| @@ -22,36 +22,36 @@ | ||
| 22 | 22 |  try { | 
| 23 | 23 | // Initiating the client instance. In this case using the staging server (argument 2) and outputting all status | 
| 24 | 24 | // and debug information (argument 3). | 
| 25 | - $client = new LEClient($email, true, $logger); | |
| 25 | + $client = new LEClient($email, true, $logger); | |
| 26 | 26 | // Initiating the order instance. The keys and certificate will be stored in /example.org/ (argument 1) and the | 
| 27 | 27 | // domains in the array (argument 2) will be on the certificate. | 
| 28 | - $order = $client->getOrCreateOrder($basename, $domains); | |
| 28 | + $order = $client->getOrCreateOrder($basename, $domains); | |
| 29 | 29 | // Check whether there are any authorizations pending. If that is the case, try to verify the pending authorizations. | 
| 30 | -    if (!$order->allAuthorizationsValid()) { | |
| 31 | - // Get the DNS challenges from the pending authorizations. | |
| 32 | - $pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS); | |
| 33 | - // Walk the list of pending authorization DNS challenges. | |
| 34 | -        if (!empty($pending)) { | |
| 35 | -            foreach ($pending as $challenge) { | |
| 36 | - // For the purpose of this example, a fictitious functions creates or updates the ACME challenge DNS | |
| 37 | - // record for this domain. | |
| 38 | - //setDNSRecord($challenge['identifier'], $challenge['DNSDigest']); | |
| 39 | - printf( | |
| 40 | - "DNS Challengage identifier = %s digest = %s\n", | |
| 41 | - $challenge['identifier'], | |
| 42 | - $challenge['DNSDigest'] | |
| 43 | - ); | |
| 44 | - } | |
| 45 | - } | |
| 46 | - } | |
| 30 | +	if (!$order->allAuthorizationsValid()) { | |
| 31 | + // Get the DNS challenges from the pending authorizations. | |
| 32 | + $pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS); | |
| 33 | + // Walk the list of pending authorization DNS challenges. | |
| 34 | +		if (!empty($pending)) { | |
| 35 | +			foreach ($pending as $challenge) { | |
| 36 | + // For the purpose of this example, a fictitious functions creates or updates the ACME challenge DNS | |
| 37 | + // record for this domain. | |
| 38 | + //setDNSRecord($challenge['identifier'], $challenge['DNSDigest']); | |
| 39 | + printf( | |
| 40 | + "DNS Challengage identifier = %s digest = %s\n", | |
| 41 | + $challenge['identifier'], | |
| 42 | + $challenge['DNSDigest'] | |
| 43 | + ); | |
| 44 | + } | |
| 45 | + } | |
| 46 | + } | |
| 47 | 47 | } | 
| 48 | 48 |  catch (\Exception $e) { | 
| 49 | - echo $e->getMessage()."\n"; | |
| 50 | - echo $e->getTraceAsString()."\n"; | |
| 49 | + echo $e->getMessage()."\n"; | |
| 50 | + echo $e->getTraceAsString()."\n"; | |
| 51 | 51 | |
| 52 | - echo "\nDiagnostic logs\n"; | |
| 53 | - $logger->dumpConsole(); | |
| 54 | - exit; | |
| 52 | + echo "\nDiagnostic logs\n"; | |
| 53 | + $logger->dumpConsole(); | |
| 54 | + exit; | |
| 55 | 55 | } | 
| 56 | 56 | |
| 57 | 57 | echo "\nDiagnostic logs\n"; | 
| @@ -44,8 +44,7 @@ | ||
| 44 | 44 | } | 
| 45 | 45 | } | 
| 46 | 46 | } | 
| 47 | -} | |
| 48 | -catch (\Exception $e) { | |
| 47 | +} catch (\Exception $e) { | |
| 49 | 48 | echo $e->getMessage()."\n"; | 
| 50 | 49 | echo $e->getTraceAsString()."\n"; | 
| 51 | 50 | |
| @@ -49,8 +49,8 @@ | ||
| 49 | 49 | if($order->isFinalized()) $order->getCertificate(); | 
| 50 | 50 | |
| 51 | 51 | //finally, here's how we revoke | 
| 52 | - //echo "REVOKING...\n"; | |
| 53 | - //$order->revokeCertificate(); | |
| 52 | + //echo "REVOKING...\n"; | |
| 53 | + //$order->revokeCertificate(); | |
| 54 | 54 | } | 
| 55 | 55 | |
| 56 | 56 | |
| @@ -44,9 +44,13 @@ | ||
| 44 | 44 | if($order->allAuthorizationsValid()) | 
| 45 | 45 |  { | 
| 46 | 46 | // Finalize the order first, if that is not yet done. | 
| 47 | - if(!$order->isFinalized()) $order->finalizeOrder(); | |
| 47 | +	if(!$order->isFinalized()) { | |
| 48 | + $order->finalizeOrder(); | |
| 49 | + } | |
| 48 | 50 | // Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate. | 
| 49 | - if($order->isFinalized()) $order->getCertificate(); | |
| 51 | +	if($order->isFinalized()) { | |
| 52 | + $order->getCertificate(); | |
| 53 | + } | |
| 50 | 54 | |
| 51 | 55 | //finally, here's how we revoke | 
| 52 | 56 | //echo "REVOKING...\n"; | 
| @@ -32,7 +32,7 @@ | ||
| 32 | 32 | foreach($pending as $challenge) | 
| 33 | 33 |  		{ | 
| 34 | 34 | // Define the folder in which to store the challenge. For the purpose of this example, a fictitious path is | 
| 35 | - // set. | |
| 35 | + // set. | |
| 36 | 36 | $folder = '/path/to/' . $challenge['identifier'] . '/.well-known/acme-challenge/'; | 
| 37 | 37 | // Check if that directory yet exists. If not, create it. | 
| 38 | 38 | if(!file_exists($folder)) mkdir($folder, 0777, true); | 
| @@ -35,7 +35,9 @@ discard block | ||
| 35 | 35 | // set. | 
| 36 | 36 | $folder = '/path/to/' . $challenge['identifier'] . '/.well-known/acme-challenge/'; | 
| 37 | 37 | // Check if that directory yet exists. If not, create it. | 
| 38 | - if(!file_exists($folder)) mkdir($folder, 0777, true); | |
| 38 | +			if(!file_exists($folder)) { | |
| 39 | + mkdir($folder, 0777, true); | |
| 40 | + } | |
| 39 | 41 | // Store the challenge file for this domain. | 
| 40 | 42 | file_put_contents($folder . $challenge['filename'], $challenge['content']); | 
| 41 | 43 | // Let LetsEncrypt verify this challenge. | 
| @@ -47,10 +49,14 @@ discard block | ||
| 47 | 49 | if($order->allAuthorizationsValid()) | 
| 48 | 50 |  { | 
| 49 | 51 | // Finalize the order first, if that is not yet done. | 
| 50 | - if(!$order->isFinalized()) $order->finalizeOrder(); | |
| 52 | +	if(!$order->isFinalized()) { | |
| 53 | + $order->finalizeOrder(); | |
| 54 | + } | |
| 51 | 55 | // Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate. | 
| 52 | - if($order->isFinalized()) $order->getCertificate(); | |
| 53 | -} | |
| 56 | +	if($order->isFinalized()) { | |
| 57 | + $order->getCertificate(); | |
| 58 | + } | |
| 59 | + } | |
| 54 | 60 | |
| 55 | 61 | echo "\nDiagnostic logs\n"; | 
| 56 | 62 | $logger->dumpConsole(); | 
| 57 | 63 | \ No newline at end of file | 
| @@ -13,234 +13,234 @@ | ||
| 13 | 13 | */ | 
| 14 | 14 | class LEAccount | 
| 15 | 15 |  { | 
| 16 | - private $connector; | |
| 17 | - | |
| 18 | - public $id; | |
| 19 | - public $key; | |
| 20 | - public $contact; | |
| 21 | - public $agreement; | |
| 22 | - public $initialIp; | |
| 23 | - public $createdAt; | |
| 24 | - public $status; | |
| 25 | - | |
| 26 | - /** @var LoggerInterface */ | |
| 27 | - private $log; | |
| 28 | - | |
| 29 | - /** @var CertificateStorageInterface */ | |
| 30 | - private $storage; | |
| 31 | - | |
| 32 | - /** | |
| 33 | - * Initiates the LetsEncrypt Account class. | |
| 34 | - * | |
| 35 | - * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests. | |
| 36 | - * @param LoggerInterface $log PSR-3 compatible logger | |
| 37 | - * @param array $email The array of strings containing e-mail addresses. Only used when creating a | |
| 38 | - * new account. | |
| 39 | - * @param CertificateStorageInterface $storage storage for account keys | |
| 40 | - */ | |
| 41 | - public function __construct($connector, LoggerInterface $log, $email, CertificateStorageInterface $storage) | |
| 42 | -    { | |
| 43 | - $this->connector = $connector; | |
| 44 | - $this->storage = $storage; | |
| 45 | - $this->log = $log; | |
| 46 | - | |
| 47 | -        if (empty($storage->getAccountPublicKey()) || empty($storage->getAccountPrivateKey())) { | |
| 48 | -            $this->log->notice("No account found for ".implode(',', $email).", attempting to create account"); | |
| 49 | - | |
| 50 | - $accountKey = LEFunctions::RSAgenerateKeys(); | |
| 51 | - $storage->setAccountPublicKey($accountKey['public']); | |
| 52 | - $storage->setAccountPrivateKey($accountKey['private']); | |
| 53 | - | |
| 54 | - $this->connector->accountURL = $this->createLEAccount($email); | |
| 55 | -        } else { | |
| 56 | - $this->connector->accountURL = $this->getLEAccount(); | |
| 57 | - } | |
| 58 | -        if ($this->connector->accountURL === false) { | |
| 59 | -            throw new RuntimeException('Account not found or deactivated.'); | |
| 60 | - } | |
| 61 | - $this->getLEAccountData(); | |
| 62 | - } | |
| 63 | - | |
| 64 | - /** | |
| 65 | - * Creates a new LetsEncrypt account. | |
| 66 | - * | |
| 67 | - * @param array $email The array of strings containing e-mail addresses. | |
| 68 | - * | |
| 69 | - * @return string|bool Returns the new account URL when the account was successfully created, false if not. | |
| 70 | - */ | |
| 71 | - private function createLEAccount($email) | |
| 72 | -    { | |
| 73 | -        $contact = array_map(function ($addr) { | |
| 74 | - return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr); | |
