'));
-    }
+	/**
+	 * Decodes a string that is URL safe base64 encoded.
+	 *
+	 * @param string	$input	The encoded input string to decode.
+	 *
+	 * @return string	Returns the decoded input string.
+	 */
+	public static function Base64UrlSafeDecode($input)
+	{
+		$remainder = strlen($input) % 4;
+		if ($remainder) {
+			$padlen = 4 - $remainder;
+			$input .= str_repeat('=', $padlen);
+		}
+		return base64_decode(strtr($input, '-_', '+/'));
+	}
 
 
 
-    /**
-     * Outputs a log message.
-     *
-     * @param object	$data		The data to print.
-     * @param string	$function	The function name to print above. Defaults to the calling function's name from the stacktrace. (optional)
-     */
+	/**
+	 * Outputs a log message.
+	 *
+	 * @param object	$data		The data to print.
+	 * @param string	$function	The function name to print above. Defaults to the calling function's name from the stacktrace. (optional)
+	 */
 	public static function log($data, $function = '')
 	{
 		$e = new Exception();
@@ -192,43 +192,43 @@ 
 
 
 
-    /**
-     * Makes a request to the HTTP challenge URL and checks whether the authorization is valid for the given $domain.
-     *
-     * @param string	$domain 			The domain to check the authorization for.
-     * @param string 	$token 				The token (filename) to request.
-     * @param string 	$keyAuthorization 	the keyAuthorization (file content) to compare.
-     *
-     * @return boolean	Returns true if the challenge is valid, false if not.
-     */
+	/**
+	 * Makes a request to the HTTP challenge URL and checks whether the authorization is valid for the given $domain.
+	 *
+	 * @param string	$domain 			The domain to check the authorization for.
+	 * @param string 	$token 				The token (filename) to request.
+	 * @param string 	$keyAuthorization 	the keyAuthorization (file content) to compare.
+	 *
+	 * @return boolean	Returns true if the challenge is valid, false if not.
+	 */
 	public static function checkHTTPChallenge($domain, $token, $keyAuthorization)
 	{
 		$requestURL = $domain . '/.well-known/acme-challenge/' . $token;
 		$handle = curl_init();
-        curl_setopt($handle, CURLOPT_URL, $requestURL);
-        curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
-        $response = trim(curl_exec($handle));
+		curl_setopt($handle, CURLOPT_URL, $requestURL);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
+		$response = trim(curl_exec($handle));
 
 		return (!empty($response) && $response == $keyAuthorization);
 	}
 
-    /**
-     * Checks whether the applicable DNS TXT record is a valid authorization for the given $domain.
-     *
-     * @param string	$domain 	The domain to check the authorization for.
-     * @param string	$DNSDigest	The digest to compare the DNS record to.
-     *
-     * @return boolean	Returns true if the challenge is valid, false if not.
-     */
+	/**
+	 * Checks whether the applicable DNS TXT record is a valid authorization for the given $domain.
+	 *
+	 * @param string	$domain 	The domain to check the authorization for.
+	 * @param string	$DNSDigest	The digest to compare the DNS record to.
+	 *
+	 * @return boolean	Returns true if the challenge is valid, false if not.
+	 */
 	public static function checkDNSChallenge($domain, $DNSDigest)
 	{
 		$requestURL = 'https://dns.google.com/resolve?name=_acme-challenge.' . $domain . '&type=TXT';
 		$handle = curl_init();
-        curl_setopt($handle, CURLOPT_URL, $requestURL);
-        curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
-        $response = json_decode(trim(curl_exec($handle)));
+		curl_setopt($handle, CURLOPT_URL, $requestURL);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
+		$response = json_decode(trim(curl_exec($handle)));
 		if($response->Status === 0 && isset($response->Answer))
 		{
 			foreach($response->Answer as $answer) 
@@ -242,11 +242,11 @@ 
 		return false;
 	}
 
-    /**
-     * Creates a simple .htaccess file in $directory which denies from all.
-     *
-     * @param string	$directory	The directory in which to put the .htaccess file.
-     */
+	/**
+	 * Creates a simple .htaccess file in $directory which denies from all.
+	 *
+	 * @param string	$directory	The directory in which to put the .htaccess file.
+	 */
 	public static function createhtaccess($directory)
 	{
 		$htaccess = '<ifModule mod_authz_core.c>' . "\n"

src/LEOrder.php

Indentation +88 added lines, -88 removed lines

@@ -61,18 +61,18 @@ 
 	const CHALLENGE_TYPE_HTTP = 'http-01';
 	const CHALLENGE_TYPE_DNS = 'dns-01';
 
