Zwartpet / php-certificate-toolbox

src/DNSValidator/NativeDNS.php

Indentation +11 added lines, -11 removed lines

@@ -10,15 +10,15 @@
  */
 class NativeDNS implements DNSValidatorInterface
 {
-    public function checkChallenge($domain, $requiredDigest) : bool
-    {
-        $hostname = '_acme-challenge.' . str_replace('*.', '', $domain);
-        $records =  dns_get_record($hostname, DNS_TXT);
-        foreach ($records as $record) {
-            if ($record['host'] == $hostname && $record['type'] == 'TXT' && $record['txt'] == $requiredDigest) {
-                return true;
-            }
-        }
-        return false;
-    }
+	public function checkChallenge($domain, $requiredDigest) : bool
+	{
+		$hostname = '_acme-challenge.' . str_replace('*.', '', $domain);
+		$records =  dns_get_record($hostname, DNS_TXT);
+		foreach ($records as $record) {
+			if ($record['host'] == $hostname && $record['type'] == 'TXT' && $record['txt'] == $requiredDigest) {
+				return true;
+			}
+		}
+		return false;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -13,7 +13,7 @@
     public function checkChallenge($domain, $requiredDigest) : bool
     {
         $hostname = '_acme-challenge.' . str_replace('*.', '', $domain);
-        $records =  dns_get_record($hostname, DNS_TXT);
+        $records = dns_get_record($hostname, DNS_TXT);
         foreach ($records as $record) {
             if ($record['host'] == $hostname && $record['type'] == 'TXT' && $record['txt'] == $requiredDigest) {
                 return true;

src/Sleep.php

Indentation +4 added lines, -4 removed lines

@@ -10,8 +10,8 @@
  */
 class Sleep
 {
-    public function for($seconds)
-    {
-        sleep($seconds);
-    }
+	public function for($seconds)
+	{
+		sleep($seconds);
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -10,7 +10,7 @@
  */
 class Sleep
 {
-    public function for($seconds)
+    public function for ($seconds)
     {
         sleep($seconds);
     }

src/TestResponseGenerator.php

Indentation +54 added lines, -54 removed lines

@@ -6,67 +6,67 @@
 
 class TestResponseGenerator
 {
-    /**
-     * Given an HTTP response, this can dump a function which will generate a Response object which can
-     * be used during testing to simulate that response
-     *
-     * @param $method
-     * @param $url
-     * @param ResponseInterface $response
-     * @codeCoverageIgnore
-     */
-    public static function dumpTestSimulation($method, $url, ResponseInterface $response)
-    {
-        static $count = 0;
-        $count++;
+	/**
+	 * Given an HTTP response, this can dump a function which will generate a Response object which can
+	 * be used during testing to simulate that response
+	 *
+	 * @param $method
+	 * @param $url
+	 * @param ResponseInterface $response
+	 * @codeCoverageIgnore
+	 */
+	public static function dumpTestSimulation($method, $url, ResponseInterface $response)
+	{
+		static $count = 0;
+		$count++;
 
-        echo "/**\n";
-        echo " * Simulate response for $method $url\n";
-        echo " */\n";
-        echo "protected function getAcmeResponse{$count}()\n";
-        echo "{\n";
+		echo "/**\n";
+		echo " * Simulate response for $method $url\n";
+		echo " */\n";
+		echo "protected function getAcmeResponse{$count}()\n";
+		echo "{\n";
 
-        echo "    \$date = new \DateTime;\n";
-        echo "    \$now = \$date->format('D, j M Y H:i:s e');\n";
+		echo "    \$date = new \DateTime;\n";
+		echo "    \$now = \$date->format('D, j M Y H:i:s e');\n";
 
-        //store body as heredoc
-        $body = $response->getBody();
-        if (strlen($body)) {
-            $body = preg_replace('/^/m', '        ', $response->getBody());
-            echo "    \$body = <<<JSON\n";
-            echo $body;
-            echo "\nJSON;\n";
-        }
-        echo "    \$body=trim(\$body);\n\n";
+		//store body as heredoc
+		$body = $response->getBody();
+		if (strlen($body)) {
+			$body = preg_replace('/^/m', '        ', $response->getBody());
+			echo "    \$body = <<<JSON\n";
+			echo $body;
+			echo "\nJSON;\n";
+		}
+		echo "    \$body=trim(\$body);\n\n";
 
-        //dump the header array, replacing dates with a current date
-        echo "    \$headers=[\n";
-        $headers = $response->getHeaders();
-        foreach ($headers as $name => $values) {
-            //most headers are single valued
-            if (count($values) == 1) {
-                $value = var_export($values[0], true);
-            } else {
-                $value = var_export($values, true);
-            }
+		//dump the header array, replacing dates with a current date
+		echo "    \$headers=[\n";
+		$headers = $response->getHeaders();
+		foreach ($headers as $name => $values) {
+			//most headers are single valued
+			if (count($values) == 1) {
+				$value = var_export($values[0], true);
+			} else {
+				$value = var_export($values, true);
+			}
 
-            //give date-related headers something current when testing
-            if (in_array($name, ['Expires', 'Date'])) {
-                $value = '$now';
-            }
+			//give date-related headers something current when testing
+			if (in_array($name, ['Expires', 'Date'])) {
+				$value = '$now';
+			}
 
-            //ensure content length is correct for our simulated body
-            if ($name == 'Content-Length') {
-                $value = 'strlen($body)';
-            }
+			//ensure content length is correct for our simulated body
+			if ($name == 'Content-Length') {
+				$value = 'strlen($body)';
+			}
 
-            echo "        '$name' => " . $value . ",\n";
-        }
-        echo "    ];\n";
+			echo "        '$name' => " . $value . ",\n";
+		}
+		echo "    ];\n";
 
-        $status=$response->getStatusCode();
+		$status=$response->getStatusCode();
 
-        echo "    return new Response($status, \$headers, \$body);\n";
-        echo "}\n\n";
-    }
+		echo "    return new Response($status, \$headers, \$body);\n";
+		echo "}\n\n";
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -64,7 +64,7 @@
         }
         echo "    ];\n";
 
-        $status=$response->getStatusCode();
+        $status = $response->getStatusCode();
 
         echo "    return new Response($status, \$headers, \$body);\n";
         echo "}\n\n";

src/LEAuthorization.php

Indentation +81 added lines, -81 removed lines

@@ -13,94 +13,94 @@
  */
 class LEAuthorization
 {
-    private $connector;
+	private $connector;
 
-    public $authorizationURL;
-    public $identifier;
-    public $status;
-    public $expires;
-    public $challenges;
+	public $authorizationURL;
+	public $identifier;
+	public $status;
+	public $expires;
+	public $challenges;
 
-    /** @var LoggerInterface  */
-    private $log;
+	/** @var LoggerInterface  */
+	private $log;
 
-    /**
-     * Initiates the LetsEncrypt Authorization class. Child of a LetsEncrypt Order instance.
-     *
-     * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
-     * @param LoggerInterface $log PSR-3 logger
-     * @param string $authorizationURL The URL of the authorization, given by a LetsEncrypt order request.
-     */
-    public function __construct($connector, LoggerInterface $log, $authorizationURL)
-    {
-        $this->connector = $connector;
-        $this->log = $log;
-        $this->authorizationURL = $authorizationURL;
+	/**
+	 * Initiates the LetsEncrypt Authorization class. Child of a LetsEncrypt Order instance.
+	 *
+	 * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
+	 * @param LoggerInterface $log PSR-3 logger
+	 * @param string $authorizationURL The URL of the authorization, given by a LetsEncrypt order request.
+	 */
+	public function __construct($connector, LoggerInterface $log, $authorizationURL)
+	{
+		$this->connector = $connector;
+		$this->log = $log;
+		$this->authorizationURL = $authorizationURL;
 
-        $sign = $this->connector->signRequestKid(
-            null,
-            $this->connector->accountURL,
-            $this->authorizationURL
-        );
+		$sign = $this->connector->signRequestKid(
+			null,
+			$this->connector->accountURL,
+			$this->authorizationURL
+		);
 
-        $post = $this->connector->post($this->authorizationURL, $sign);
-        if ($post['status'] === 200) {
-            $this->identifier = $post['body']['identifier'];
-            $this->status = $post['body']['status'];
-            $this->expires = $post['body']['expires'];
-            $this->challenges = $post['body']['challenges'];
-        } else {
-            //@codeCoverageIgnoreStart
-            $this->log->error("LEAuthorization::__construct cannot find authorization $authorizationURL");
-            //@codeCoverageIgnoreEnd
-        }
-    }
+		$post = $this->connector->post($this->authorizationURL, $sign);
+		if ($post['status'] === 200) {
+			$this->identifier = $post['body']['identifier'];
+			$this->status = $post['body']['status'];
+			$this->expires = $post['body']['expires'];
+			$this->challenges = $post['body']['challenges'];
+		} else {
+			//@codeCoverageIgnoreStart
+			$this->log->error("LEAuthorization::__construct cannot find authorization $authorizationURL");
+			//@codeCoverageIgnoreEnd
+		}
+	}
 
-    /**
-     * Updates the data associated with the current LetsEncrypt Authorization instance.
-     */
+	/**
+	 * Updates the data associated with the current LetsEncrypt Authorization instance.
+	 */
 