| 75 | - }, $email); | |
| 76 | - | |
| 77 | - $sign = $this->connector->signRequestJWK( | |
| 78 | - ['contact' => $contact, 'termsOfServiceAgreed' => true], | |
| 79 | - $this->connector->newAccount | |
| 80 | - ); | |
| 81 | - $post = $this->connector->post($this->connector->newAccount, $sign); | |
| 82 | -        if (strpos($post['header'], "201 Created") !== false) { | |
| 83 | -            if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) { | |
| 84 | - return trim($matches[1]); | |
| 85 | - } | |
| 86 | - } | |
| 87 | - //@codeCoverageIgnoreStart | |
| 88 | - return false; | |
| 89 | - //@codeCoverageIgnoreEnd | |
| 90 | - } | |
| 91 | - | |
| 92 | - /** | |
| 93 | - * Gets the LetsEncrypt account URL associated with the stored account keys. | |
| 94 | - * | |
| 95 | - * @return string|bool Returns the account URL if it is found, or false when none is found. | |
| 96 | - */ | |
| 97 | - private function getLEAccount() | |
| 98 | -    { | |
| 99 | - $sign = $this->connector->signRequestJWK(['onlyReturnExisting' => true], $this->connector->newAccount); | |
| 100 | - $post = $this->connector->post($this->connector->newAccount, $sign); | |
| 101 | - | |
| 102 | -        if (strpos($post['header'], "200 OK") !== false) { | |
| 103 | -            if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) { | |
| 104 | - return trim($matches[1]); | |
| 105 | - } | |
| 106 | - } | |
| 107 | - return false; | |
| 108 | - } | |
| 109 | - | |
| 110 | - /** | |
| 111 | - * Gets the LetsEncrypt account data from the account URL. | |
| 112 | - */ | |
| 113 | - private function getLEAccountData() | |
| 114 | -    { | |
| 115 | - $sign = $this->connector->signRequestKid( | |
| 116 | - ['' => ''], | |
| 117 | - $this->connector->accountURL, | |
| 118 | - $this->connector->accountURL | |
| 119 | - ); | |
| 120 | - $post = $this->connector->post($this->connector->accountURL, $sign); | |
| 121 | -        if (strpos($post['header'], "200 OK") !== false) { | |
| 122 | - $this->id = isset($post['body']['id']) ? $post['body']['id'] : ''; | |
| 123 | - $this->key = $post['body']['key']; | |
| 124 | - $this->contact = $post['body']['contact']; | |
| 125 | - $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : null; | |
| 126 | - $this->initialIp = $post['body']['initialIp']; | |
| 127 | - $this->createdAt = $post['body']['createdAt']; | |
| 128 | - $this->status = $post['body']['status']; | |
| 129 | -        } else { | |
| 130 | - //@codeCoverageIgnoreStart | |
| 131 | -            throw new RuntimeException('Account data cannot be found.'); | |
| 132 | - //@codeCoverageIgnoreEnd | |
| 133 | - } | |
| 134 | - } | |
| 135 | - | |
| 136 | - /** | |
| 137 | - * Updates account data. Now just supporting new contact information. | |
| 138 | - * | |
| 139 | - * @param array $email The array of strings containing e-mail adresses. | |
| 140 | - * | |
| 141 | - * @return boolean Returns true if the update is successful, false if not. | |
| 142 | - */ | |
| 143 | - public function updateAccount($email) | |
| 144 | -    { | |
| 145 | -        $contact = array_map(function ($addr) { | |
| 146 | - return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr); | |
| 147 | - }, $email); | |
| 148 | - | |
| 149 | - $sign = $this->connector->signRequestKid( | |
| 150 | - ['contact' => $contact], | |
| 151 | - $this->connector->accountURL, | |
| 152 | - $this->connector->accountURL | |
| 153 | - ); | |
| 154 | - $post = $this->connector->post($this->connector->accountURL, $sign); | |
| 155 | -        if ($post['status'] !== 200) { | |
| 156 | - //@codeCoverageIgnoreStart | |
| 157 | -            throw new RuntimeException('Unable to update account'); | |
| 158 | - //@codeCoverageIgnoreEnd | |
| 159 | - } | |
| 160 | - | |
| 161 | - $this->id = isset($post['body']['id']) ? $post['body']['id'] : ''; | |
| 162 | - $this->key = $post['body']['key']; | |
| 163 | - $this->contact = $post['body']['contact']; | |
| 164 | - $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : ''; | |
| 165 | - $this->initialIp = $post['body']['initialIp']; | |
| 166 | - $this->createdAt = $post['body']['createdAt']; | |
| 167 | - $this->status = $post['body']['status']; | |
| 168 | - | |
| 169 | -        $this->log->notice('Account data updated'); | |
| 170 | - return true; | |
| 171 | - } | |
| 172 | - | |
| 173 | - /** | |
| 174 | - * Creates new RSA account keys and updates the keys with LetsEncrypt. | |
| 175 | - * | |
| 176 | - * @return boolean Returns true if the update is successful, false if not. | |
| 177 | - */ | |
| 178 | - public function changeAccountKeys() | |
| 179 | -    { | |
| 180 | - $new=LEFunctions::RSAgenerateKeys(); | |
| 181 | - | |
| 182 | - $privateKey = openssl_pkey_get_private($new['private']); | |
| 183 | -        if ($privateKey === false) { | |
| 184 | - //@codeCoverageIgnoreStart | |
| 185 | -            throw new RuntimeException('Failed to open newly generated private key'); | |
| 186 | - //@codeCoverageIgnoreEnd | |
| 187 | - } | |
| 188 | - | |
| 189 | - | |
| 190 | - $details = openssl_pkey_get_details($privateKey); | |
| 191 | - $innerPayload = ['account' => $this->connector->accountURL, 'newKey' => [ | |
| 192 | - "kty" => "RSA", | |
| 193 | - "n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]), | |
| 194 | - "e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]) | |
| 195 | - ]]; | |
| 196 | - $outerPayload = $this->connector->signRequestJWK( | |
| 197 | - $innerPayload, | |
| 198 | - $this->connector->keyChange, | |
| 199 | - $new['private'] | |
| 200 | - ); | |
| 201 | - $sign = $this->connector->signRequestKid( | |
| 202 | - $outerPayload, | |
| 203 | - $this->connector->accountURL, | |
| 204 | - $this->connector->keyChange | |
| 205 | - ); | |
| 206 | - $post = $this->connector->post($this->connector->keyChange, $sign); | |
| 207 | -        if ($post['status'] !== 200) { | |
| 208 | - //@codeCoverageIgnoreStart | |
| 209 | -            throw new RuntimeException('Unable to post new account keys'); | |
| 210 | - //@codeCoverageIgnoreEnd | |
| 211 | - } | |
| 212 | - | |
| 213 | - $this->getLEAccountData(); | |
| 214 | - | |
| 215 | - $this->storage->setAccountPublicKey($new['public']); | |
| 216 | - $this->storage->setAccountPrivateKey($new['private']); | |
| 217 | - | |
| 218 | -        $this->log->notice('Account keys changed'); | |
| 219 | - return true; | |
| 220 | - } | |
| 221 | - | |
| 222 | - /** | |
| 223 | - * Deactivates the LetsEncrypt account. | |
| 224 | - * | |
| 225 | - * @return boolean Returns true if the deactivation is successful, false if not. | |
| 226 | - */ | |
| 227 | - public function deactivateAccount() | |
| 228 | -    { | |
| 229 | - $sign = $this->connector->signRequestKid( | |
| 230 | - ['status' => 'deactivated'], | |
| 231 | - $this->connector->accountURL, | |
| 232 | - $this->connector->accountURL | |
| 233 | - ); | |
| 234 | - $post = $this->connector->post($this->connector->accountURL, $sign); | |
| 235 | -        if ($post['status'] !== 200) { | |
| 236 | - //@codeCoverageIgnoreStart | |
| 237 | -            $this->log->error('Account deactivation failed'); | |
| 238 | - return false; | |
| 239 | - //@codeCoverageIgnoreEnd | |
| 240 | - } | |
| 241 | - | |
| 242 | - $this->connector->accountDeactivated = true; | |
| 243 | -        $this->log->info('Account deactivated'); | |
| 244 | - return true; | |
| 245 | - } | |
| 16 | + private $connector; | |
| 17 | + | |
| 18 | + public $id; | |
| 19 | + public $key; | |
| 20 | + public $contact; | |
| 21 | + public $agreement; | |
| 22 | + public $initialIp; | |
| 23 | + public $createdAt; | |
| 24 | + public $status; | |
| 25 | + | |
| 26 | + /** @var LoggerInterface */ | |
| 27 | + private $log; | |
| 28 | + | |
| 29 | + /** @var CertificateStorageInterface */ | |
| 30 | + private $storage; | |
| 31 | + | |
| 32 | + /** | |
| 33 | + * Initiates the LetsEncrypt Account class. | |
| 34 | + * | |
| 35 | + * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests. | |
| 36 | + * @param LoggerInterface $log PSR-3 compatible logger | |
| 37 | + * @param array $email The array of strings containing e-mail addresses. Only used when creating a | |
| 38 | + * new account. | |
| 39 | + * @param CertificateStorageInterface $storage storage for account keys | |
| 40 | + */ | |
| 41 | + public function __construct($connector, LoggerInterface $log, $email, CertificateStorageInterface $storage) | |
| 42 | +	{ | |
| 43 | + $this->connector = $connector; | |
| 44 | + $this->storage = $storage; | |
| 45 | + $this->log = $log; | |
| 46 | + | |
| 47 | +		if (empty($storage->getAccountPublicKey()) || empty($storage->getAccountPrivateKey())) { | |
| 48 | +			$this->log->notice("No account found for ".implode(',', $email).", attempting to create account"); | |
| 49 | + | |