-    /**
-     * Initiates the LetsEncrypt Order class. If the base name is found in the $keysDir directory, the order data is requested. If no order was found locally, if the request is invalid or when there is a change in domain names, a new order is created.
-     *
-     * @param LEConnector	$connector			The LetsEncrypt Connector instance to use for HTTP requests.
-     * @param int 			$log 				The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted.
-     * @param array 		$certificateKeys 	Array containing location of certificate keys files.
-     * @param string 		$basename 			The base name for the order. Preferable the top domain (example.org). Will be the directory in which the keys are stored. Used for the CommonName in the certificate as well.
-     * @param array 		$domains 			The array of strings containing the domain names on the certificate.
-     * @param string 		$keyType 			Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes)
-     * @param string 		$notBefore 			A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the certificate becomes valid.
-     * @param string 		$notAfter 			A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the certificate is valid.
-     */
+	/**
+	 * Initiates the LetsEncrypt Order class. If the base name is found in the $keysDir directory, the order data is requested. If no order was found locally, if the request is invalid or when there is a change in domain names, a new order is created.
+	 *
+	 * @param LEConnector	$connector			The LetsEncrypt Connector instance to use for HTTP requests.
+	 * @param int 			$log 				The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted.
+	 * @param array 		$certificateKeys 	Array containing location of certificate keys files.
+	 * @param string 		$basename 			The base name for the order. Preferable the top domain (example.org). Will be the directory in which the keys are stored. Used for the CommonName in the certificate as well.
+	 * @param array 		$domains 			The array of strings containing the domain names on the certificate.
+	 * @param string 		$keyType 			Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes)
+	 * @param string 		$notBefore 			A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the certificate becomes valid.
+	 * @param string 		$notAfter 			A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the certificate is valid.
+	 */
 	public function __construct($connector, $log, $certificateKeys, $basename, $domains, $keyType = 'rsa-4096', $notBefore, $notAfter)
 	{
 		$this->connector = $connector;
@@ -189,13 +189,13 @@ 
 		}
 	}
 
-    /**
-     * Creates a new LetsEncrypt order and fills this instance with its data. Subsequently creates a new RSA keypair for the certificate.
-     *
-     * @param array		$domains 	The array of strings containing the domain names on the certificate.
-     * @param string 	$notBefore 	A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the certificate becomes valid.
-     * @param string 	$notAfter 	A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the certificate is valid.
-     */
+	/**
+	 * Creates a new LetsEncrypt order and fills this instance with its data. Subsequently creates a new RSA keypair for the certificate.
+	 *
+	 * @param array		$domains 	The array of strings containing the domain names on the certificate.
+	 * @param string 	$notBefore 	A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the certificate becomes valid.
+	 * @param string 	$notAfter 	A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the certificate is valid.
+	 */
 	private function createOrder($domains, $notBefore, $notAfter)
 	{
 		$dns = array();
@@ -252,9 +252,9 @@ 
 		}
 	}
 
-    /**
-     * Fetches the latest data concerning this LetsEncrypt Order instance and fills this instance with the new data.
-     */
+	/**
+	 * Fetches the latest data concerning this LetsEncrypt Order instance and fills this instance with the new data.
+	 */
 	private function updateOrderData()
 	{
 		$sign = $this->connector->signRequestKid('', $this->connector->accountURL, $this->orderURL);
@@ -280,8 +280,8 @@ 
 	}
 
 	/**
-     * Fetches the latest data concerning all authorizations connected to this LetsEncrypt Order instance and creates and stores a new LetsEncrypt Authorization instance for each one.
-     */
+	 * Fetches the latest data concerning all authorizations connected to this LetsEncrypt Order instance and creates and stores a new LetsEncrypt Authorization instance for each one.
+	 */
 	private function updateAuthorizations()
 	{
 		$this->authorizations = array();
@@ -295,11 +295,11 @@ 
 		}
 	}
 
-    /**
-     * Walks all LetsEncrypt Authorization instances and returns whether they are all valid (verified).
-     *
-     * @return boolean	Returns true if all authorizations are valid (verified), returns false if not.
-     */
+	/**
+	 * Walks all LetsEncrypt Authorization instances and returns whether they are all valid (verified).
+	 *
+	 * @return boolean	Returns true if all authorizations are valid (verified), returns false if not.
+	 */
 	public function allAuthorizationsValid()
 	{
 		if(count($this->authorizations) > 0)
@@ -313,16 +313,16 @@ 
 		return false;
 	}
 