-    public function updateData()
-    {
-        $sign = $this->connector->signRequestKid(
-            null,
-            $this->connector->accountURL,
-            $this->authorizationURL
-        );
+	public function updateData()
+	{
+		$sign = $this->connector->signRequestKid(
+			null,
+			$this->connector->accountURL,
+			$this->authorizationURL
+		);
 
-        $post = $this->connector->post($this->authorizationURL, $sign);
-        if ($post['status'] === 200) {
-            $this->identifier = $post['body']['identifier'];
-            $this->status = $post['body']['status'];
-            $this->expires = $post['body']['expires'];
-            $this->challenges = $post['body']['challenges'];
-        } else {
-            //@codeCoverageIgnoreStart
-            $this->log->error("LEAuthorization::updateData cannot find authorization " . $this->authorizationURL);
-            //@codeCoverageIgnoreEnd
-        }
-    }
+		$post = $this->connector->post($this->authorizationURL, $sign);
+		if ($post['status'] === 200) {
+			$this->identifier = $post['body']['identifier'];
+			$this->status = $post['body']['status'];
+			$this->expires = $post['body']['expires'];
+			$this->challenges = $post['body']['challenges'];
+		} else {
+			//@codeCoverageIgnoreStart
+			$this->log->error("LEAuthorization::updateData cannot find authorization " . $this->authorizationURL);
+			//@codeCoverageIgnoreEnd
+		}
+	}
 
-    /**
-     * Gets the challenge of the given $type for this LetsEncrypt Authorization instance.
-     * Throws a Runtime Exception if the given $type is not found in this LetsEncrypt Authorization instance.
-     *
-     * @param string $type The type of verification.
-     *                     Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS.
-     *
-     * @return array Returns an array with the challenge of the requested $type.
-     */
-    public function getChallenge($type)
-    {
-        foreach ($this->challenges as $challenge) {
-            if ($challenge['type'] == $type) {
-                return $challenge;
-            }
-        }
-        //@codeCoverageIgnoreStart
-        throw new RuntimeException(
-            'No challenge found for type \'' . $type . '\' and identifier \'' . $this->identifier['value'] . '\'.'
-        );
-        //@codeCoverageIgnoreEnd
-    }
+	/**
+	 * Gets the challenge of the given $type for this LetsEncrypt Authorization instance.
+	 * Throws a Runtime Exception if the given $type is not found in this LetsEncrypt Authorization instance.
+	 *
+	 * @param string $type The type of verification.
+	 *                     Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS.
+	 *
+	 * @return array Returns an array with the challenge of the requested $type.
+	 */
+	public function getChallenge($type)
+	{
+		foreach ($this->challenges as $challenge) {
+			if ($challenge['type'] == $type) {
+				return $challenge;
+			}
+		}
+		//@codeCoverageIgnoreStart
+		throw new RuntimeException(
+			'No challenge found for type \'' . $type . '\' and identifier \'' . $this->identifier['value'] . '\'.'
+		);
+		//@codeCoverageIgnoreEnd
+	}
 }

src/LEOrder.php

Spacing +6 added lines, -6 removed lines

@@ -125,7 +125,7 @@ 
 
     private function loadExistingOrder($domains)
     {
-        $orderUrl = $this->storage->getMetadata($this->basename.'.order.url');
+        $orderUrl = $this->storage->getMetadata($this->basename . '.order.url');
         $publicKey = $this->storage->getPublicKey($this->basename);
         $privateKey = $this->storage->getPrivateKey($this->basename);
 
@@ -169,7 +169,7 @@ 
         }
 
         //ensure retrieved order matches our domains
-        $orderdomains = array_map(function ($ident) {
+        $orderdomains = array_map(function($ident) {
             return $ident['value'];
         }, $post['body']['identifiers']);
         $diff = array_merge(array_diff($orderdomains, $domains), array_diff($domains, $orderdomains));
@@ -198,7 +198,7 @@ 
         $this->storage->setPublicKey($this->basename, null);
         $this->storage->setCertificate($this->basename, null);
         $this->storage->setFullChainCertificate($this->basename, null);
-        $this->storage->setMetadata($this->basename.'.order.url', null);
+        $this->storage->setMetadata($this->basename . '.order.url', null);
     }
 
     private function initialiseKeyTypeAndSize($keyType)
@@ -266,7 +266,7 @@ 
         }
 
         $this->orderURL = trim($matches[1]);
-        $this->storage->setMetadata($this->basename.'.order.url', $this->orderURL);
+        $this->storage->setMetadata($this->basename . '.order.url', $this->orderURL);
 
         $this->generateKeys();
 
@@ -597,13 +597,13 @@ 
      */
     private function generateCSR()
     {
-        $domains = array_map(function ($dns) {
+        $domains = array_map(function($dns) {
             return $dns['value'];
         }, $this->identifiers);
 
         $dn = ["commonName" => $this->calcCommonName($domains)];
 
-        $san = implode(",", array_map(function ($dns) {
+        $san = implode(",", array_map(function($dns) {
             return "DNS:" . $dns;
         }, $domains));
         $tmpConf = tmpfile();