| 50 | + $accountKey = LEFunctions::RSAgenerateKeys(); | |
| 51 | + $storage->setAccountPublicKey($accountKey['public']); | |
| 52 | + $storage->setAccountPrivateKey($accountKey['private']); | |
| 53 | + | |
| 54 | + $this->connector->accountURL = $this->createLEAccount($email); | |
| 55 | +		} else { | |
| 56 | + $this->connector->accountURL = $this->getLEAccount(); | |
| 57 | + } | |
| 58 | +		if ($this->connector->accountURL === false) { | |
| 59 | +			throw new RuntimeException('Account not found or deactivated.'); | |
| 60 | + } | |
| 61 | + $this->getLEAccountData(); | |
| 62 | + } | |
| 63 | + | |
| 64 | + /** | |
| 65 | + * Creates a new LetsEncrypt account. | |
| 66 | + * | |
| 67 | + * @param array $email The array of strings containing e-mail addresses. | |
| 68 | + * | |
| 69 | + * @return string|bool Returns the new account URL when the account was successfully created, false if not. | |
| 70 | + */ | |
| 71 | + private function createLEAccount($email) | |
| 72 | +	{ | |
| 73 | +		$contact = array_map(function ($addr) { | |
| 74 | + return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr); | |
| 75 | + }, $email); | |
| 76 | + | |
| 77 | + $sign = $this->connector->signRequestJWK( | |
| 78 | + ['contact' => $contact, 'termsOfServiceAgreed' => true], | |
| 79 | + $this->connector->newAccount | |
| 80 | + ); | |
| 81 | + $post = $this->connector->post($this->connector->newAccount, $sign); | |
| 82 | +		if (strpos($post['header'], "201 Created") !== false) { | |
| 83 | +			if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) { | |
| 84 | + return trim($matches[1]); | |
| 85 | + } | |
| 86 | + } | |
| 87 | + //@codeCoverageIgnoreStart | |
| 88 | + return false; | |
| 89 | + //@codeCoverageIgnoreEnd | |
| 90 | + } | |
| 91 | + | |
| 92 | + /** | |
| 93 | + * Gets the LetsEncrypt account URL associated with the stored account keys. | |
| 94 | + * | |
| 95 | + * @return string|bool Returns the account URL if it is found, or false when none is found. | |
| 96 | + */ | |
| 97 | + private function getLEAccount() | |
| 98 | +	{ | |
| 99 | + $sign = $this->connector->signRequestJWK(['onlyReturnExisting' => true], $this->connector->newAccount); | |
| 100 | + $post = $this->connector->post($this->connector->newAccount, $sign); | |
| 101 | + | |
| 102 | +		if (strpos($post['header'], "200 OK") !== false) { | |
| 103 | +			if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) { | |
| 104 | + return trim($matches[1]); | |
| 105 | + } | |
| 106 | + } | |
| 107 | + return false; | |
| 108 | + } | |
| 109 | + | |
| 110 | + /** | |
| 111 | + * Gets the LetsEncrypt account data from the account URL. | |
| 112 | + */ | |
| 113 | + private function getLEAccountData() | |
| 114 | +	{ | |
| 115 | + $sign = $this->connector->signRequestKid( | |
| 116 | + ['' => ''], | |
| 117 | + $this->connector->accountURL, | |
| 118 | + $this->connector->accountURL | |
| 119 | + ); | |
| 120 | + $post = $this->connector->post($this->connector->accountURL, $sign); | |
| 121 | +		if (strpos($post['header'], "200 OK") !== false) { | |
| 122 | + $this->id = isset($post['body']['id']) ? $post['body']['id'] : ''; | |
| 123 | + $this->key = $post['body']['key']; | |
| 124 | + $this->contact = $post['body']['contact']; | |
| 125 | + $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : null; | |
| 126 | + $this->initialIp = $post['body']['initialIp']; | |
| 127 | + $this->createdAt = $post['body']['createdAt']; | |
| 128 | + $this->status = $post['body']['status']; | |
| 129 | +		} else { | |
| 130 | + //@codeCoverageIgnoreStart | |
| 131 | +			throw new RuntimeException('Account data cannot be found.'); | |
| 132 | + //@codeCoverageIgnoreEnd | |
| 133 | + } | |
| 134 | + } | |
| 135 | + | |
| 136 | + /** | |
| 137 | + * Updates account data. Now just supporting new contact information. | |
| 138 | + * | |
| 139 | + * @param array $email The array of strings containing e-mail adresses. | |
| 140 | + * | |
| 141 | + * @return boolean Returns true if the update is successful, false if not. | |
| 142 | + */ | |
| 143 | + public function updateAccount($email) | |
| 144 | +	{ | |
| 145 | +		$contact = array_map(function ($addr) { | |
| 146 | + return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr); | |
| 147 | + }, $email); | |
| 148 | + | |
| 149 | + $sign = $this->connector->signRequestKid( | |
| 150 | + ['contact' => $contact], | |
| 151 | + $this->connector->accountURL, | |
| 152 | + $this->connector->accountURL | |
| 153 | + ); | |
| 154 | + $post = $this->connector->post($this->connector->accountURL, $sign); | |
| 155 | +		if ($post['status'] !== 200) { | |
| 156 | + //@codeCoverageIgnoreStart | |
| 157 | +			throw new RuntimeException('Unable to update account'); | |
| 158 | + //@codeCoverageIgnoreEnd | |
| 159 | + } | |
| 160 | + | |
| 161 | + $this->id = isset($post['body']['id']) ? $post['body']['id'] : ''; | |
| 162 | + $this->key = $post['body']['key']; | |
| 163 | + $this->contact = $post['body']['contact']; | |
| 164 | + $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : ''; | |
| 165 | + $this->initialIp = $post['body']['initialIp']; | |
| 166 | + $this->createdAt = $post['body']['createdAt']; | |
| 167 | + $this->status = $post['body']['status']; | |
| 168 | + | |
| 169 | +		$this->log->notice('Account data updated'); | |
| 170 | + return true; | |
| 171 | + } | |
| 172 | + | |
| 173 | + /** | |
| 174 | + * Creates new RSA account keys and updates the keys with LetsEncrypt. | |
| 175 | + * | |
| 176 | + * @return boolean Returns true if the update is successful, false if not. | |
| 177 | + */ | |
| 178 | + public function changeAccountKeys() | |
| 179 | +	{ | |
| 180 | + $new=LEFunctions::RSAgenerateKeys(); | |
| 181 | + | |
| 182 | + $privateKey = openssl_pkey_get_private($new['private']); | |
| 183 | +		if ($privateKey === false) { | |
| 184 | + //@codeCoverageIgnoreStart | |
| 185 | +			throw new RuntimeException('Failed to open newly generated private key'); | |
| 186 | + //@codeCoverageIgnoreEnd | |
| 187 | + } | |
| 188 | + | |
| 189 | + | |
| 190 | + $details = openssl_pkey_get_details($privateKey); | |
| 191 | + $innerPayload = ['account' => $this->connector->accountURL, 'newKey' => [ | |
| 192 | + "kty" => "RSA", | |
| 193 | + "n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]), | |
| 194 | + "e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]) | |
| 195 | + ]]; | |
| 196 | + $outerPayload = $this->connector->signRequestJWK( | |
| 197 | + $innerPayload, | |
| 198 | + $this->connector->keyChange, | |
| 199 | + $new['private'] | |
| 200 | + ); | |
| 201 | + $sign = $this->connector->signRequestKid( | |
| 202 | + $outerPayload, | |
| 203 | + $this->connector->accountURL, | |
| 204 | + $this->connector->keyChange | |
| 205 | + ); | |
| 206 | + $post = $this->connector->post($this->connector->keyChange, $sign); | |
| 207 | +		if ($post['status'] !== 200) { | |
| 208 | + //@codeCoverageIgnoreStart | |
| 209 | +			throw new RuntimeException('Unable to post new account keys'); | |
| 210 | + //@codeCoverageIgnoreEnd | |
| 211 | + } | |
| 212 | + | |
| 213 | + $this->getLEAccountData(); | |
| 214 | + | |
| 215 | + $this->storage->setAccountPublicKey($new['public']); | |
| 216 | + $this->storage->setAccountPrivateKey($new['private']); | |
| 217 | + | |
| 218 | +		$this->log->notice('Account keys changed'); | |
| 219 | + return true; | |
| 220 | + } | |
| 221 | + | |
| 222 | + /** | |
| 223 | + * Deactivates the LetsEncrypt account. | |
| 224 | + * | |
| 225 | + * @return boolean Returns true if the deactivation is successful, false if not. | |
| 226 | + */ | |
| 227 | + public function deactivateAccount() | |
| 228 | +	{ | |
| 229 | + $sign = $this->connector->signRequestKid( | |
| 230 | + ['status' => 'deactivated'], | |
| 231 | + $this->connector->accountURL, | |
| 232 | + $this->connector->accountURL | |
| 233 | + ); | |
| 234 | + $post = $this->connector->post($this->connector->accountURL, $sign); | |
| 235 | +		if ($post['status'] !== 200) { | |
| 236 | + //@codeCoverageIgnoreStart | |
| 237 | +			$this->log->error('Account deactivation failed'); | |
| 238 | + return false; | |
| 239 | + //@codeCoverageIgnoreEnd | |
| 240 | + } | |
| 241 | + | |
| 242 | + $this->connector->accountDeactivated = true; | |
| 243 | +		$this->log->info('Account deactivated'); | |
| 244 | + return true; | |
| 245 | + } | |
| 246 | 246 | } | 
| @@ -21,156 +21,156 @@ | ||
| 21 | 21 | */ | 
| 22 | 22 | class LEClient | 
| 23 | 23 |  { | 
| 24 | - const LE_PRODUCTION = 'https://acme-v02.api.letsencrypt.org'; | |
| 25 | - const LE_STAGING = 'https://acme-staging-v02.api.letsencrypt.org'; | |
| 26 | - | |
| 27 | - /** @var LEConnector */ | |
| 28 | - private $connector; | |
| 29 | - | |
| 30 | - /** @var LEAccount */ | |
| 31 | - private $account; | |
| 32 | - | |