-    /**
-     * Get all pending LetsEncrypt Authorization instances and return the necessary data for verification. The data in the return object depends on the $type.
-     *
-     * @param int	$type	The type of verification to get. Supporting http-01 and dns-01. Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS. Throws
+	/**
+	 * Get all pending LetsEncrypt Authorization instances and return the necessary data for verification. The data in the return object depends on the $type.
+	 *
+	 * @param int	$type	The type of verification to get. Supporting http-01 and dns-01. Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS. Throws
 	 *						a Runtime Exception when requesting an unknown $type. Keep in mind a wildcard domain authorization only accepts LEOrder::CHALLENGE_TYPE_DNS.
-     *
-     * @return object	Returns an array with verification data if successful, false if not pending LetsEncrypt Authorization instances were found. The return array always
+	 *
+	 * @return object	Returns an array with verification data if successful, false if not pending LetsEncrypt Authorization instances were found. The return array always
 	 *					contains 'type' and 'identifier'. For LEOrder::CHALLENGE_TYPE_HTTP, the array contains 'filename' and 'content' for necessary the authorization file.
 	 *					For LEOrder::CHALLENGE_TYPE_DNS, the array contains 'DNSDigest', which is the content for the necessary DNS TXT entry.
-     */
+	 */
 
 	public function getPendingAuthorizations($type)
 	{
@@ -364,16 +364,16 @@ 
 		return count($authorizations) > 0 ? $authorizations : false;
 	}
 
-    /**
-     * Sends a verification request for a given $identifier and $type. The function itself checks whether the verification is valid before making the request.
+	/**
+	 * Sends a verification request for a given $identifier and $type. The function itself checks whether the verification is valid before making the request.
 	 * Updates the LetsEncrypt Authorization instances after a successful verification.
-     *
-     * @param string	$identifier	The domain name to verify.
-     * @param int 		$type 		The type of verification. Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS.
+	 *
+	 * @param string	$identifier	The domain name to verify.
+	 * @param int 		$type 		The type of verification. Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS.
 	 * @param boolean	$localcheck	Whether to verify the authorization locally before making the authorization request to LE. Optional, default to true.
-     *
-     * @return boolean	Returns true when the verification request was successful, false if not.
-     */
+	 *
+	 * @return boolean	Returns true when the verification request was successful, false if not.
+	 */
 	public function verifyPendingOrderAuthorization($identifier, $type, $localcheck = true)
 	{
 		$privateKey = openssl_pkey_get_private(file_get_contents($this->connector->accountKeys['private_key']));
@@ -472,13 +472,13 @@ 
 		return false;
 	}
 
-    /**
-     * Deactivate an LetsEncrypt Authorization instance.
-     *
-     * @param string	$identifier The domain name for which the verification should be deactivated.
-     *
-     * @return boolean	Returns true is the deactivation request was successful, false if not.
-     */
+	/**
+	 * Deactivate an LetsEncrypt Authorization instance.
+	 *
+	 * @param string	$identifier The domain name for which the verification should be deactivated.
+	 *
+	 * @return boolean	Returns true is the deactivation request was successful, false if not.
+	 */
 	public function deactivateOrderAuthorization($identifier)
 	{
 		foreach($this->authorizations as $auth)
@@ -507,12 +507,12 @@ 
 		return false;
 	}
 
-    /**
-     * Generates a Certificate Signing Request for the identifiers in the current LetsEncrypt Order instance. If possible, the base name will be the certificate
+	/**
+	 * Generates a Certificate Signing Request for the identifiers in the current LetsEncrypt Order instance. If possible, the base name will be the certificate
 	 * common name and all domain names in this LetsEncrypt Order instance will be added to the Subject Alternative Names entry.
-     *
-     * @return string	Returns the generated CSR as string, unprepared for LetsEncrypt. Preparation for the request happens in finalizeOrder()
-     */
+	 *
+	 * @return string	Returns the generated CSR as string, unprepared for LetsEncrypt. Preparation for the request happens in finalizeOrder()
+	 */
 	public function generateCSR()
 	{
 		$domains = array_map(function ($dns) { return $dns['value']; }, $this->identifiers);
@@ -534,14 +534,14 @@ 
 		);
 