Indentation +772 added lines, -772 removed lines

@@ -16,559 +16,559 @@ 
  */
 class LEOrder
 {
-    const CHALLENGE_TYPE_HTTP = 'http-01';
-    const CHALLENGE_TYPE_DNS = 'dns-01';
-
-    /** @var string order status (pending, processing, valid) */
-    private $status;
-
-    /** @var string expiration date for order */
-    private $expires;
-
-    /** @var array containing all the domain identifiers for the order */
-    private $identifiers;
-
-    /** @var string[] URLs to all the authorization objects for this order */
-    private $authorizationURLs;
-
-    /** @var LEAuthorization[] array of authorization objects for the order */
-    private $authorizations;
-
-    /** @var string URL for order finalization */
-    private $finalizeURL;
-
-    /** @var string URL for obtaining certificate */
-    private $certificateURL;
-
-    /** @var string base domain name for certificate */
-    private $basename;
-
-    /** @var string URL referencing order */
-    private $orderURL;
-
-    /** @var string type of key (rsa or ec) */
-    private $keyType;
-
-    /** @var int size of key (typically 2048 or 4096 for rsa, 256 or 384 for ec */
-    private $keySize;
-
-    /** @var LEConnector ACME API connection provided to constructor */
-    private $connector;
-
-    /** @var LoggerInterface logger provided to constructor */
-    private $log;
-
-    /** @var DNSValidatorInterface dns resolution provider to constructor*/
-    private $dns;
-
-    /** @var Sleep sleep service provided to constructor */
-    private $sleep;
-
-    /** @var CertificateStorageInterface storage interface provided to constructor */
-    private $storage;
-
-    /** @var AccountStorageInterface */
-    private $accountStorage;
-
-    /**
-     * Initiates the LetsEncrypt Order class. If the base name is found in the $keysDir directory, the order data is
-     * requested. If no order was found locally, if the request is invalid or when there is a change in domain names, a
-     * new order is created.
-     *
-     * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
-     * @param CertificateStorageInterface $storage
-     * @param AccountStorageInterface $accountStorage
-     * @param LoggerInterface $log PSR-3 compatible logger
-     * @param DNSValidatorInterface $dns DNS challenge checking service
-     * @param Sleep $sleep Sleep service for polling
-     */
-    public function __construct(
-        LEConnector $connector,
-        CertificateStorageInterface $storage,
-        AccountStorageInterface $accountStorage,
-        LoggerInterface $log,
-        DNSValidatorInterface $dns,
-        Sleep $sleep
-    ) {
-
-        $this->connector = $connector;
-        $this->log = $log;
-        $this->dns = $dns;
-        $this->sleep = $sleep;
-        $this->storage = $storage;
-        $this->accountStorage = $accountStorage;
-    }
-
-    /**
-     * Loads or updates an order. If the base name is found in the $keysDir directory, the order data is
-     * requested. If no order was found locally, if the request is invalid or when there is a change in domain names, a
-     * new order is created.
-     *
-     * @param string $basename The base name for the order. Preferable the top domain (example.org).
-     *                                         Will be the directory in which the keys are stored. Used for the
-     *                                         CommonName in the certificate as well.
-     * @param array $domains The array of strings containing the domain names on the certificate.
-     * @param string $keyType Type of the key we want to use for certificate. Can be provided in
-     *                                         ALGO-SIZE format (ex. rsa-4096 or ec-256) or simply "rsa" and "ec"
-     *                                         (using default sizes)
-     * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss)
-     *                                         at which the certificate becomes valid.
-     * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss)
-     *                                         until which the certificate is valid.
-     */
-    public function loadOrder($basename, array $domains, $keyType, $notBefore, $notAfter)
-    {
-        $this->basename = $basename;
-
-        $this->initialiseKeyTypeAndSize($keyType ?? 'rsa-4096');
-
-        if ($this->loadExistingOrder($domains)) {
-            $this->updateAuthorizations();
-        } else {
-            $this->createOrder($domains, $notBefore, $notAfter);
-        }
-    }
-
-    private function loadExistingOrder($domains)
-    {
-        $orderUrl = $this->storage->getMetadata($this->basename.'.order.url');
-        $publicKey = $this->storage->getPublicKey($this->basename);
-        $privateKey = $this->storage->getPrivateKey($this->basename);
-
-        //anything to load?
-        if (empty($orderUrl) || empty($publicKey) || empty($privateKey)) {
-            $this->log->info("No order found for {$this->basename}. Creating new order.");
-            return false;
-        }
-
-        //valid URL?
-        $this->orderURL = $orderUrl;
-        if (!filter_var($this->orderURL, FILTER_VALIDATE_URL)) {
-            //@codeCoverageIgnoreStart
-            $this->log->warning("Order for {$this->basename} has invalid URL. Creating new order.");
-            $this->deleteOrderFiles();
-            return false;
-            //@codeCoverageIgnoreEnd
-        }
-
-        //retrieve the order
-        $sign = $this->connector->signRequestKid(
-            null,
-            $this->connector->accountURL,
-            $this->orderURL
-        );
-
-        $post = $this->connector->post($this->orderURL, $sign);
-        if ($post['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            $this->log->warning("Order for {$this->basename} could not be loaded. Creating new order.");
-            $this->deleteOrderFiles();
-            return false;
-            //@codeCoverageIgnoreEnd
-        }
-
-        //ensure the order is still valid
-        if ($post['body']['status'] === 'invalid') {
-            $this->log->warning("Order for {$this->basename} is 'invalid', unable to authorize. Creating new order.");
-            $this->deleteOrderFiles();
-            return false;
-        }
-
-        //ensure retrieved order matches our domains
-        $orderdomains = array_map(function ($ident) {
-            return $ident['value'];
-        }, $post['body']['identifiers']);
-        $diff = array_merge(array_diff($orderdomains, $domains), array_diff($domains, $orderdomains));
-        if (!empty($diff)) {
-            $this->log->warning('Domains do not match order data. Deleting and creating new order.');
-            $this->deleteOrderFiles();
-            return false;
-        }
-
-        //the order is good
-        $this->status = $post['body']['status'];
-        $this->expires = $post['body']['expires'];
-        $this->identifiers = $post['body']['identifiers'];
-        $this->authorizationURLs = $post['body']['authorizations'];
-        $this->finalizeURL = $post['body']['finalize'];
-        if (array_key_exists('certificate', $post['body'])) {
-            $this->certificateURL = $post['body']['certificate'];
-        }
-
-        return true;
-    }
-
-    private function deleteOrderFiles()
-    {
-        $this->storage->setPrivateKey($this->basename, null);
-        $this->storage->setPublicKey($this->basename, null);
-        $this->storage->setCertificate($this->basename, null);
-        $this->storage->setFullChainCertificate($this->basename, null);
-        $this->storage->setMetadata($this->basename.'.order.url', null);
-    }
-
-    private function initialiseKeyTypeAndSize($keyType)
-    {
-        if ($keyType == 'rsa') {
-            $this->keyType = 'rsa';
-            $this->keySize = 4096;
-        } elseif ($keyType == 'ec') {
-            $this->keyType = 'ec';
-            $this->keySize = 256;
-        } else {
-            preg_match_all('/^(rsa|ec)\-([0-9]{3,4})$/', $keyType, $keyTypeParts, PREG_SET_ORDER, 0);
-
-            if (!empty($keyTypeParts)) {
-                $this->keyType = $keyTypeParts[0][1];
-                $this->keySize = intval($keyTypeParts[0][2]);
-            } else {
-                throw new LogicException('Key type \'' . $keyType . '\' not supported.');
-            }
-        }
-    }
-
-    /**
-     * Creates a new LetsEncrypt order and fills this instance with its data. Subsequently creates a new RSA keypair
-     * for the certificate.
-     *
-     * @param array $domains The array of strings containing the domain names on the certificate.
-     * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss)
-     *                          at which the certificate becomes valid.
-     * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss)
-     *                          until which the certificate is valid.
-     */
-    private function createOrder($domains, $notBefore, $notAfter)
-    {
-        if (!preg_match('~(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|^$)~', $notBefore) ||
-            !preg_match('~(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|^$)~', $notAfter)
-        ) {
-            throw new LogicException("notBefore and notAfter must be blank or iso-8601 datestamp");
-        }
-
-        $dns = [];
-        foreach ($domains as $domain) {
-            if (preg_match_all('~(\*\.)~', $domain) > 1) {
-                throw new LogicException('Cannot create orders with multiple wildcards in one domain.');
-            }
-            $dns[] = ['type' => 'dns', 'value' => $domain];
-        }
-        $payload = ["identifiers" => $dns, 'notBefore' => $notBefore, 'notAfter' => $notAfter];
-        $sign = $this->connector->signRequestKid(
-            $payload,
-            $this->connector->accountURL,
-            $this->connector->newOrder
-        );
-        $post = $this->connector->post($this->connector->newOrder, $sign);
-        if ($post['status'] !== 201) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('Creating new order failed.');
-            //@codeCoverageIgnoreEnd
-        }
-
-        if (!preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('New-order returned invalid response.');
-            //@codeCoverageIgnoreEnd
-        }
-
-        $this->orderURL = trim($matches[1]);
-        $this->storage->setMetadata($this->basename.'.order.url', $this->orderURL);
-
-        $this->generateKeys();
-
-        $this->status = $post['body']['status'];