| 33 | - private $baseURL; | |
| 34 | - | |
| 35 | - /** @var LoggerInterface */ | |
| 36 | - private $log; | |
| 37 | - | |
| 38 | - /** @var ClientInterface */ | |
| 39 | - private $httpClient; | |
| 40 | - | |
| 41 | - /** @var DNSValidatorInterface */ | |
| 42 | - private $dns; | |
| 43 | - | |
| 44 | - /** @var Sleep */ | |
| 45 | - private $sleep; | |
| 46 | - | |
| 47 | - /** @var CertificateStorageInterface */ | |
| 48 | - private $storage; | |
| 49 | - | |
| 50 | - | |
| 51 | - private $email; | |
| 52 | - | |
| 53 | - /** | |
| 54 | - * Initiates the LetsEncrypt main client. | |
| 55 | - * | |
| 56 | - * @param array $email The array of strings containing e-mail addresses. Only used in this function when | |
| 57 | - * creating a new account. | |
| 58 | - * @param string|bool $acmeURL ACME URL, can be string or one of predefined values: LE_STAGING or LE_PRODUCTION. | |
| 59 | - * Defaults to LE_STAGING. Can also pass true/false for staging/production | |
| 60 | - * @param LoggerInterface $logger PSR-3 compatible logger | |
| 61 | - * @param ClientInterface|null $httpClient you can pass a custom client used for HTTP requests, if null is passed | |
| 62 | - * one will be created | |
| 63 | - * @param CertificateStorageInterface|null $storage service for certificates. If not supplied, a default | |
| 64 | - * storage object will retain certificates in the local filesystem in a directory | |
| 65 | - * called certificates in the current working directory | |
| 66 | - * @param DNSValidatorInterface|null $dnsValidator service for checking DNS challenges. By default, this will use | |
| 67 | - * Google's DNS over HTTPs service, which should insulate you from cached entries, | |
| 68 | - * but this can be swapped for 'NativeDNS' or other alternative implementation | |
| 69 | - */ | |
| 70 | - public function __construct( | |
| 71 | - $email, | |
| 72 | - $acmeURL = LEClient::LE_STAGING, | |
| 73 | - LoggerInterface $logger = null, | |
| 74 | - ClientInterface $httpClient = null, | |
| 75 | - CertificateStorageInterface $storage = null, | |
| 76 | - DNSValidatorInterface $dnsValidator = null | |
| 77 | -    ) { | |
| 78 | - $this->log = $logger ?? new NullLogger(); | |
| 79 | - | |
| 80 | - $this->initBaseUrl($acmeURL); | |
| 81 | - | |
| 82 | - $this->httpClient = $httpClient ?? new Client(); | |
| 83 | - | |
| 84 | - $this->storage = $storage ?? new FilesystemCertificateStorage(); | |
| 85 | - $this->dns = $dnsValidator ?? new DNSOverHTTPS(); | |
| 86 | - $this->sleep = new Sleep; | |
| 87 | - $this->email = $email; | |
| 88 | - } | |
| 89 | - | |
| 90 | - private function initBaseUrl($acmeURL) | |
| 91 | -    { | |
| 92 | -        if (is_bool($acmeURL)) { | |
| 93 | - $this->baseURL = $acmeURL ? LEClient::LE_STAGING : LEClient::LE_PRODUCTION; | |
| 94 | -        } elseif (is_string($acmeURL)) { | |
| 95 | - $this->baseURL = $acmeURL; | |
| 96 | -        } else { | |
| 97 | -            throw new LogicException('acmeURL must be set to string or bool (legacy)'); | |
| 98 | - } | |
| 99 | - } | |
| 100 | - | |
| 101 | - public function getBaseUrl() | |
| 102 | -    { | |
| 103 | - return $this->baseURL; | |
| 104 | - } | |
| 105 | - | |
| 106 | - /** | |
| 107 | - * Inject alternative DNS resolver for testing | |
| 108 | - * @param DNSValidatorInterface $dns | |
| 109 | - */ | |
| 110 | - public function setDNS(DNSValidatorInterface $dns) | |
| 111 | -    { | |
| 112 | - $this->dns = $dns; | |
| 113 | - } | |
| 114 | - | |
| 115 | - /** | |
| 116 | - * Inject alternative sleep service for testing | |
| 117 | - * @param Sleep $sleep | |
| 118 | - */ | |
| 119 | - public function setSleep(Sleep $sleep) | |
| 120 | -    { | |
| 121 | - $this->sleep = $sleep; | |
| 122 | - } | |
| 123 | - | |
| 124 | - private function getConnector() | |
| 125 | -    { | |
| 126 | -        if (!isset($this->connector)) { | |
| 127 | - $this->connector = new LEConnector($this->log, $this->httpClient, $this->baseURL, $this->storage); | |
| 128 | - | |
| 129 | - //we need to initialize an account before using the connector | |
| 130 | - $this->getAccount(); | |
| 131 | - } | |
| 132 | - | |
| 133 | - return $this->connector; | |
| 134 | - } | |
| 135 | - | |
| 136 | - /** | |
| 137 | - * Returns the LetsEncrypt account used in the current client. | |
| 138 | - * | |
| 139 | - * @return LEAccount The LetsEncrypt Account instance used by the client. | |
| 140 | - */ | |
| 141 | - public function getAccount() | |
| 142 | -    { | |
| 143 | -        if (!isset($this->account)) { | |
| 144 | - $this->account = new LEAccount($this->getConnector(), $this->log, $this->email, $this->storage); | |
| 145 | - } | |
| 146 | - return $this->account; | |
| 147 | - } | |
| 148 | - | |
| 149 | - /** | |
| 150 | - * Returns a LetsEncrypt order. If an order exists, this one is returned. If not, a new order is created and | |
| 151 | - * returned. | |
| 152 | - * | |
| 153 | - * @param string $basename The base name for the order. Preferable the top domain (example.org). Will be the | |
| 154 | - * directory in which the keys are stored. Used for the CommonName in the certificate as | |
| 155 | - * well. | |
| 156 | - * @param array $domains The array of strings containing the domain names on the certificate. | |
| 157 | - * @param string $keyType Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format | |
| 158 | - * (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes) | |
| 159 | - * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the | |
| 160 | - * certificate becomes valid. Defaults to the moment the order is finalized. (optional) | |
| 161 | - * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the | |
| 162 | - * certificate is valid. Defaults to 90 days past the moment the order is finalized. | |
| 163 | - * (optional) | |
| 164 | - * | |
| 165 | - * @return LEOrder The LetsEncrypt Order instance which is either retrieved or created. | |
| 166 | - */ | |
| 167 | - public function getOrCreateOrder($basename, $domains, $keyType = 'rsa-4096', $notBefore = '', $notAfter = '') | |
| 168 | -    { | |
| 169 | -        $this->log->info("LEClient::getOrCreateOrder($basename,...)"); | |
| 170 | - | |
| 171 | - $order = new LEOrder($this->getConnector(), $this->storage, $this->log, $this->dns, $this->sleep); | |
| 172 | - $order->loadOrder($basename, $domains, $keyType, $notBefore, $notAfter); | |
| 173 | - | |
| 174 | - return $order; | |
| 175 | - } | |
| 24 | + const LE_PRODUCTION = 'https://acme-v02.api.letsencrypt.org'; | |
| 25 | + const LE_STAGING = 'https://acme-staging-v02.api.letsencrypt.org'; | |
| 26 | + | |
| 27 | + /** @var LEConnector */ | |
| 28 | + private $connector; | |
| 29 | + | |
| 30 | + /** @var LEAccount */ | |
| 31 | + private $account; | |
| 32 | + | |
| 33 | + private $baseURL; | |
| 34 | + | |
| 35 | + /** @var LoggerInterface */ | |
| 36 | + private $log; | |
| 37 | + | |
| 38 | + /** @var ClientInterface */ | |
| 39 | + private $httpClient; | |
| 40 | + | |
| 41 | + /** @var DNSValidatorInterface */ | |
| 42 | + private $dns; | |
| 43 | + | |
| 44 | + /** @var Sleep */ | |
| 45 | + private $sleep; | |
| 46 | + | |
| 47 | + /** @var CertificateStorageInterface */ | |
| 48 | + private $storage; | |
| 49 | + | |
| 50 | + | |
| 51 | + private $email; | |
| 52 | + | |
| 53 | + /** | |
| 54 | + * Initiates the LetsEncrypt main client. | |
| 55 | + * | |
| 56 | + * @param array $email The array of strings containing e-mail addresses. Only used in this function when | |
| 57 | + * creating a new account. | |
| 58 | + * @param string|bool $acmeURL ACME URL, can be string or one of predefined values: LE_STAGING or LE_PRODUCTION. | |
| 59 | + * Defaults to LE_STAGING. Can also pass true/false for staging/production | |
| 60 | + * @param LoggerInterface $logger PSR-3 compatible logger | |
| 61 | + * @param ClientInterface|null $httpClient you can pass a custom client used for HTTP requests, if null is passed | |
| 62 | + * one will be created | |
| 63 | + * @param CertificateStorageInterface|null $storage service for certificates. If not supplied, a default | |
| 64 | + * storage object will retain certificates in the local filesystem in a directory | |
| 65 | + * called certificates in the current working directory | |
| 66 | + * @param DNSValidatorInterface|null $dnsValidator service for checking DNS challenges. By default, this will use | |
| 67 | + * Google's DNS over HTTPs service, which should insulate you from cached entries, | |
| 68 | + * but this can be swapped for 'NativeDNS' or other alternative implementation | |
| 69 | + */ | |
| 70 | + public function __construct( | |
| 71 | + $email, | |
| 72 | + $acmeURL = LEClient::LE_STAGING, | |
| 73 | + LoggerInterface $logger = null, | |
| 74 | + ClientInterface $httpClient = null, | |