 		$san = implode(",", array_map(function ($dns) {
-            return "DNS:" . $dns;
-        }, $domains));
-        $tmpConf = tmpfile();
-        $tmpConfMeta = stream_get_meta_data($tmpConf);
-        $tmpConfPath = $tmpConfMeta["uri"];
-
-        fwrite($tmpConf,
-            'HOME = .
+			return "DNS:" . $dns;
+		}, $domains));
+		$tmpConf = tmpfile();
+		$tmpConfMeta = stream_get_meta_data($tmpConf);
+		$tmpConfPath = $tmpConfMeta["uri"];
+
+		fwrite($tmpConf,
+			'HOME = .
 			RANDFILE = $ENV::HOME/.rnd
 			[ req ]
 			default_bits = ' . $this->keySize . '
@@ -561,13 +561,13 @@ 
 		return $csr;
 	}
 
-    /**
-     * Checks, for redundancy, whether all authorizations are valid, and finalizes the order. Updates this LetsEncrypt Order instance with the new data.
-     *
-     * @param string	$csr	The Certificate Signing Request as a string. Can be a custom CSR. If empty, a CSR will be generated with the generateCSR() function.
-     *
-     * @return boolean	Returns true if the finalize request was successful, false if not.
-     */
+	/**
+	 * Checks, for redundancy, whether all authorizations are valid, and finalizes the order. Updates this LetsEncrypt Order instance with the new data.
+	 *
+	 * @param string	$csr	The Certificate Signing Request as a string. Can be a custom CSR. If empty, a CSR will be generated with the generateCSR() function.
+	 *
+	 * @return boolean	Returns true if the finalize request was successful, false if not.
+	 */
 	public function finalizeOrder($csr = '')
 	{
 		$this->updateOrderData();
@@ -617,22 +617,22 @@ 
 		return false;
 	}
 
-    /**
-     * Gets whether the LetsEncrypt Order is finalized by checking whether the status is processing or valid. Keep in mind, a certificate is not yet available when the status still is processing.
-     *
-     * @return boolean	Returns true if finalized, false if not.
-     */
+	/**
+	 * Gets whether the LetsEncrypt Order is finalized by checking whether the status is processing or valid. Keep in mind, a certificate is not yet available when the status still is processing.
+	 *
+	 * @return boolean	Returns true if finalized, false if not.
+	 */
 	public function isFinalized()
 	{
 		return ($this->status == 'processing' || $this->status == 'valid');
 	}
 
-    /**
-     * Requests the certificate for this LetsEncrypt Order instance, after finalization. When the order status is still 'processing', the order will be polled max
+	/**
+	 * Requests the certificate for this LetsEncrypt Order instance, after finalization. When the order status is still 'processing', the order will be polled max
 	 * four times with five seconds in between. If the status becomes 'valid' in the meantime, the certificate will be requested. Else, the function returns false.
-     *
-     * @return boolean	Returns true if the certificate is stored successfully, false if the certificate could not be retrieved or the status remained 'processing'.
-     */
+	 *
+	 * @return boolean	Returns true if the certificate is stored successfully, false if the certificate could not be retrieved or the status remained 'processing'.
+	 */
 	public function getCertificate()
 	{
 		$polling = 0;
@@ -713,14 +713,14 @@ 
 		return false;
 	}
 
-    /**
-     * Revokes the certificate in the current LetsEncrypt Order instance, if existent. Unlike stated in the ACME draft, the certificate revoke request cannot be signed
+	/**
+	 * Revokes the certificate in the current LetsEncrypt Order instance, if existent. Unlike stated in the ACME draft, the certificate revoke request cannot be signed
 	 * with the account private key, and will be signed with the certificate private key.
-     *
-     * @param int	$reason   The reason to revoke the LetsEncrypt Order instance certificate. Possible reasons can be found in section 5.3.1 of RFC5280.
-     *
-     * @return boolean	Returns true if the certificate was successfully revoked, false if not.
-     */
+	 *
+	 * @param int	$reason   The reason to revoke the LetsEncrypt Order instance certificate. Possible reasons can be found in section 5.3.1 of RFC5280.
+	 *
+	 * @return boolean	Returns true if the certificate was successfully revoked, false if not.
+	 */
 	public function revokeCertificate($reason = 0)
 	{
 		if($this->status == 'valid' || $this->status == 'ready')

src/LEClient.php

Indentation +25 added lines, -25 removed lines

@@ -54,17 +54,17 @@ 
 	const LOG_STATUS = 1;	// Logs only messages and faults.
 	const LOG_DEBUG = 2;	// Logs messages, faults and raw responses from HTTP requests.
 