-        $this->expires = $post['body']['expires'];
-        $this->identifiers = $post['body']['identifiers'];
-        $this->authorizationURLs = $post['body']['authorizations'];
-        $this->finalizeURL = $post['body']['finalize'];
-        if (array_key_exists('certificate', $post['body'])) {
-            $this->certificateURL = $post['body']['certificate'];
-        }
-        $this->updateAuthorizations();
-
-        $this->log->info('Created order for ' . $this->basename);
-    }
-
-    private function generateKeys()
-    {
-        if ($this->keyType == "rsa") {
-            $key = LEFunctions::RSAgenerateKeys($this->keySize);
-        } else {
-            $key = LEFunctions::ECgenerateKeys($this->keySize);
-        }
-
-        $this->storage->setPublicKey($this->basename, $key['public']);
-        $this->storage->setPrivateKey($this->basename, $key['private']);
-    }
-
-    /**
-     * Fetches the latest data concerning this LetsEncrypt Order instance and fills this instance with the new data.
-     */
-    private function updateOrderData()
-    {
-        $sign = $this->connector->signRequestKid(
-            null,
-            $this->connector->accountURL,
-            $this->orderURL
-        );
-
-        $post = $this->connector->post($this->orderURL, $sign);
-        if (strpos($post['header'], "200 OK") !== false) {
-            $this->status = $post['body']['status'];
-            $this->expires = $post['body']['expires'];
-            $this->identifiers = $post['body']['identifiers'];
-            $this->authorizationURLs = $post['body']['authorizations'];
-            $this->finalizeURL = $post['body']['finalize'];
-            if (array_key_exists('certificate', $post['body'])) {
-                $this->certificateURL = $post['body']['certificate'];
-            }
-            $this->updateAuthorizations();
-        } else {
-            //@codeCoverageIgnoreStart
-            $this->log->error("Failed to fetch order for {$this->basename}");
-            //@codeCoverageIgnoreEnd
-        }
-    }
-
-    /**
-     * Fetches the latest data concerning all authorizations connected to this LetsEncrypt Order instance and
-     * creates and stores a new LetsEncrypt Authorization instance for each one.
-     */
-    private function updateAuthorizations()
-    {
-        $this->authorizations = [];
-        foreach ($this->authorizationURLs as $authURL) {
-            if (filter_var($authURL, FILTER_VALIDATE_URL)) {
-                $auth = new LEAuthorization($this->connector, $this->log, $authURL);
-                if ($auth != false) {
-                    $this->authorizations[] = $auth;
-                }
-            }
-        }
-    }
-
-    /**
-     * Walks all LetsEncrypt Authorization instances and returns whether they are all valid (verified).
-     *
-     * @return boolean  Returns true if all authorizations are valid (verified), returns false if not.
-     */
-    public function allAuthorizationsValid()
-    {
-        if (count($this->authorizations) > 0) {
-            foreach ($this->authorizations as $auth) {
-                if ($auth->status != 'valid') {
-                    return false;
-                }
-            }
-            return true;
-        }
-        return false;
-    }
-
-    private function loadAccountKey()
-    {
-        $keydata = $this->accountStorage->getAccountPrivateKey();
-        $privateKey = openssl_pkey_get_private($keydata);
-        if ($privateKey === false) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException("Failed load account key");
-            //@codeCoverageIgnoreEnd
-        }
-        return $privateKey;
-    }
-
-
-    private function loadCertificateKey()
-    {
-        $keydata = $this->storage->getPrivateKey($this->basename);
-        $privateKey = openssl_pkey_get_private($keydata);
-        if ($privateKey === false) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException("Failed load certificate key");
-            //@codeCoverageIgnoreEnd
-        }
-        return $privateKey;
-    }
-
-    /**
-     * Get all pending LetsEncrypt Authorization instances and return the necessary data for verification.
-     * The data in the return object depends on the $type.
-     *
-     * @param string $type The type of verification to get. Supporting http-01 and dns-01.
-     *                     Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS. Throws a Runtime
-     *                     Exception when requesting an unknown $type. Keep in mind a wildcard domain authorization only
-     *                     accepts LEOrder::CHALLENGE_TYPE_DNS.
-     *
-     * @return array|bool Returns an array with verification data if successful, false if not pending LetsEncrypt
-     *                  Authorization instances were found. The return array always
-     *                  contains 'type' and 'identifier'. For LEOrder::CHALLENGE_TYPE_HTTP, the array contains
-     *                  'filename' and 'content' for necessary the authorization file.
-     *                  For LEOrder::CHALLENGE_TYPE_DNS, the array contains 'DNSDigest', which is the content for the
-     *                  necessary DNS TXT entry.
-     */
-
-    public function getPendingAuthorizations($type)
-    {
-        $authorizations = [];
-
-        $privateKey = $this->loadAccountKey();
-        $details = openssl_pkey_get_details($privateKey);
-
-        $header = [
-            "e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]),
-            "kty" => "RSA",
-            "n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"])
-
-        ];
-        $digest = LEFunctions::base64UrlSafeEncode(hash('sha256', json_encode($header), true));
-
-        foreach ($this->authorizations as $auth) {
-            if ($auth->status == 'pending') {
-                $challenge = $auth->getChallenge($type);
-                if ($challenge['status'] == 'pending') {
-                    $keyAuthorization = $challenge['token'] . '.' . $digest;
-                    switch (strtolower($type)) {
-                        case LEOrder::CHALLENGE_TYPE_HTTP:
-                            $authorizations[] = [
-                                'type' => LEOrder::CHALLENGE_TYPE_HTTP,
-                                'identifier' => $auth->identifier['value'],
-                                'filename' => $challenge['token'],
-                                'content' => $keyAuthorization
-                            ];
-                            break;
-                        case LEOrder::CHALLENGE_TYPE_DNS:
-                            $DNSDigest = LEFunctions::base64UrlSafeEncode(
-                                hash('sha256', $keyAuthorization, true)
-                            );
-                            $authorizations[] = [
-                                'type' => LEOrder::CHALLENGE_TYPE_DNS,
-                                'identifier' => $auth->identifier['value'],
-                                'DNSDigest' => $DNSDigest
-                            ];
-                            break;
-                    }
-                }
-            }
-        }
-
-        return count($authorizations) > 0 ? $authorizations : false;
-    }
-
-    /**
-     * Sends a verification request for a given $identifier and $type. The function itself checks whether the
-     * verification is valid before making the request.
-     * Updates the LetsEncrypt Authorization instances after a successful verification.
-     *
-     * @param string $identifier The domain name to verify.
-     * @param int $type The type of verification. Supporting LEOrder::CHALLENGE_TYPE_HTTP and
-     *                           LEOrder::CHALLENGE_TYPE_DNS.
-     *
-     * @return boolean  Returns true when the verification request was successful, false if not.
-     */
-    public function verifyPendingOrderAuthorization($identifier, $type)
-    {
-        $privateKey = $this->loadAccountKey();
-        $details = openssl_pkey_get_details($privateKey);
-
-        $header = [
-            "e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]),
-            "kty" => "RSA",
-            "n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"])
-        ];
-        $digest = LEFunctions::base64UrlSafeEncode(hash('sha256', json_encode($header), true));
-
-        foreach ($this->authorizations as $auth) {
-            if ($auth->identifier['value'] == $identifier) {
-                if ($auth->status == 'pending') {
-                    $challenge = $auth->getChallenge($type);
-                    if ($challenge['status'] == 'pending') {
-                        $keyAuthorization = $challenge['token'] . '.' . $digest;
-                        switch ($type) {
-                            case LEOrder::CHALLENGE_TYPE_HTTP:
-                                return $this->verifyHTTPChallenge($identifier, $challenge, $keyAuthorization, $auth);
-                            case LEOrder::CHALLENGE_TYPE_DNS:
-                                return $this->verifyDNSChallenge($identifier, $challenge, $keyAuthorization, $auth);
-                        }
-                    }
-                }
-            }
-        }
-
-        //f we reach here, the domain identifier given did not match any authorization object
-        //@codeCoverageIgnoreStart
-        throw new LogicException("Attempt to verify authorization for identifier $identifier not in order");
-        //@codeCoverageIgnoreEnd
-    }
-
-    private function verifyDNSChallenge($identifier, array $challenge, $keyAuthorization, LEAuthorization $auth)
-    {
-        //check it ourselves
-        $DNSDigest = LEFunctions::base64UrlSafeEncode(hash('sha256', $keyAuthorization, true));
-        if (!$this->dns->checkChallenge($identifier, $DNSDigest)) {
-            $this->log->warning("DNS challenge for $identifier tested, found invalid.");
-            return false;
-        }
-
-        //ask LE to check
-        $sign = $this->connector->signRequestKid(
-            ['keyAuthorization' => $keyAuthorization],
-            $this->connector->accountURL,
-            $challenge['url']
-        );
-        $post = $this->connector->post($challenge['url'], $sign);
-        if ($post['status'] !== 200) {
-            $this->log->warning("DNS challenge for $identifier valid, but failed to post to ACME service");
-            return false;
-        }
-
-        while ($auth->status == 'pending') {
-            $this->log->notice("DNS challenge for $identifier valid - waiting for confirmation");
-            $this->sleep->for(1);