| 75 | + CertificateStorageInterface $storage = null, | |
| 76 | + DNSValidatorInterface $dnsValidator = null | |
| 77 | +	) { | |
| 78 | + $this->log = $logger ?? new NullLogger(); | |
| 79 | + | |
| 80 | + $this->initBaseUrl($acmeURL); | |
| 81 | + | |
| 82 | + $this->httpClient = $httpClient ?? new Client(); | |
| 83 | + | |
| 84 | + $this->storage = $storage ?? new FilesystemCertificateStorage(); | |
| 85 | + $this->dns = $dnsValidator ?? new DNSOverHTTPS(); | |
| 86 | + $this->sleep = new Sleep; | |
| 87 | + $this->email = $email; | |
| 88 | + } | |
| 89 | + | |
| 90 | + private function initBaseUrl($acmeURL) | |
| 91 | +	{ | |
| 92 | +		if (is_bool($acmeURL)) { | |
| 93 | + $this->baseURL = $acmeURL ? LEClient::LE_STAGING : LEClient::LE_PRODUCTION; | |
| 94 | +		} elseif (is_string($acmeURL)) { | |
| 95 | + $this->baseURL = $acmeURL; | |
| 96 | +		} else { | |
| 97 | +			throw new LogicException('acmeURL must be set to string or bool (legacy)'); | |
| 98 | + } | |
| 99 | + } | |
| 100 | + | |
| 101 | + public function getBaseUrl() | |
| 102 | +	{ | |
| 103 | + return $this->baseURL; | |
| 104 | + } | |
| 105 | + | |
| 106 | + /** | |
| 107 | + * Inject alternative DNS resolver for testing | |
| 108 | + * @param DNSValidatorInterface $dns | |
| 109 | + */ | |
| 110 | + public function setDNS(DNSValidatorInterface $dns) | |
| 111 | +	{ | |
| 112 | + $this->dns = $dns; | |
| 113 | + } | |
| 114 | + | |
| 115 | + /** | |
| 116 | + * Inject alternative sleep service for testing | |
| 117 | + * @param Sleep $sleep | |
| 118 | + */ | |
| 119 | + public function setSleep(Sleep $sleep) | |
| 120 | +	{ | |
| 121 | + $this->sleep = $sleep; | |
| 122 | + } | |
| 123 | + | |
| 124 | + private function getConnector() | |
| 125 | +	{ | |
| 126 | +		if (!isset($this->connector)) { | |
| 127 | + $this->connector = new LEConnector($this->log, $this->httpClient, $this->baseURL, $this->storage); | |
| 128 | + | |
| 129 | + //we need to initialize an account before using the connector | |
| 130 | + $this->getAccount(); | |
| 131 | + } | |
| 132 | + | |
| 133 | + return $this->connector; | |
| 134 | + } | |
| 135 | + | |
| 136 | + /** | |
| 137 | + * Returns the LetsEncrypt account used in the current client. | |
| 138 | + * | |
| 139 | + * @return LEAccount The LetsEncrypt Account instance used by the client. | |
| 140 | + */ | |
| 141 | + public function getAccount() | |
| 142 | +	{ | |
| 143 | +		if (!isset($this->account)) { | |
| 144 | + $this->account = new LEAccount($this->getConnector(), $this->log, $this->email, $this->storage); | |
| 145 | + } | |
| 146 | + return $this->account; | |
| 147 | + } | |
| 148 | + | |
| 149 | + /** | |
| 150 | + * Returns a LetsEncrypt order. If an order exists, this one is returned. If not, a new order is created and | |
| 151 | + * returned. | |
| 152 | + * | |
| 153 | + * @param string $basename The base name for the order. Preferable the top domain (example.org). Will be the | |
| 154 | + * directory in which the keys are stored. Used for the CommonName in the certificate as | |
| 155 | + * well. | |
| 156 | + * @param array $domains The array of strings containing the domain names on the certificate. | |
| 157 | + * @param string $keyType Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format | |
| 158 | + * (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes) | |
| 159 | + * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the | |
| 160 | + * certificate becomes valid. Defaults to the moment the order is finalized. (optional) | |
| 161 | + * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the | |
| 162 | + * certificate is valid. Defaults to 90 days past the moment the order is finalized. | |
| 163 | + * (optional) | |
| 164 | + * | |
| 165 | + * @return LEOrder The LetsEncrypt Order instance which is either retrieved or created. | |
| 166 | + */ | |
| 167 | + public function getOrCreateOrder($basename, $domains, $keyType = 'rsa-4096', $notBefore = '', $notAfter = '') | |
| 168 | +	{ | |
| 169 | +		$this->log->info("LEClient::getOrCreateOrder($basename,...)"); | |
| 170 | + | |
| 171 | + $order = new LEOrder($this->getConnector(), $this->storage, $this->log, $this->dns, $this->sleep); | |
| 172 | + $order->loadOrder($basename, $domains, $keyType, $notBefore, $notAfter); | |
| 173 | + | |
| 174 | + return $order; | |
| 175 | + } | |
| 176 | 176 | } | 
| @@ -13,88 +13,88 @@ | ||
| 13 | 13 | */ | 
| 14 | 14 | class DiagnosticLogger extends AbstractLogger | 
| 15 | 15 |  { | 
| 16 | - private $logs = []; | |
| 17 | - | |
| 18 | - public function log($level, $message, array $context = []) | |
| 19 | -    { | |
| 20 | - $this->logs[] = [$level, $message, $context]; | |
| 21 | - } | |
| 22 | - | |
| 23 | - public function dumpConsole($useColours = true) | |
| 24 | -    { | |
| 25 | - $colours = [ | |
| 26 | - 'alert' => "\e[97m\e[41m", | |
| 27 | - 'emergency' => "\e[97m\e[41m", | |
| 28 | - 'critical' => "\e[97m\e[41m", | |
| 29 | - 'error' => "\e[91m", | |
| 30 | - 'warning' => "\e[93m", | |
| 31 | - 'notice' => "\e[96m", | |
| 32 | - 'info' => "\e[92m", | |
| 33 | - 'debug' => "\e[2m", | |
| 34 | - ]; | |
| 35 | - | |
| 36 | - $reset = $useColours ? "\e[0m" : ''; | |
| 37 | - | |
| 38 | -        foreach ($this->logs as $log) { | |
| 39 | - $col = $useColours ? $colours[$log[0]] : ''; | |
| 40 | - echo $col . $log[0] . ': ' . $this->interpolateMessage($log[1], $log[2]) . $reset . "\n"; | |
| 41 | - } | |
| 42 | - } | |
| 43 | - | |
| 44 | - public function dumpHTML($echo = true) | |
| 45 | -    { | |
| 46 | - $html = '<div class="liblynx-diagnostic-log">'; | |
| 47 | - $html .= '<table class="table"><thead><tr><th>Level</th><th>Message</th></tr></thead><tbody>'; | |
| 48 | - $html .= "\n"; | |
| 49 | - | |
| 50 | -        foreach ($this->logs as $log) { | |
| 51 | - $html .= '<tr class="level-' . $log[0] . '"><td>' . $log[0] . '</td><td>' . | |
| 52 | - htmlentities($this->interpolateMessage($log[1], $log[2])) . | |
| 53 | - "</td></tr>\n"; | |
| 54 | - } | |
| 55 | - $html .= "</tbody></table></div>\n"; | |
| 56 | - | |
| 57 | -        if ($echo) { | |
| 58 | - echo $html; //@codeCoverageIgnore | |
| 59 | - } | |
| 60 | - return $html; | |
| 61 | - } | |
| 62 | - | |
| 63 | - /** | |
| 64 | - * Interpolates context values into the message placeholders. | |
| 65 | - */ | |
| 66 | - private function interpolateMessage($message, array $context = []) | |
| 67 | -    { | |
| 68 | - // build a replacement array with braces around the context keys | |
| 69 | - $replace = []; | |
| 70 | -        foreach ($context as $key => $val) { | |
| 71 | - // check that the value can be casted to string | |
| 72 | -            if (!is_array($val) && (!is_object($val) || method_exists($val, '__toString'))) { | |
| 73 | -                $replace['{' . $key . '}'] = $val; | |
| 74 | - } | |
| 75 | - } | |
| 76 | - | |
| 77 | - // interpolate replacement values into the message and return | |
| 78 | - return strtr($message, $replace); | |
| 79 | - } | |
| 80 | - | |
| 81 | - | |
| 82 | - public function cleanLogs() | |
| 83 | -    { | |
| 84 | - $logs = $this->logs; | |
| 85 | - $this->logs = []; | |
| 86 | - | |
| 87 | - return $logs; | |
| 88 | - } | |
| 89 | - | |
| 90 | - public function countLogs($level) | |
| 91 | -    { | |
| 92 | - $count = 0; | |
| 93 | -        foreach ($this->logs as $log) { | |
| 94 | -            if ($log[0] == $level) { | |
| 95 | - $count++; | |
| 96 | - } | |
| 97 | - } | |
| 98 | - return $count; | |
| 99 | - } | |
| 16 | + private $logs = []; | |
| 17 | + | |
| 18 | + public function log($level, $message, array $context = []) | |
| 19 | +	{ | |
| 20 | + $this->logs[] = [$level, $message, $context]; | |
| 21 | + } | |
| 22 | + | |
| 23 | + public function dumpConsole($useColours = true) | |
| 24 | +	{ | |
| 25 | + $colours = [ | |
| 26 | + 'alert' => "\e[97m\e[41m", | |
| 27 | + 'emergency' => "\e[97m\e[41m", | |
| 28 | + 'critical' => "\e[97m\e[41m", | |
| 29 | + 'error' => "\e[91m", | |
| 30 | + 'warning' => "\e[93m", | |
| 31 | + 'notice' => "\e[96m", | |
| 32 | + 'info' => "\e[92m", | |
| 33 | + 'debug' => "\e[2m", | |
| 34 | + ]; | |
| 35 | + | |
| 36 | + $reset = $useColours ? "\e[0m" : ''; | |
| 37 | + | |
| 38 | +		foreach ($this->logs as $log) { | |
| 39 | + $col = $useColours ? $colours[$log[0]] : ''; | |
| 40 | + echo $col . $log[0] . ': ' . $this->interpolateMessage($log[1], $log[2]) . $reset . "\n"; | |
| 41 | + } | |
| 42 | + } | |
| 43 | + | |
| 44 | + public function dumpHTML($echo = true) | |
| 45 | +	{ | |
| 46 | + $html = '<div class="liblynx-diagnostic-log">'; | |
| 47 | + $html .= '<table class="table"><thead><tr><th>Level</th><th>Message</th></tr></thead><tbody>'; | |
| 48 | + $html .= "\n"; | |
| 49 | + | |
| 50 | +		foreach ($this->logs as $log) { | |
| 51 | + $html .= '<tr class="level-' . $log[0] . '"><td>' . $log[0] . '</td><td>' . | |