-    /**
-     * Initiates the LetsEncrypt main client.
-     *
-     * @param array		$email	 			The array of strings containing e-mail addresses. Only used in this function when creating a new account.
-     * @param boolean	$acmeURL			ACME URL, can be string or one of predefined values: LE_STAGING or LE_PRODUCTION. Defaults to LE_STAGING.
-     * @param int 		$log				The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted. Defaults to LOG_OFF. (optional)
-     * @param string 	$certificateKeys 	The main directory in which all keys (and certificates), including account keys, are stored. Defaults to 'keys/'. (optional)
-     * @param array 	$certificateKeys 	Optional array containing location of all certificate files. Required paths are public_key, private_key, order and certificate/fullchain_certificate (you can use both or only one of them)
-     * @param string 	$accountKeys 		The directory in which the account keys are stored. Is a subdir inside $certificateKeys. Defaults to '__account/'.(optional)
-     * @param array 	$accountKeys 		Optional array containing location of account private and public keys. Required paths are private_key, public_key.
-     */
+	/**
+	 * Initiates the LetsEncrypt main client.
+	 *
+	 * @param array		$email	 			The array of strings containing e-mail addresses. Only used in this function when creating a new account.
+	 * @param boolean	$acmeURL			ACME URL, can be string or one of predefined values: LE_STAGING or LE_PRODUCTION. Defaults to LE_STAGING.
+	 * @param int 		$log				The level of logging. Defaults to no logging. LOG_OFF, LOG_STATUS, LOG_DEBUG accepted. Defaults to LOG_OFF. (optional)
+	 * @param string 	$certificateKeys 	The main directory in which all keys (and certificates), including account keys, are stored. Defaults to 'keys/'. (optional)
+	 * @param array 	$certificateKeys 	Optional array containing location of all certificate files. Required paths are public_key, private_key, order and certificate/fullchain_certificate (you can use both or only one of them)
+	 * @param string 	$accountKeys 		The directory in which the account keys are stored. Is a subdir inside $certificateKeys. Defaults to '__account/'.(optional)
+	 * @param array 	$accountKeys 		Optional array containing location of account private and public keys. Required paths are private_key, public_key.
+	 */
 	public function __construct($email, $acmeURL = LEClient::LE_PRODUCTION, $log = LEClient::LOG_OFF, $certificateKeys = 'keys/', $accountKeys = '__account/')
 	{
 		$this->log = $log;
@@ -163,27 +163,27 @@ 
 	}
 
 
-    /**
-     * Returns the LetsEncrypt account used in the current client.
+	/**
+	 * Returns the LetsEncrypt account used in the current client.
 	 *
 	 * @return LEAccount	The LetsEncrypt Account instance used by the client.
-     */
+	 */
 	public function getAccount()
 	{
 		return $this->account;
 	}
 
-    /**
-     * Returns a LetsEncrypt order. If an order exists, this one is returned. If not, a new order is created and returned.
-     *
-     * @param string	$basename	The base name for the order. Preferable the top domain (example.org). Will be the directory in which the keys are stored. Used for the CommonName in the certificate as well.
-     * @param array 	$domains 	The array of strings containing the domain names on the certificate.
-     * @param string 	$keyType 	Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes)
-     * @param string 	$notBefore	A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the certificate becomes valid. Defaults to the moment the order is finalized. (optional)
-     * @param string 	$notAfter  	A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the certificate is valid. Defaults to 90 days past the moment the order is finalized. (optional)
-     *
-     * @return LEOrder	The LetsEncrypt Order instance which is either retrieved or created.
-     */
+	/**
+	 * Returns a LetsEncrypt order. If an order exists, this one is returned. If not, a new order is created and returned.
+	 *
+	 * @param string	$basename	The base name for the order. Preferable the top domain (example.org). Will be the directory in which the keys are stored. Used for the CommonName in the certificate as well.
+	 * @param array 	$domains 	The array of strings containing the domain names on the certificate.
+	 * @param string 	$keyType 	Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes)
+	 * @param string 	$notBefore	A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the certificate becomes valid. Defaults to the moment the order is finalized. (optional)
+	 * @param string 	$notAfter  	A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the certificate is valid. Defaults to 90 days past the moment the order is finalized. (optional)
+	 *
+	 * @return LEOrder	The LetsEncrypt Order instance which is either retrieved or created.
+	 */
 	public function getOrCreateOrder($basename, $domains, $keyType = 'rsa-4096', $notBefore = '', $notAfter = '')
 	{
 		return new LEOrder($this->connector, $this->log, $this->certificateKeys, $basename, $domains, $keyType, $notBefore, $notAfter);