-            $auth->updateData();
-        }
-        $this->log->notice("DNS challenge for $identifier validated");
-
-        return true;
-    }
-
-    private function verifyHTTPChallenge($identifier, array $challenge, $keyAuthorization, LEAuthorization $auth)
-    {
-        if (!$this->connector->checkHTTPChallenge($identifier, $challenge['token'], $keyAuthorization)) {
-            $this->log->warning("HTTP challenge for $identifier tested, found invalid.");
-            return false;
-        }
-
-        $sign = $this->connector->signRequestKid(
-            ['keyAuthorization' => $keyAuthorization],
-            $this->connector->accountURL,
-            $challenge['url']
-        );
-
-        $post = $this->connector->post($challenge['url'], $sign);
-        if ($post['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            $this->log->warning("HTTP challenge for $identifier valid, but failed to post to ACME service");
-            return false;
-            //@codeCoverageIgnoreEnd
-        }
-
-        while ($auth->status == 'pending') {
-            $this->log->notice("HTTP challenge for $identifier valid - waiting for confirmation");
-            $this->sleep->for(1);
-            $auth->updateData();
-        }
-        $this->log->notice("HTTP challenge for $identifier validated");
-        return true;
-    }
-
-    /*
+	const CHALLENGE_TYPE_HTTP = 'http-01';
+	const CHALLENGE_TYPE_DNS = 'dns-01';
+
+	/** @var string order status (pending, processing, valid) */
+	private $status;
+
+	/** @var string expiration date for order */
+	private $expires;
+
+	/** @var array containing all the domain identifiers for the order */
+	private $identifiers;
+
+	/** @var string[] URLs to all the authorization objects for this order */
+	private $authorizationURLs;
+
+	/** @var LEAuthorization[] array of authorization objects for the order */
+	private $authorizations;
+
+	/** @var string URL for order finalization */
+	private $finalizeURL;
+
+	/** @var string URL for obtaining certificate */
+	private $certificateURL;
+
+	/** @var string base domain name for certificate */
+	private $basename;
+
+	/** @var string URL referencing order */
+	private $orderURL;
+
+	/** @var string type of key (rsa or ec) */
+	private $keyType;
+
+	/** @var int size of key (typically 2048 or 4096 for rsa, 256 or 384 for ec */
+	private $keySize;
+
+	/** @var LEConnector ACME API connection provided to constructor */
+	private $connector;
+
+	/** @var LoggerInterface logger provided to constructor */
+	private $log;
+
+	/** @var DNSValidatorInterface dns resolution provider to constructor*/
+	private $dns;
+
+	/** @var Sleep sleep service provided to constructor */
+	private $sleep;
+
+	/** @var CertificateStorageInterface storage interface provided to constructor */
+	private $storage;
+
+	/** @var AccountStorageInterface */
+	private $accountStorage;
+
+	/**
+	 * Initiates the LetsEncrypt Order class. If the base name is found in the $keysDir directory, the order data is
+	 * requested. If no order was found locally, if the request is invalid or when there is a change in domain names, a
+	 * new order is created.
+	 *
+	 * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
+	 * @param CertificateStorageInterface $storage
+	 * @param AccountStorageInterface $accountStorage
+	 * @param LoggerInterface $log PSR-3 compatible logger
+	 * @param DNSValidatorInterface $dns DNS challenge checking service
+	 * @param Sleep $sleep Sleep service for polling
+	 */
+	public function __construct(
+		LEConnector $connector,
+		CertificateStorageInterface $storage,
+		AccountStorageInterface $accountStorage,
+		LoggerInterface $log,
+		DNSValidatorInterface $dns,
+		Sleep $sleep
+	) {
+
+		$this->connector = $connector;
+		$this->log = $log;
+		$this->dns = $dns;
+		$this->sleep = $sleep;
+		$this->storage = $storage;
+		$this->accountStorage = $accountStorage;
+	}
+
+	/**
+	 * Loads or updates an order. If the base name is found in the $keysDir directory, the order data is
+	 * requested. If no order was found locally, if the request is invalid or when there is a change in domain names, a
+	 * new order is created.
+	 *
+	 * @param string $basename The base name for the order. Preferable the top domain (example.org).
+	 *                                         Will be the directory in which the keys are stored. Used for the
+	 *                                         CommonName in the certificate as well.
+	 * @param array $domains The array of strings containing the domain names on the certificate.
+	 * @param string $keyType Type of the key we want to use for certificate. Can be provided in
+	 *                                         ALGO-SIZE format (ex. rsa-4096 or ec-256) or simply "rsa" and "ec"
+	 *                                         (using default sizes)
+	 * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss)
+	 *                                         at which the certificate becomes valid.
+	 * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss)
+	 *                                         until which the certificate is valid.
+	 */
+	public function loadOrder($basename, array $domains, $keyType, $notBefore, $notAfter)
+	{
+		$this->basename = $basename;
+
+		$this->initialiseKeyTypeAndSize($keyType ?? 'rsa-4096');
+
+		if ($this->loadExistingOrder($domains)) {
+			$this->updateAuthorizations();
+		} else {
+			$this->createOrder($domains, $notBefore, $notAfter);
+		}
+	}
+
+	private function loadExistingOrder($domains)
+	{
+		$orderUrl = $this->storage->getMetadata($this->basename.'.order.url');
+		$publicKey = $this->storage->getPublicKey($this->basename);
+		$privateKey = $this->storage->getPrivateKey($this->basename);
+
+		//anything to load?
+		if (empty($orderUrl) || empty($publicKey) || empty($privateKey)) {
+			$this->log->info("No order found for {$this->basename}. Creating new order.");
+			return false;
+		}
+
+		//valid URL?
+		$this->orderURL = $orderUrl;
+		if (!filter_var($this->orderURL, FILTER_VALIDATE_URL)) {
+			//@codeCoverageIgnoreStart
+			$this->log->warning("Order for {$this->basename} has invalid URL. Creating new order.");
+			$this->deleteOrderFiles();
+			return false;
+			//@codeCoverageIgnoreEnd
+		}
+
+		//retrieve the order
+		$sign = $this->connector->signRequestKid(
+			null,
+			$this->connector->accountURL,
+			$this->orderURL
+		);
+
+		$post = $this->connector->post($this->orderURL, $sign);
+		if ($post['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			$this->log->warning("Order for {$this->basename} could not be loaded. Creating new order.");
+			$this->deleteOrderFiles();
+			return false;
+			//@codeCoverageIgnoreEnd
+		}
+
+		//ensure the order is still valid
+		if ($post['body']['status'] === 'invalid') {
+			$this->log->warning("Order for {$this->basename} is 'invalid', unable to authorize. Creating new order.");
+			$this->deleteOrderFiles();
+			return false;
+		}
+
+		//ensure retrieved order matches our domains
+		$orderdomains = array_map(function ($ident) {
+			return $ident['value'];
+		}, $post['body']['identifiers']);
+		$diff = array_merge(array_diff($orderdomains, $domains), array_diff($domains, $orderdomains));
+		if (!empty($diff)) {
+			$this->log->warning('Domains do not match order data. Deleting and creating new order.');
+			$this->deleteOrderFiles();
+			return false;
+		}
+
+		//the order is good
+		$this->status = $post['body']['status'];
+		$this->expires = $post['body']['expires'];
+		$this->identifiers = $post['body']['identifiers'];
+		$this->authorizationURLs = $post['body']['authorizations'];
+		$this->finalizeURL = $post['body']['finalize'];
+		if (array_key_exists('certificate', $post['body'])) {
+			$this->certificateURL = $post['body']['certificate'];
+		}
+
+		return true;
+	}
+
+	private function deleteOrderFiles()
+	{
+		$this->storage->setPrivateKey($this->basename, null);
+		$this->storage->setPublicKey($this->basename, null);
+		$this->storage->setCertificate($this->basename, null);
+		$this->storage->setFullChainCertificate($this->basename, null);
+		$this->storage->setMetadata($this->basename.'.order.url', null);
+	}
+
+	private function initialiseKeyTypeAndSize($keyType)
+	{
+		if ($keyType == 'rsa') {
+			$this->keyType = 'rsa';
+			$this->keySize = 4096;
+		} elseif ($keyType == 'ec') {
+			$this->keyType = 'ec';
+			$this->keySize = 256;
+		} else {
+			preg_match_all('/^(rsa|ec)\-([0-9]{3,4})$/', $keyType, $keyTypeParts, PREG_SET_ORDER, 0);
+
+			if (!empty($keyTypeParts)) {
+				$this->keyType = $keyTypeParts[0][1];
+				$this->keySize = intval($keyTypeParts[0][2]);
+			} else {
+				throw new LogicException('Key type \'' . $keyType . '\' not supported.');
+			}
+		}
+	}
+
+	/**
+	 * Creates a new LetsEncrypt order and fills this instance with its data. Subsequently creates a new RSA keypair
+	 * for the certificate.
+	 *
+	 * @param array $domains The array of strings containing the domain names on the certificate.
+	 * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss)
+	 *                          at which the certificate becomes valid.
+	 * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss)
+	 *                          until which the certificate is valid.
+	 */
+	private function createOrder($domains, $notBefore, $notAfter)
+	{
+		if (!preg_match('~(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|^$)~', $notBefore) ||
+			!preg_match('~(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z|^$)~', $notAfter)
+		) {
+			throw new LogicException("notBefore and notAfter must be blank or iso-8601 datestamp");
+		}
+
+		$dns = [];
+		foreach ($domains as $domain) {
+			if (preg_match_all('~(\*\.)~', $domain) > 1) {
+				throw new LogicException('Cannot create orders with multiple wildcards in one domain.');
+			}
+			$dns[] = ['type' => 'dns', 'value' => $domain];
+		}
+		$payload = ["identifiers" => $dns, 'notBefore' => $notBefore, 'notAfter' => $notAfter];
+		$sign = $this->connector->signRequestKid(
+			$payload,
+			$this->connector->accountURL,
+			$this->connector->newOrder
+		);
+		$post = $this->connector->post($this->connector->newOrder, $sign);
+		if ($post['status'] !== 201) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('Creating new order failed.');
+			//@codeCoverageIgnoreEnd
+		}
+
+		if (!preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('New-order returned invalid response.');
+			//@codeCoverageIgnoreEnd
+		}
+
+		$this->orderURL = trim($matches[1]);
+		$this->storage->setMetadata($this->basename.'.order.url', $this->orderURL);