| 52 | + htmlentities($this->interpolateMessage($log[1], $log[2])) . | |
| 53 | + "</td></tr>\n"; | |
| 54 | + } | |
| 55 | + $html .= "</tbody></table></div>\n"; | |
| 56 | + | |
| 57 | +		if ($echo) { | |
| 58 | + echo $html; //@codeCoverageIgnore | |
| 59 | + } | |
| 60 | + return $html; | |
| 61 | + } | |
| 62 | + | |
| 63 | + /** | |
| 64 | + * Interpolates context values into the message placeholders. | |
| 65 | + */ | |
| 66 | + private function interpolateMessage($message, array $context = []) | |
| 67 | +	{ | |
| 68 | + // build a replacement array with braces around the context keys | |
| 69 | + $replace = []; | |
| 70 | +		foreach ($context as $key => $val) { | |
| 71 | + // check that the value can be casted to string | |
| 72 | +			if (!is_array($val) && (!is_object($val) || method_exists($val, '__toString'))) { | |
| 73 | +				$replace['{' . $key . '}'] = $val; | |
| 74 | + } | |
| 75 | + } | |
| 76 | + | |
| 77 | + // interpolate replacement values into the message and return | |
| 78 | + return strtr($message, $replace); | |
| 79 | + } | |
| 80 | + | |
| 81 | + | |
| 82 | + public function cleanLogs() | |
| 83 | +	{ | |
| 84 | + $logs = $this->logs; | |
| 85 | + $this->logs = []; | |
| 86 | + | |
| 87 | + return $logs; | |
| 88 | + } | |
| 89 | + | |
| 90 | + public function countLogs($level) | |
| 91 | +	{ | |
| 92 | + $count = 0; | |
| 93 | +		foreach ($this->logs as $log) { | |
| 94 | +			if ($log[0] == $level) { | |
| 95 | + $count++; | |
| 96 | + } | |
| 97 | + } | |
| 98 | + return $count; | |
| 99 | + } | |
| 100 | 100 | } | 
| @@ -10,161 +10,161 @@ | ||
| 10 | 10 | */ | 
| 11 | 11 | class FilesystemCertificateStorage implements CertificateStorageInterface | 
| 12 | 12 |  { | 
| 13 | - private $dir; | |
| 14 | - | |
| 15 | - public function __construct($dir = null) | |
| 16 | -    { | |
| 17 | - $this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'certificates'; | |
| 18 | - | |
| 19 | -        if (!is_dir($this->dir)) { | |
| 20 | - /** @scrutinizer ignore-unhandled */ @mkdir($this->dir); | |
| 21 | - } | |
| 22 | -        if (!is_writable($this->dir)) { | |
| 23 | -            throw new RuntimeException("{$this->dir} is not writable"); | |
| 24 | - } | |
| 25 | - } | |
| 26 | - | |
| 27 | - | |
| 28 | - /** | |
| 29 | - * @inheritdoc | |
| 30 | - */ | |
| 31 | - public function getAccountPublicKey() | |
| 32 | -    { | |
| 33 | -        return $this->getMetadata('account.public'); | |
| 34 | - } | |
| 35 | - | |
| 36 | - /** | |
| 37 | - * @inheritdoc | |
| 38 | - */ | |
| 39 | - public function setAccountPublicKey($key) | |
| 40 | -    { | |
| 41 | -        $this->setMetadata('account.public', $key); | |
| 42 | - } | |
| 43 | - | |
| 44 | - /** | |
| 45 | - * @inheritdoc | |
| 46 | - */ | |
| 47 | - public function getAccountPrivateKey() | |
| 48 | -    { | |
| 49 | -        return $this->getMetadata('account.key'); | |
| 50 | - } | |
| 51 | - | |
| 52 | - /** | |
| 53 | - * @inheritdoc | |
| 54 | - */ | |
| 55 | - public function setAccountPrivateKey($key) | |
| 56 | -    { | |
| 57 | -        $this->setMetadata('account.key', $key); | |
| 58 | - } | |
| 59 | - | |
| 60 | - private function getDomainKey($domain, $suffix) | |
| 61 | -    { | |
| 62 | -        return str_replace('*', 'wildcard', $domain).'.'.$suffix; | |
| 63 | - } | |
| 64 | - /** | |
| 65 | - * @inheritdoc | |
| 66 | - */ | |
| 67 | - public function getCertificate($domain) | |
| 68 | -    { | |
| 69 | - return $this->getMetadata($this->getDomainKey($domain, 'crt')); | |
| 70 | - } | |
| 71 | - | |
| 72 | - /** | |
| 73 | - * @inheritdoc | |
| 74 | - */ | |
| 75 | - public function setCertificate($domain, $certificate) | |
| 76 | -    { | |
| 77 | - $this->setMetadata($this->getDomainKey($domain, 'crt'), $certificate); | |
| 78 | - } | |
| 79 | - | |
| 80 | - /** | |
| 81 | - * @inheritdoc | |
| 82 | - */ | |
| 83 | - public function getFullChainCertificate($domain) | |
| 84 | -    { | |
| 85 | - return $this->getMetadata($this->getDomainKey($domain, 'fullchain.crt')); | |
| 86 | - } | |
| 87 | - | |
| 88 | - /** | |
| 89 | - * @inheritdoc | |
| 90 | - */ | |
| 91 | - public function setFullChainCertificate($domain, $certificate) | |
| 92 | -    { | |
| 93 | - $this->setMetadata($this->getDomainKey($domain, 'fullchain.crt'), $certificate); | |
| 94 | - } | |
| 95 | - | |
| 96 | - /** | |
| 97 | - * @inheritdoc | |
| 98 | - */ | |
| 99 | - public function getPrivateKey($domain) | |
| 100 | -    { | |
| 101 | - return $this->getMetadata($this->getDomainKey($domain, 'key')); | |
| 102 | - } | |
| 103 | - | |
| 104 | - /** | |
| 105 | - * @inheritdoc | |
| 106 | - */ | |
| 107 | - public function setPrivateKey($domain, $key) | |
| 108 | -    { | |
| 109 | - $this->setMetadata($this->getDomainKey($domain, 'key'), $key); | |
| 110 | - } | |
| 111 | - | |
| 112 | - /** | |
| 113 | - * @inheritdoc | |
| 114 | - */ | |
| 115 | - public function getPublicKey($domain) | |
| 116 | -    { | |
| 117 | - return $this->getMetadata($this->getDomainKey($domain, 'public')); | |
| 118 | - } | |
| 119 | - | |
| 120 | - /** | |
| 121 | - * @inheritdoc | |
| 122 | - */ | |
| 123 | - public function setPublicKey($domain, $key) | |
| 124 | -    { | |
| 125 | - $this->setMetadata($this->getDomainKey($domain, 'public'), $key); | |
| 126 | - } | |
| 127 | - | |
| 128 | - private function getMetadataFilename($key) | |
| 129 | -    { | |
| 130 | -        $key=str_replace('*', 'wildcard', $key); | |
| 131 | - $file=$this->dir.DIRECTORY_SEPARATOR.$key; | |
| 132 | - return $file; | |
| 133 | - } | |
| 134 | - /** | |
| 135 | - * @inheritdoc | |
| 136 | - */ | |
| 137 | - public function getMetadata($key) | |
| 138 | -    { | |
| 139 | - $file=$this->getMetadataFilename($key); | |
| 140 | -        if (!file_exists($file)) { | |
| 141 | - return null; | |
| 142 | - } | |
| 143 | - return file_get_contents($file); | |
| 144 | - } | |
| 145 | - | |
| 146 | - /** | |
| 147 | - * @inheritdoc | |
| 148 | - */ | |
| 149 | - public function setMetadata($key, $value) | |
| 150 | -    { | |
| 151 | - $file=$this->getMetadataFilename($key); | |
| 152 | -        if (is_null($value)) { | |
| 153 | - //nothing to store, ensure file is removed | |
| 154 | -            if (file_exists($file)) { | |
| 155 | - unlink($file); | |
| 156 | - } | |
| 157 | -        } else { | |
| 158 | - file_put_contents($file, $value); | |
| 159 | - } | |
| 160 | - } | |
| 161 | - | |
| 162 | - /** | |
| 163 | - * @inheritdoc | |
| 164 | - */ | |
| 165 | - public function hasMetadata($key) | |
| 166 | -    { | |
| 167 | - $file=$this->getMetadataFilename($key); | |
| 168 | - return file_exists($file); | |
| 169 | - } | |
| 13 | + private $dir; | |
| 14 | + | |
| 15 | + public function __construct($dir = null) | |
| 16 | +	{ | |
| 17 | + $this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'certificates'; | |
| 18 | + | |
| 19 | +		if (!is_dir($this->dir)) { | |
| 20 | + /** @scrutinizer ignore-unhandled */ @mkdir($this->dir); | |
| 21 | + } | |
| 22 | +		if (!is_writable($this->dir)) { | |
| 23 | +			throw new RuntimeException("{$this->dir} is not writable"); | |
| 24 | + } | |
| 25 | + } | |
| 26 | + | |
| 27 | + | |
| 28 | + /** | |
| 29 | + * @inheritdoc | |
| 30 | + */ | |
| 31 | + public function getAccountPublicKey() | |
| 32 | +	{ | |
| 33 | +		return $this->getMetadata('account.public'); | |
| 34 | + } | |
| 35 | + | |
| 36 | + /** | |
| 37 | + * @inheritdoc | |
| 38 | + */ | |
| 39 | + public function setAccountPublicKey($key) | |
| 40 | +	{ | |
| 41 | +		$this->setMetadata('account.public', $key); | |
| 42 | + } | |
| 43 | + | |
| 44 | + /** | |
| 45 | + * @inheritdoc | |
| 46 | + */ | |
| 47 | + public function getAccountPrivateKey() | |
| 48 | +	{ | |
| 49 | +		return $this->getMetadata('account.key'); | |
| 50 | + } | |
| 51 | + | |
| 52 | + /** | |
| 53 | + * @inheritdoc | |
| 54 | + */ | |
| 55 | + public function setAccountPrivateKey($key) | |
| 56 | +	{ | |
| 57 | +		$this->setMetadata('account.key', $key); | |
| 58 | + } | |
| 59 | + | |
| 60 | + private function getDomainKey($domain, $suffix) | |
| 61 | +	{ | |
| 62 | +		return str_replace('*', 'wildcard', $domain).'.'.$suffix; | |
| 63 | + } | |
| 64 | + /** | |
| 65 | + * @inheritdoc | |
| 66 | + */ | |
| 67 | + public function getCertificate($domain) | |
| 68 | +	{ | |
| 69 | + return $this->getMetadata($this->getDomainKey($domain, 'crt')); | |
| 70 | + } | |
| 71 | + | |
| 72 | + /** | |
| 73 | + * @inheritdoc | |
| 74 | + */ | |
| 75 | + public function setCertificate($domain, $certificate) | |
| 76 | +	{ | |
| 77 | + $this->setMetadata($this->getDomainKey($domain, 'crt'), $certificate); | |
| 78 | + } | |
| 79 | + | |
| 80 | + /** | |
| 81 | + * @inheritdoc | |
| 82 | + */ | |