+
+		$this->generateKeys();
+
+		$this->status = $post['body']['status'];
+		$this->expires = $post['body']['expires'];
+		$this->identifiers = $post['body']['identifiers'];
+		$this->authorizationURLs = $post['body']['authorizations'];
+		$this->finalizeURL = $post['body']['finalize'];
+		if (array_key_exists('certificate', $post['body'])) {
+			$this->certificateURL = $post['body']['certificate'];
+		}
+		$this->updateAuthorizations();
+
+		$this->log->info('Created order for ' . $this->basename);
+	}
+
+	private function generateKeys()
+	{
+		if ($this->keyType == "rsa") {
+			$key = LEFunctions::RSAgenerateKeys($this->keySize);
+		} else {
+			$key = LEFunctions::ECgenerateKeys($this->keySize);
+		}
+
+		$this->storage->setPublicKey($this->basename, $key['public']);
+		$this->storage->setPrivateKey($this->basename, $key['private']);
+	}
+
+	/**
+	 * Fetches the latest data concerning this LetsEncrypt Order instance and fills this instance with the new data.
+	 */
+	private function updateOrderData()
+	{
+		$sign = $this->connector->signRequestKid(
+			null,
+			$this->connector->accountURL,
+			$this->orderURL
+		);
+
+		$post = $this->connector->post($this->orderURL, $sign);
+		if (strpos($post['header'], "200 OK") !== false) {
+			$this->status = $post['body']['status'];
+			$this->expires = $post['body']['expires'];
+			$this->identifiers = $post['body']['identifiers'];
+			$this->authorizationURLs = $post['body']['authorizations'];
+			$this->finalizeURL = $post['body']['finalize'];
+			if (array_key_exists('certificate', $post['body'])) {
+				$this->certificateURL = $post['body']['certificate'];
+			}
+			$this->updateAuthorizations();
+		} else {
+			//@codeCoverageIgnoreStart
+			$this->log->error("Failed to fetch order for {$this->basename}");
+			//@codeCoverageIgnoreEnd
+		}
+	}
+
+	/**
+	 * Fetches the latest data concerning all authorizations connected to this LetsEncrypt Order instance and
+	 * creates and stores a new LetsEncrypt Authorization instance for each one.
+	 */
+	private function updateAuthorizations()
+	{
+		$this->authorizations = [];
+		foreach ($this->authorizationURLs as $authURL) {
+			if (filter_var($authURL, FILTER_VALIDATE_URL)) {
+				$auth = new LEAuthorization($this->connector, $this->log, $authURL);
+				if ($auth != false) {
+					$this->authorizations[] = $auth;
+				}
+			}
+		}
+	}
+
+	/**
+	 * Walks all LetsEncrypt Authorization instances and returns whether they are all valid (verified).
+	 *
+	 * @return boolean  Returns true if all authorizations are valid (verified), returns false if not.
+	 */
+	public function allAuthorizationsValid()
+	{
+		if (count($this->authorizations) > 0) {
+			foreach ($this->authorizations as $auth) {
+				if ($auth->status != 'valid') {
+					return false;
+				}
+			}
+			return true;
+		}
+		return false;
+	}
+
+	private function loadAccountKey()
+	{
+		$keydata = $this->accountStorage->getAccountPrivateKey();
+		$privateKey = openssl_pkey_get_private($keydata);
+		if ($privateKey === false) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException("Failed load account key");
+			//@codeCoverageIgnoreEnd
+		}
+		return $privateKey;
+	}
+
+
+	private function loadCertificateKey()
+	{
+		$keydata = $this->storage->getPrivateKey($this->basename);
+		$privateKey = openssl_pkey_get_private($keydata);
+		if ($privateKey === false) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException("Failed load certificate key");
+			//@codeCoverageIgnoreEnd
+		}
+		return $privateKey;
+	}
+
+	/**
+	 * Get all pending LetsEncrypt Authorization instances and return the necessary data for verification.
+	 * The data in the return object depends on the $type.
+	 *
+	 * @param string $type The type of verification to get. Supporting http-01 and dns-01.
+	 *                     Supporting LEOrder::CHALLENGE_TYPE_HTTP and LEOrder::CHALLENGE_TYPE_DNS. Throws a Runtime
+	 *                     Exception when requesting an unknown $type. Keep in mind a wildcard domain authorization only
+	 *                     accepts LEOrder::CHALLENGE_TYPE_DNS.
+	 *
+	 * @return array|bool Returns an array with verification data if successful, false if not pending LetsEncrypt
+	 *                  Authorization instances were found. The return array always
+	 *                  contains 'type' and 'identifier'. For LEOrder::CHALLENGE_TYPE_HTTP, the array contains
+	 *                  'filename' and 'content' for necessary the authorization file.
+	 *                  For LEOrder::CHALLENGE_TYPE_DNS, the array contains 'DNSDigest', which is the content for the
+	 *                  necessary DNS TXT entry.
+	 */
+
+	public function getPendingAuthorizations($type)
+	{
+		$authorizations = [];
+
+		$privateKey = $this->loadAccountKey();
+		$details = openssl_pkey_get_details($privateKey);
+
+		$header = [
+			"e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]),
+			"kty" => "RSA",
+			"n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"])
+
+		];
+		$digest = LEFunctions::base64UrlSafeEncode(hash('sha256', json_encode($header), true));
+
+		foreach ($this->authorizations as $auth) {
+			if ($auth->status == 'pending') {
+				$challenge = $auth->getChallenge($type);
+				if ($challenge['status'] == 'pending') {
+					$keyAuthorization = $challenge['token'] . '.' . $digest;
+					switch (strtolower($type)) {
+						case LEOrder::CHALLENGE_TYPE_HTTP:
+							$authorizations[] = [
+								'type' => LEOrder::CHALLENGE_TYPE_HTTP,
+								'identifier' => $auth->identifier['value'],
+								'filename' => $challenge['token'],
+								'content' => $keyAuthorization
+							];
+							break;
+						case LEOrder::CHALLENGE_TYPE_DNS:
+							$DNSDigest = LEFunctions::base64UrlSafeEncode(
+								hash('sha256', $keyAuthorization, true)
+							);
+							$authorizations[] = [
+								'type' => LEOrder::CHALLENGE_TYPE_DNS,
+								'identifier' => $auth->identifier['value'],
+								'DNSDigest' => $DNSDigest
+							];
+							break;
+					}
+				}
+			}
+		}
+
+		return count($authorizations) > 0 ? $authorizations : false;
+	}
+
+	/**
+	 * Sends a verification request for a given $identifier and $type. The function itself checks whether the
+	 * verification is valid before making the request.
+	 * Updates the LetsEncrypt Authorization instances after a successful verification.
+	 *
+	 * @param string $identifier The domain name to verify.
+	 * @param int $type The type of verification. Supporting LEOrder::CHALLENGE_TYPE_HTTP and
+	 *                           LEOrder::CHALLENGE_TYPE_DNS.
+	 *
+	 * @return boolean  Returns true when the verification request was successful, false if not.
+	 */
+	public function verifyPendingOrderAuthorization($identifier, $type)
+	{
+		$privateKey = $this->loadAccountKey();
+		$details = openssl_pkey_get_details($privateKey);
+
+		$header = [
+			"e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]),
+			"kty" => "RSA",
+			"n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"])
+		];
+		$digest = LEFunctions::base64UrlSafeEncode(hash('sha256', json_encode($header), true));
+
+		foreach ($this->authorizations as $auth) {
+			if ($auth->identifier['value'] == $identifier) {
+				if ($auth->status == 'pending') {
+					$challenge = $auth->getChallenge($type);
+					if ($challenge['status'] == 'pending') {
+						$keyAuthorization = $challenge['token'] . '.' . $digest;
+						switch ($type) {
+							case LEOrder::CHALLENGE_TYPE_HTTP:
+								return $this->verifyHTTPChallenge($identifier, $challenge, $keyAuthorization, $auth);
+							case LEOrder::CHALLENGE_TYPE_DNS:
+								return $this->verifyDNSChallenge($identifier, $challenge, $keyAuthorization, $auth);
+						}
+					}
+				}
+			}
+		}
+
+		//f we reach here, the domain identifier given did not match any authorization object
+		//@codeCoverageIgnoreStart
+		throw new LogicException("Attempt to verify authorization for identifier $identifier not in order");
+		//@codeCoverageIgnoreEnd
+	}
+
+	private function verifyDNSChallenge($identifier, array $challenge, $keyAuthorization, LEAuthorization $auth)
+	{
+		//check it ourselves
+		$DNSDigest = LEFunctions::base64UrlSafeEncode(hash('sha256', $keyAuthorization, true));
+		if (!$this->dns->checkChallenge($identifier, $DNSDigest)) {
+			$this->log->warning("DNS challenge for $identifier tested, found invalid.");
+			return false;
+		}
+
+		//ask LE to check
+		$sign = $this->connector->signRequestKid(
+			['keyAuthorization' => $keyAuthorization],
+			$this->connector->accountURL,
+			$challenge['url']
+		);
+		$post = $this->connector->post($challenge['url'], $sign);
+		if ($post['status'] !== 200) {
+			$this->log->warning("DNS challenge for $identifier valid, but failed to post to ACME service");
+			return false;
+		}
+
+		while ($auth->status == 'pending') {
+			$this->log->notice("DNS challenge for $identifier valid - waiting for confirmation");
+			$this->sleep->for(1);
+			$auth->updateData();
+		}
+		$this->log->notice("DNS challenge for $identifier validated");
+
+		return true;
+	}
+
+	private function verifyHTTPChallenge($identifier, array $challenge, $keyAuthorization, LEAuthorization $auth)
+	{
+		if (!$this->connector->checkHTTPChallenge($identifier, $challenge['token'], $keyAuthorization)) {
+			$this->log->warning("HTTP challenge for $identifier tested, found invalid.");
+			return false;
+		}
+
+		$sign = $this->connector->signRequestKid(
+			['keyAuthorization' => $keyAuthorization],
+			$this->connector->accountURL,
+			$challenge['url']
+		);
+
+		$post = $this->connector->post($challenge['url'], $sign);
+		if ($post['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			$this->log->warning("HTTP challenge for $identifier valid, but failed to post to ACME service");
+			return false;
+			//@codeCoverageIgnoreEnd
+		}
+
+		while ($auth->status == 'pending') {
+			$this->log->notice("HTTP challenge for $identifier valid - waiting for confirmation");
+			$this->sleep->for(1);
+			$auth->updateData();
+		}
+		$this->log->notice("HTTP challenge for $identifier validated");
+		return true;
+	}
+
+	/*
      * Deactivate an LetsEncrypt Authorization instance.
      *
      * @param string $identifier The domain name for which the verification should be deactivated.
      *
      * @return boolean  Returns true is the deactivation request was successful, false if not.
      */
-    /*
+	/*
     public function deactivateOrderAuthorization($identifier)
     {
         foreach ($this->authorizations as $auth) {
@@ -593,37 +593,37 @@ 
     }
     */
 
-    /**
-     * Generates a Certificate Signing Request for the identifiers in the current LetsEncrypt Order instance.
-     * If possible, the base name will be the certificate common name and all domain names in this LetsEncrypt Order
-     * instance will be added to the Subject Alternative Names entry.
-     *
-     * @return string   Returns the generated CSR as string, unprepared for LetsEncrypt. Preparation for the request
-     *                  happens in finalizeOrder()
-     */
-    private function generateCSR()
-    {
-        $domains = array_map(function ($dns) {
-            return $dns['value'];
-        }, $this->identifiers);
-
-        $dn = ["commonName" => $this->calcCommonName($domains)];
-
-        $san = implode(",", array_map(function ($dns) {
-            return "DNS:" . $dns;
-        }, $domains));
-        $tmpConf = tmpfile();
-        if ($tmpConf === false) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('LEOrder::generateCSR failed to create tmp file');
-            //@codeCoverageIgnoreEnd
-        }
-        $tmpConfMeta = stream_get_meta_data($tmpConf);
-        $tmpConfPath = $tmpConfMeta["uri"];
-
-        fwrite(
-            $tmpConf,
-            'HOME = .
+	/**
+	 * Generates a Certificate Signing Request for the identifiers in the current LetsEncrypt Order instance.
+	 * If possible, the base name will be the certificate common name and all domain names in this LetsEncrypt Order
+	 * instance will be added to the Subject Alternative Names entry.
+	 *
+	 * @return string   Returns the generated CSR as string, unprepared for LetsEncrypt. Preparation for the request
+	 *                  happens in finalizeOrder()
+	 */
+	private function generateCSR()
+	{
+		$domains = array_map(function ($dns) {
+			return $dns['value'];
+		}, $this->identifiers);
+
+		$dn = ["commonName" => $this->calcCommonName($domains)];
+
+		$san = implode(",", array_map(function ($dns) {
+			return "DNS:" . $dns;
+		}, $domains));
+		$tmpConf = tmpfile();
+		if ($tmpConf === false) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('LEOrder::generateCSR failed to create tmp file');
+			//@codeCoverageIgnoreEnd
+		}
+		$tmpConfMeta = stream_get_meta_data($tmpConf);
+		$tmpConfPath = $tmpConfMeta["uri"];
+
+		fwrite(
+			$tmpConf,
+			'HOME = .
 			RANDFILE = $ENV::HOME/.rnd
 			[ req ]
 			default_bits = ' . $this->keySize . '
@@ -636,198 +636,198 @@ 
 			basicConstraints = CA:FALSE
 			subjectAltName = ' . $san . '
 			keyUsage = nonRepudiation, digitalSignature, keyEncipherment'
-        );
-
-        $privateKey = $this->loadCertificateKey();
-        $csr = openssl_csr_new($dn, $privateKey, ['config' => $tmpConfPath, 'digest_alg' => 'sha256']);
-        openssl_csr_export($csr, $csr);
-        return $csr;
-    }
-
-    private function calcCommonName($domains)
-    {
-        if (in_array($this->basename, $domains)) {
-            $CN = $this->basename;
-        } elseif (in_array('*.' . $this->basename, $domains)) {
-            $CN = '*.' . $this->basename;
-        } else {
-            $CN = $domains[0];
-        }
-        return $CN;
-    }
-
-    /**
-     * Checks, for redundancy, whether all authorizations are valid, and finalizes the order. Updates this LetsEncrypt
-     * Order instance with the new data.
-     *
-     * @param string $csr The Certificate Signing Request as a string. Can be a custom CSR. If empty, a CSR will
-     *                    be generated with the generateCSR() function.
-     *
-     * @return boolean  Returns true if the finalize request was successful, false if not.
-     */
-    public function finalizeOrder($csr = '')
-    {
-        if ($this->status == 'pending' || $this->status == 'ready') {
-            if ($this->allAuthorizationsValid()) {
-                if (empty($csr)) {
-                    $csr = $this->generateCSR();
-                }
-                if (preg_match(
-                    '~-----BEGIN\sCERTIFICATE\sREQUEST-----(.*)-----END\sCERTIFICATE\sREQUEST-----~s',
-                    $csr,
-                    $matches
-                )
-                ) {
-                    $csr = $matches[1];
-                }
-                $csr = trim(LEFunctions::base64UrlSafeEncode(base64_decode($csr)));
-                $sign = $this->connector->signRequestKid(
-                    ['csr' => $csr],
-                    $this->connector->accountURL,
-                    $this->finalizeURL
-                );
-                $post = $this->connector->post($this->finalizeURL, $sign);
-                if (strpos($post['header'], "200 OK") !== false) {
-                    $this->status = $post['body']['status'];
-                    $this->expires = $post['body']['expires'];
-                    $this->identifiers = $post['body']['identifiers'];
-                    $this->authorizationURLs = $post['body']['authorizations'];
-                    $this->finalizeURL = $post['body']['finalize'];
-                    if (array_key_exists('certificate', $post['body'])) {
-                        $this->certificateURL = $post['body']['certificate'];
-                    }
-                    $this->updateAuthorizations();
-                    $this->log->info('Order for \'' . $this->basename . '\' finalized.');
-
-                    return true;
-                }
-            } else {
-                $this->log->warning(
-                    'Not all authorizations are valid for \'' .
-                    $this->basename . '\'. Cannot finalize order.'
-                );
-            }
-        } else {
-            $this->log->warning(
-                'Order status for \'' . $this->basename .
-                '\' is \'' . $this->status . '\'. Cannot finalize order.'
-            );
-        }
-        return false;
-    }
-
-    /**
-     * Gets whether the LetsEncrypt Order is finalized by checking whether the status is processing or valid. Keep in
-     * mind, a certificate is not yet available when the status still is processing.
-     *
-     * @return boolean  Returns true if finalized, false if not.
-     */
-    public function isFinalized()
-    {
-        return ($this->status == 'processing' || $this->status == 'valid');
-    }
-
-    /**
-     * Requests the certificate for this LetsEncrypt Order instance, after finalization. When the order status is still
-     * 'processing', the order will be polled max four times with five seconds in between. If the status becomes 'valid'
-     * in the meantime, the certificate will be requested. Else, the function returns false.
-     *
-     * @return boolean  Returns true if the certificate is stored successfully, false if the certificate could not be
-     *                  retrieved or the status remained 'processing'.
-     */
-    public function getCertificate()
-    {
-        $polling = 0;
-        while ($this->status == 'processing' && $polling < 4) {
-            $this->log->info('Certificate for ' . $this->basename . ' being processed. Retrying in 5 seconds...');
-
-            $this->sleep->for(5);
-            $this->updateOrderData();
-            $polling++;
-        }
-
-        if ($this->status != 'valid' || empty($this->certificateURL)) {
-            $this->log->warning(
-                'Order for ' . $this->basename . ' not valid. Cannot retrieve certificate.'
-            );
-            return false;
-        }
-
-        $sign = $this->connector->signRequestKid(
-            null,
-            $this->connector->accountURL,
-            $this->certificateURL
-        );
-
-        $post = $this->connector->post($this->certificateURL, $sign);
-        if (strpos($post['header'], "200 OK") === false) {
-            $this->log->warning(
-                'Invalid response for certificate request for \'' . $this->basename .
-                '\'. Cannot save certificate.'
-            );
-            return false;
-        }
-
-        return $this->writeCertificates($post['body']);
-    }
-
-    private function writeCertificates($body)
-    {
-        if (preg_match_all('~(-----BEGIN\sCERTIFICATE-----[\s\S]+?-----END\sCERTIFICATE-----)~i', $body, $matches)) {
-            $this->storage->setCertificate($this->basename, $matches[0][0]);
-
-            $matchCount = count($matches[0]);
-            if ($matchCount > 1) {
-                $fullchain = $matches[0][0] . "\n";
-
-                for ($i = 1; $i < $matchCount; $i++) {
-                    $fullchain .= $matches[0][$i] . "\n";
-                }
-                $this->storage->setFullChainCertificate($this->basename, $fullchain);
-            }
-            $this->log->info("Certificate for {$this->basename} stored");
-            return true;
-        }
-
-        $this->log->error("Received invalid certificate for {$this->basename}, cannot save");
-        return false;
-    }
-
-    /**
-     * Revokes the certificate in the current LetsEncrypt Order instance, if existent. Unlike stated in the ACME draft,
-     * the certificate revoke request cannot be signed with the account private key, and will be signed with the
-     * certificate private key.
-     *
-     * @param int $reason The reason to revoke the LetsEncrypt Order instance certificate. Possible reasons can be
-     *                        found in section 5.3.1 of RFC5280.
-     *
-     * @return boolean  Returns true if the certificate was successfully revoked, false if not.
-     */
-    public function revokeCertificate($reason = 0)
-    {
-        if ($this->status != 'valid') {
-            $this->log->warning("Order for {$this->basename} not valid, cannot revoke");
-            return false;
-        }
-
-        $certificate = $this->storage->getCertificate($this->basename);
-        if (empty($certificate)) {
-            $this->log->warning("Certificate for {$this->basename} not found, cannot revoke");
-            return false;
-        }
-
-        preg_match('~-----BEGIN\sCERTIFICATE-----(.*)-----END\sCERTIFICATE-----~s', $certificate, $matches);
-        $certificate = trim(LEFunctions::base64UrlSafeEncode(base64_decode(trim($matches[1]))));
-
-        $certificateKey = $this->storage->getPrivateKey($this->basename);
-        $sign = $this->connector->signRequestJWK(
-            ['certificate' => $certificate, 'reason' => $reason],
-            $this->connector->revokeCert,
-            $certificateKey
-        );
-        //4**/5** responses will throw an exception...
-        $this->connector->post($this->connector->revokeCert, $sign);
-        $this->log->info("Certificate for {$this->basename} successfully revoked");
-        return true;
-    }
+		);
+
+		$privateKey = $this->loadCertificateKey();
+		$csr = openssl_csr_new($dn, $privateKey, ['config' => $tmpConfPath, 'digest_alg' => 'sha256']);
+		openssl_csr_export($csr, $csr);
+		return $csr;
+	}
+
+	private function calcCommonName($domains)
+	{
+		if (in_array($this->basename, $domains)) {
+			$CN = $this->basename;
+		} elseif (in_array('*.' . $this->basename, $domains)) {
+			$CN = '*.' . $this->basename;
+		} else {
+			$CN = $domains[0];
+		}
+		return $CN;
+	}
+
+	/**
+	 * Checks, for redundancy, whether all authorizations are valid, and finalizes the order. Updates this LetsEncrypt
+	 * Order instance with the new data.
+	 *
+	 * @param string $csr The Certificate Signing Request as a string. Can be a custom CSR. If empty, a CSR will
+	 *                    be generated with the generateCSR() function.
+	 *
+	 * @return boolean  Returns true if the finalize request was successful, false if not.
+	 */
+	public function finalizeOrder($csr = '')
+	{
+		if ($this->status == 'pending' || $this->status == 'ready') {
+			if ($this->allAuthorizationsValid()) {
+				if (empty($csr)) {
+					$csr = $this->generateCSR();
+				}
+				if (preg_match(
+					'~-----BEGIN\sCERTIFICATE\sREQUEST-----(.*)-----END\sCERTIFICATE\sREQUEST-----~s',
+					$csr,
+					$matches
+				)
+				) {
+					$csr = $matches[1];
+				}
+				$csr = trim(LEFunctions::base64UrlSafeEncode(base64_decode($csr)));
+				$sign = $this->connector->signRequestKid(
+					['csr' => $csr],
+					$this->connector->accountURL,
+					$this->finalizeURL
+				);
+				$post = $this->connector->post($this->finalizeURL, $sign);
+				if (strpos($post['header'], "200 OK") !== false) {
+					$this->status = $post['body']['status'];
+					$this->expires = $post['body']['expires'];
+					$this->identifiers = $post['body']['identifiers'];
+					$this->authorizationURLs = $post['body']['authorizations'];
+					$this->finalizeURL = $post['body']['finalize'];
+					if (array_key_exists('certificate', $post['body'])) {
+						$this->certificateURL = $post['body']['certificate'];
+					}
+					$this->updateAuthorizations();
+					$this->log->info('Order for \'' . $this->basename . '\' finalized.');
+
+					return true;
+				}
+			} else {
+				$this->log->warning(
+					'Not all authorizations are valid for \'' .
+					$this->basename . '\'. Cannot finalize order.'
+				);
+			}
+		} else {
+			$this->log->warning(
+				'Order status for \'' . $this->basename .
+				'\' is \'' . $this->status . '\'. Cannot finalize order.'
+			);
+		}
+		return false;
+	}
+
+	/**
+	 * Gets whether the LetsEncrypt Order is finalized by checking whether the status is processing or valid. Keep in
+	 * mind, a certificate is not yet available when the status still is processing.
+	 *
+	 * @return boolean  Returns true if finalized, false if not.
+	 */
+	public function isFinalized()
+	{
+		return ($this->status == 'processing' || $this->status == 'valid');
+	}
+
+	/**
+	 * Requests the certificate for this LetsEncrypt Order instance, after finalization. When the order status is still
+	 * 'processing', the order will be polled max four times with five seconds in between. If the status becomes 'valid'
+	 * in the meantime, the certificate will be requested. Else, the function returns false.
+	 *
+	 * @return boolean  Returns true if the certificate is stored successfully, false if the certificate could not be
+	 *                  retrieved or the status remained 'processing'.
+	 */
+	public function getCertificate()
+	{
+		$polling = 0;
+		while ($this->status == 'processing' && $polling < 4) {
+			$this->log->info('Certificate for ' . $this->basename . ' being processed. Retrying in 5 seconds...');
+
+			$this->sleep->for(5);
+			$this->updateOrderData();
+			$polling++;
+		}
+
+		if ($this->status != 'valid' || empty($this->certificateURL)) {
+			$this->log->warning(
+				'Order for ' . $this->basename . ' not valid. Cannot retrieve certificate.'
+			);
+			return false;
+		}
+
+		$sign = $this->connector->signRequestKid(
+			null,
+			$this->connector->accountURL,
+			$this->certificateURL
+		);
+
+		$post = $this->connector->post($this->certificateURL, $sign);
+		if (strpos($post['header'], "200 OK") === false) {
+			$this->log->warning(
+				'Invalid response for certificate request for \'' . $this->basename .
+				'\'. Cannot save certificate.'
+			);
+			return false;
+		}
+
+		return $this->writeCertificates($post['body']);
+	}
+
+	private function writeCertificates($body)
+	{
+		if (preg_match_all('~(-----BEGIN\sCERTIFICATE-----[\s\S]+?-----END\sCERTIFICATE-----)~i', $body, $matches)) {
+			$this->storage->setCertificate($this->basename, $matches[0][0]);
+
+			$matchCount = count($matches[0]);
+			if ($matchCount > 1) {
+				$fullchain = $matches[0][0] . "\n";
+
+				for ($i = 1; $i < $matchCount; $i++) {
+					$fullchain .= $matches[0][$i] . "\n";
+				}
+				$this->storage->setFullChainCertificate($this->basename, $fullchain);
+			}
+			$this->log->info("Certificate for {$this->basename} stored");
+			return true;
+		}
+
+		$this->log->error("Received invalid certificate for {$this->basename}, cannot save");
+		return false;
+	}
+
+	/**
+	 * Revokes the certificate in the current LetsEncrypt Order instance, if existent. Unlike stated in the ACME draft,
+	 * the certificate revoke request cannot be signed with the account private key, and will be signed with the
+	 * certificate private key.
+	 *
+	 * @param int $reason The reason to revoke the LetsEncrypt Order instance certificate. Possible reasons can be
+	 *                        found in section 5.3.1 of RFC5280.
+	 *
+	 * @return boolean  Returns true if the certificate was successfully revoked, false if not.
+	 */
+	public function revokeCertificate($reason = 0)
+	{
+		if ($this->status != 'valid') {
+			$this->log->warning("Order for {$this->basename} not valid, cannot revoke");
+			return false;
+		}
+
+		$certificate = $this->storage->getCertificate($this->basename);
+		if (empty($certificate)) {
+			$this->log->warning("Certificate for {$this->basename} not found, cannot revoke");
+			return false;
+		}
+
+		preg_match('~-----BEGIN\sCERTIFICATE-----(.*)-----END\sCERTIFICATE-----~s', $certificate, $matches);
+		$certificate = trim(LEFunctions::base64UrlSafeEncode(base64_decode(trim($matches[1]))));
+
+		$certificateKey = $this->storage->getPrivateKey($this->basename);
+		$sign = $this->connector->signRequestJWK(
+			['certificate' => $certificate, 'reason' => $reason],
+			$this->connector->revokeCert,
+			$certificateKey
+		);
+		//4**/5** responses will throw an exception...
+		$this->connector->post($this->connector->revokeCert, $sign);
+		$this->log->info("Certificate for {$this->basename} successfully revoked");
+		return true;
+	}
 }