| 83 | + public function getFullChainCertificate($domain) | |
| 84 | +	{ | |
| 85 | + return $this->getMetadata($this->getDomainKey($domain, 'fullchain.crt')); | |
| 86 | + } | |
| 87 | + | |
| 88 | + /** | |
| 89 | + * @inheritdoc | |
| 90 | + */ | |
| 91 | + public function setFullChainCertificate($domain, $certificate) | |
| 92 | +	{ | |
| 93 | + $this->setMetadata($this->getDomainKey($domain, 'fullchain.crt'), $certificate); | |
| 94 | + } | |
| 95 | + | |
| 96 | + /** | |
| 97 | + * @inheritdoc | |
| 98 | + */ | |
| 99 | + public function getPrivateKey($domain) | |
| 100 | +	{ | |
| 101 | + return $this->getMetadata($this->getDomainKey($domain, 'key')); | |
| 102 | + } | |
| 103 | + | |
| 104 | + /** | |
| 105 | + * @inheritdoc | |
| 106 | + */ | |
| 107 | + public function setPrivateKey($domain, $key) | |
| 108 | +	{ | |
| 109 | + $this->setMetadata($this->getDomainKey($domain, 'key'), $key); | |
| 110 | + } | |
| 111 | + | |
| 112 | + /** | |
| 113 | + * @inheritdoc | |
| 114 | + */ | |
| 115 | + public function getPublicKey($domain) | |
| 116 | +	{ | |
| 117 | + return $this->getMetadata($this->getDomainKey($domain, 'public')); | |
| 118 | + } | |
| 119 | + | |
| 120 | + /** | |
| 121 | + * @inheritdoc | |
| 122 | + */ | |
| 123 | + public function setPublicKey($domain, $key) | |
| 124 | +	{ | |
| 125 | + $this->setMetadata($this->getDomainKey($domain, 'public'), $key); | |
| 126 | + } | |
| 127 | + | |
| 128 | + private function getMetadataFilename($key) | |
| 129 | +	{ | |
| 130 | +		$key=str_replace('*', 'wildcard', $key); | |
| 131 | + $file=$this->dir.DIRECTORY_SEPARATOR.$key; | |
| 132 | + return $file; | |
| 133 | + } | |
| 134 | + /** | |
| 135 | + * @inheritdoc | |
| 136 | + */ | |
| 137 | + public function getMetadata($key) | |
| 138 | +	{ | |
| 139 | + $file=$this->getMetadataFilename($key); | |
| 140 | +		if (!file_exists($file)) { | |
| 141 | + return null; | |
| 142 | + } | |
| 143 | + return file_get_contents($file); | |
| 144 | + } | |
| 145 | + | |
| 146 | + /** | |
| 147 | + * @inheritdoc | |
| 148 | + */ | |
| 149 | + public function setMetadata($key, $value) | |
| 150 | +	{ | |
| 151 | + $file=$this->getMetadataFilename($key); | |
| 152 | +		if (is_null($value)) { | |
| 153 | + //nothing to store, ensure file is removed | |
| 154 | +			if (file_exists($file)) { | |
| 155 | + unlink($file); | |
| 156 | + } | |
| 157 | +		} else { | |
| 158 | + file_put_contents($file, $value); | |
| 159 | + } | |
| 160 | + } | |
| 161 | + | |
| 162 | + /** | |
| 163 | + * @inheritdoc | |
| 164 | + */ | |
| 165 | + public function hasMetadata($key) | |
| 166 | +	{ | |
| 167 | + $file=$this->getMetadataFilename($key); | |
| 168 | + return file_exists($file); | |
| 169 | + } | |
| 170 | 170 | } | 
| @@ -9,108 +9,108 @@ | ||
| 9 | 9 | */ | 
| 10 | 10 | interface CertificateStorageInterface | 
| 11 | 11 |  { | 
| 12 | - /** | |
| 13 | - * Get the public key for the ACME account | |
| 14 | - * @return string | |
| 15 | - */ | |
| 16 | - public function getAccountPublicKey(); | |
| 17 | - | |
| 18 | - /** | |
| 19 | - * Set the public key for the ACME account | |
| 20 | - * @return string | |
| 21 | - */ | |
| 22 | - public function setAccountPublicKey($key); | |
| 23 | - | |
| 24 | - /** | |
| 25 | - * Get the private key for the ACME account | |
| 26 | - * @return string | |
| 27 | - */ | |
| 28 | - public function getAccountPrivateKey(); | |
| 29 | - | |
| 30 | - /** | |
| 31 | - * Set the private key for the ACME account | |
| 32 | - * @return string | |
| 33 | - */ | |
| 34 | - public function setAccountPrivateKey($key); | |
| 35 | - | |
| 36 | - /** | |
| 37 | - * Get the certificate for the given domain | |
| 38 | - * | |
| 39 | - * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 40 | - * @return string|null returns null if no certificate is available for domain | |
| 41 | - */ | |
| 42 | - public function getCertificate($domain); | |
| 43 | - | |
| 44 | - /** | |
| 45 | - * Set the certificate for the given domain | |
| 46 | - * | |
| 47 | - * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 48 | - * @param $certificate string containing certificate | |
| 49 | - */ | |
| 50 | - public function setCertificate($domain, $certificate); | |
| 51 | - | |
| 52 | - /** | |
| 53 | - * Get the full chain certificate for the given domain | |
| 54 | - * | |
| 55 | - * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 56 | - * @return string|null returns null if no certificate is available for domain | |
| 57 | - */ | |
| 58 | - public function getFullChainCertificate($domain); | |
| 59 | - | |
| 60 | - /** | |
| 61 | - * Set the full chain certificate for the given domain | |
| 62 | - * | |
| 63 | - * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 64 | - * @param $certificate string containing certificate with any necessary chained certificates | |
| 65 | - */ | |
| 66 | - public function setFullChainCertificate($domain, $certificate); | |
| 67 | - | |
| 68 | - /** | |
| 69 | - * Get public key for given certificate | |
| 70 | - * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 71 | - * @return string|null returns null if no certificate is available for domain | |
| 72 | - */ | |
| 73 | - public function getPublicKey($domain); | |
| 74 | - | |
| 75 | - /** | |
| 76 | - * Set public key for domain | |
| 77 | - * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 78 | - * @param $key string containing private key for domain | |
| 79 | - */ | |
| 80 | - public function setPublicKey($domain, $key); | |
| 81 | - | |
| 82 | - /** | |
| 83 | - * Get private key for given certificate | |
| 84 | - * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 85 | - * @return string|null returns null if no certificate is available for domain | |
| 86 | - */ | |
| 87 | - public function getPrivateKey($domain); | |
| 88 | - | |
| 89 | - /** | |
| 90 | - * Set private key for domain | |
| 91 | - * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 92 | - * @param $key string containing private key for domain | |
| 93 | - */ | |
| 94 | - public function setPrivateKey($domain, $key); | |
| 95 | - | |
| 96 | - /** | |
| 97 | - * Get arbitrary persistent metadata | |
| 98 | - * @param $key string unique key | |
| 99 | - * @return mixed | |
| 100 | - */ | |
| 101 | - public function getMetadata($key); | |
| 102 | - | |
| 103 | - /** | |
| 104 | - * Store persistent metadata | |
| 105 | - * @param $key string unique key | |
| 106 | - * @param $value string value to store under given key | |
| 107 | - */ | |
| 108 | - public function setMetadata($key, $value); | |
| 109 | - | |
| 110 | - /** | |
| 111 | - * Check if persistent metadata for given key is available | |
| 112 | - * @param $key | |
| 113 | - * @return string|null | |
| 114 | - */ | |
| 115 | - public function hasMetadata($key); | |
| 12 | + /** | |
| 13 | + * Get the public key for the ACME account | |
| 14 | + * @return string | |
| 15 | + */ | |
| 16 | + public function getAccountPublicKey(); | |
| 17 | + | |
| 18 | + /** | |
| 19 | + * Set the public key for the ACME account | |
| 20 | + * @return string | |
| 21 | + */ | |
| 22 | + public function setAccountPublicKey($key); | |
| 23 | + | |
| 24 | + /** | |
| 25 | + * Get the private key for the ACME account | |
| 26 | + * @return string | |
| 27 | + */ | |
| 28 | + public function getAccountPrivateKey(); | |
| 29 | + | |
| 30 | + /** | |
| 31 | + * Set the private key for the ACME account | |
| 32 | + * @return string | |
| 33 | + */ | |
| 34 | + public function setAccountPrivateKey($key); | |
| 35 | + | |
| 36 | + /** | |
| 37 | + * Get the certificate for the given domain | |
| 38 | + * | |
| 39 | + * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 40 | + * @return string|null returns null if no certificate is available for domain | |
| 41 | + */ | |
| 42 | + public function getCertificate($domain); | |
| 43 | + | |
| 44 | + /** | |
| 45 | + * Set the certificate for the given domain | |
| 46 | + * | |
| 47 | + * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 48 | + * @param $certificate string containing certificate | |
| 49 | + */ | |
| 50 | + public function setCertificate($domain, $certificate); | |
| 51 | + | |
| 52 | + /** | |
| 53 | + * Get the full chain certificate for the given domain | |
| 54 | + * | |
| 55 | + * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 56 | + * @return string|null returns null if no certificate is available for domain | |
| 57 | + */ | |
| 58 | + public function getFullChainCertificate($domain); | |
| 59 | + | |
| 60 | + /** | |
| 61 | + * Set the full chain certificate for the given domain | |
| 62 | + * | |
| 63 | + * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 64 | + * @param $certificate string containing certificate with any necessary chained certificates | |
| 65 | + */ | |
| 66 | + public function setFullChainCertificate($domain, $certificate); | |
| 67 | + | |
| 68 | + /** | |
| 69 | + * Get public key for given certificate | |
| 70 | + * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 71 | + * @return string|null returns null if no certificate is available for domain | |
| 72 | + */ | |
| 73 | + public function getPublicKey($domain); | |
| 74 | + | |
| 75 | + /** | |
| 76 | + * Set public key for domain | |
| 77 | + * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 78 | + * @param $key string containing private key for domain | |
| 79 | + */ | |
| 80 | + public function setPublicKey($domain, $key); | |
| 81 | + | |
| 82 | + /** | |
| 83 | + * Get private key for given certificate | |
| 84 | + * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 85 | + * @return string|null returns null if no certificate is available for domain | |
| 86 | + */ | |
| 87 | + public function getPrivateKey($domain); | |
| 88 | + | |
| 89 | + /** | |
| 90 | + * Set private key for domain | |
| 91 | + * @param $domain string given base domain of certificate (which might include *.wildcard) | |
| 92 | + * @param $key string containing private key for domain | |
| 93 | + */ | |
| 94 | + public function setPrivateKey($domain, $key); | |
| 95 | + | |
| 96 | + /** | |
| 97 | + * Get arbitrary persistent metadata | |
| 98 | + * @param $key string unique key | |
| 99 | + * @return mixed | |
| 100 | + */ | |
| 101 | + public function getMetadata($key); | |
| 102 | + | |
| 103 | + /** | |
| 104 | + * Store persistent metadata | |
| 105 | + * @param $key string unique key | |
| 106 | + * @param $value string value to store under given key | |
| 107 | + */ | |
| 108 | + public function setMetadata($key, $value); | |
| 109 | + | |
| 110 | + /** | |
| 111 | + * Check if persistent metadata for given key is available | |
| 112 | + * @param $key | |
| 113 | + * @return string|null | |
| 114 | + */ | |
| 115 | + public function hasMetadata($key); | |
| 116 | 116 | } | 
| @@ -13,82 +13,82 @@ | ||
| 13 | 13 | */ | 
| 14 | 14 | class LEAuthorization | 
| 15 | 15 |  { | 
| 16 | - private $connector; | |
| 16 | + private $connector; | |
| 17 | 17 | |
| 18 | - public $authorizationURL; | |
| 19 | - public $identifier; | |
| 20 | - public $status; | |
| 21 | - public $expires; | |
| 22 | - public $challenges; | |
| 18 | + public $authorizationURL; | |
| 19 | + public $identifier; | |
| 20 | + public $status; | |
| 21 | + public $expires; | |
| 22 | + public $challenges; | |
| 23 | 23 | |
| 24 | - /** @var LoggerInterface */ | |
| 25 | - private $log; | |
| 24 | + /** @var LoggerInterface */ | |
| 25 | + private $log; | |
| 26 | 26 | |
| 27 | - /** | |
| 28 | - * Initiates the LetsEncrypt Authorization class. Child of a LetsEncrypt Order instance. | |
| 29 | - * | |
| 30 | - * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests. | |
| 31 | - * @param LoggerInterface $log PSR-3 logger | |
| 32 | - * @param string $authorizationURL The URL of the authorization, given by a LetsEncrypt order request. | |
| 33 | - */ | |
| 34 | - public function __construct($connector, LoggerInterface $log, $authorizationURL) | |
| 35 | -    { | |
| 36 | - $this->connector = $connector; | |
| 37 | - $this->log = $log; | |
| 38 | - $this->authorizationURL = $authorizationURL; | |
| 27 | + /** | |
| 28 | + * Initiates the LetsEncrypt Authorization class. Child of a LetsEncrypt Order instance. | |
| 29 | + * | |
| 30 | + * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests. | |
| 31 | + * @param LoggerInterface $log PSR-3 logger | |
| 32 | + * @param string $authorizationURL The URL of the authorization, given by a LetsEncrypt order request. | |
| 33 | + */ | |
| 34 | + public function __construct($connector, LoggerInterface $log, $authorizationURL) | |
| 35 | +	{ | |
| 36 | + $this->connector = $connector; | |
| 37 | + $this->log = $log; | |
| 38 | + $this->authorizationURL = $authorizationURL; | |
| 39 | 39 | |
| 40 | - $get = $this->connector->get($this->authorizationURL); | |
| 41 | -        if ($get['status'] === 200) { | |
| 42 | - $this->identifier = $get['body']['identifier']; | |
| 43 | - $this->status = $get['body']['status']; | |
| 44 | - $this->expires = $get['body']['expires']; | |
| 45 | - $this->challenges = $get['body']['challenges']; | |
| 46 | -        } else { | |
| 47 | - //@codeCoverageIgnoreStart | |
| 48 | -            $this->log->error("LEAuthorization::__construct cannot find authorization $authorizationURL"); | |
| 49 | - //@codeCoverageIgnoreEnd | |
| 50 | - } | |
| 51 | - } | |
| 40 | + $get = $this->connector->get($this->authorizationURL); | |
| 41 | +		if ($get['status'] === 200) { | |
| 42 | + $this->identifier = $get['body']['identifier']; | |
| 43 | + $this->status = $get['body']['status']; | |
| 44 | + $this->expires = $get['body']['expires']; | |
| 45 | + $this->challenges = $get['body']['challenges']; | |
| 46 | +		} else { | |
| 47 | + //@codeCoverageIgnoreStart | |
| 48 | +			$this->log->error("LEAuthorization::__construct cannot find authorization $authorizationURL"); | |
| 49 | + //@codeCoverageIgnoreEnd | |
| 50 | + } | |
| 51 | + } | |
| 52 | 52 | |
| 53 | - /** | |
| 54 | - * Updates the data associated with the current LetsEncrypt Authorization instance. | |
| 55 | - */ | |
| 53 | + /** | |
| 54 | + * Updates the data associated with the current LetsEncrypt Authorization instance. | |
| 55 | + */ | |
| 56 | 56 | |
| 57 | - public function updateData() | |
| 58 | -    { | |
| 59 | - $get = $this->connector->get($this->authorizationURL); | |
| 60 | -        if ($get['status'] === 200) { | |
| 61 | - $this->identifier = $get['body']['identifier']; | |
| 62 | - $this->status = $get['body']['status']; | |
| 63 | - $this->expires = $get['body']['expires']; | |
| 64 | - $this->challenges = $get['body']['challenges']; | |
| 65 | -        } else { | |
| 66 | - //@codeCoverageIgnoreStart | |
| 67 | -            $this->log->error("LEAuthorization::updateData cannot find authorization " . $this->authorizationURL); | |
| 68 | - //@codeCoverageIgnoreEnd | |
| 69 | - } | |
| 70 | - } | |
| 57 | + public function updateData() | |
| 58 | +	{ | |
| 59 | + $get = $this->connector->get($this->authorizationURL); | |
| 60 | +		if ($get['status'] === 200) { | |
| 61 | + $this->identifier = $get['body']['identifier']; | |
| 62 | + $this->status = $get['body']['status']; | |
| 63 | + $this->expires = $get['body']['expires']; | |
| 64 | + $this->challenges = $get['body']['challenges']; | |
| 65 | +		} else { | |
| 66 | + //@codeCoverageIgnoreStart | |
| 67 | +			$this->log->error("LEAuthorization::updateData cannot find authorization " . $this->authorizationURL); | |
| 68 | + //@codeCoverageIgnoreEnd | |
| 69 | + } | |
| 70 | + } | |
| 71 | 71 | |
| 72 | - /** | |
| 73 | - * Gets the challenge of the given $type for this LetsEncrypt Authorization instance. | |
| 74 | - * Throws a Runtime Exception if the given $type is not found in this LetsEncrypt Authorization instance. | |
| 75 | - * | |
| 76 | - * @param string $type The type of verification. | |
| 77 | - * Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS. | |
| 78 | - * | |
| 79 | - * @return array Returns an array with the challenge of the requested $type. | |
| 80 | - */ | |
| 81 | - public function getChallenge($type) | |
| 82 | -    { | |
| 83 | -        foreach ($this->challenges as $challenge) { | |
| 84 | -            if ($challenge['type'] == $type) { | |
| 85 | - return $challenge; | |
| 86 | - } | |
| 87 | - } | |
| 88 | - //@codeCoverageIgnoreStart | |
| 89 | - throw new RuntimeException( | |
| 90 | - 'No challenge found for type \'' . $type . '\' and identifier \'' . $this->identifier['value'] . '\'.' | |
| 91 | - ); | |
| 92 | - //@codeCoverageIgnoreEnd | |
| 93 | - } | |
| 72 | + /** | |
| 73 | + * Gets the challenge of the given $type for this LetsEncrypt Authorization instance. | |
| 74 | + * Throws a Runtime Exception if the given $type is not found in this LetsEncrypt Authorization instance. | |
| 75 | + * | |
| 76 | + * @param string $type The type of verification. | |
| 77 | + * Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS. | |
| 78 | + * | |
| 79 | + * @return array Returns an array with the challenge of the requested $type. | |
| 80 | + */ | |
| 81 | + public function getChallenge($type) | |
| 82 | +	{ | |
| 83 | +		foreach ($this->challenges as $challenge) { | |
| 84 | +			if ($challenge['type'] == $type) { | |
| 85 | + return $challenge; | |
| 86 | + } | |
| 87 | + } | |
| 88 | + //@codeCoverageIgnoreStart | |
| 89 | + throw new RuntimeException( | |
| 90 | + 'No challenge found for type \'' . $type . '\' and identifier \'' . $this->identifier['value'] . '\'.' | |
| 91 | + ); | |
| 92 | + //@codeCoverageIgnoreEnd | |
| 93 | + } | |
| 94 | 94 | } |