src/LEClient.php

Indentation +164 added lines, -164 removed lines

@@ -21,168 +21,168 @@
  */
 class LEClient
 {
-    const LE_PRODUCTION = 'https://acme-v02.api.letsencrypt.org';
-    const LE_STAGING = 'https://acme-staging-v02.api.letsencrypt.org';
-
-    /** @var LEConnector */
-    private $connector;
-
-    /** @var LEAccount */
-    private $account;
-
-    private $baseURL;
-
-    /** @var LoggerInterface */
-    private $log;
-
-    /** @var ClientInterface */
-    private $httpClient;
-
-    /** @var DNSValidatorInterface */
-    private $dns;
-
-    /** @var Sleep */
-    private $sleep;
-
-    /** @var CertificateStorageInterface */
-    private $storage;
-
-    /** @var AccountStorageInterface */
-    private $accountStorage;
-
-    private $email;
-
-    /**
-     * Initiates the LetsEncrypt main client.
-     *
-     * @param array $email The array of strings containing e-mail addresses. Only used in this function when
-     *                                creating a new account.
-     * @param string|bool $acmeURL ACME URL, can be string or one of predefined values: LE_STAGING or LE_PRODUCTION.
-     *                                Defaults to LE_STAGING. Can also pass true/false for staging/production
-     * @param LoggerInterface $logger PSR-3 compatible logger
-     * @param ClientInterface|null $httpClient you can pass a custom client used for HTTP requests, if null is passed
-     *                                one will be created
-     * @param CertificateStorageInterface|null $storage service for certificates. If not supplied, a default
-     *                                storage object will retain certificates in the local filesystem in a directory
-     *                                called certificates in the current working directory
-     * @param AccountStorageInterface|null $accountStorage same as storage but for the account
-     * @param DNSValidatorInterface|null $dnsValidator service for checking DNS challenges. By default, this will use
-     *                                Google's DNS over HTTPs service, which should insulate you from cached entries,
-     *                                but this can be swapped for 'NativeDNS' or other alternative implementation
-     */
-    public function __construct(
-        $email,
-        $acmeURL = LEClient::LE_STAGING,
-        LoggerInterface $logger = null,
-        ClientInterface $httpClient = null,
-        CertificateStorageInterface $storage = null,
-        AccountStorageInterface $accountStorage = null,
-        DNSValidatorInterface $dnsValidator = null
-    ) {
-        $this->log = $logger ?? new NullLogger();
-
-        $this->initBaseUrl($acmeURL);
-
-        $this->httpClient = $httpClient ?? new Client();
-
-        $this->storage = $storage ?? new FilesystemCertificateStorage();
-        $this->accountStorage = $accountStorage ?? new FilesystemAccountStorage();
-        $this->dns = $dnsValidator ?? new DNSOverHTTPS();
-        $this->sleep = new Sleep;
-        $this->email = $email;
-    }
-
-    private function initBaseUrl($acmeURL)
-    {
-        if (is_bool($acmeURL)) {
-            $this->baseURL = $acmeURL ? LEClient::LE_STAGING : LEClient::LE_PRODUCTION;
-        } elseif (is_string($acmeURL)) {
-            $this->baseURL = $acmeURL;
-        } else {
-            throw new LogicException('acmeURL must be set to string or bool (legacy)');
-        }
-    }
-
-    public function getBaseUrl()
-    {
-        return $this->baseURL;
-    }
-
-    /**
-     * Inject alternative DNS resolver for testing
-     * @param DNSValidatorInterface $dns
-     */
-    public function setDNS(DNSValidatorInterface $dns)
-    {
-        $this->dns = $dns;
-    }
-
-    /**
-     * Inject alternative sleep service for testing
-     * @param Sleep $sleep
-     */
-    public function setSleep(Sleep $sleep)
-    {
-        $this->sleep = $sleep;
-    }
-
-    private function getConnector()
-    {
-        if (!isset($this->connector)) {
-            $this->connector = new LEConnector($this->log, $this->httpClient, $this->baseURL, $this->accountStorage);
-
-            //we need to initialize an account before using the connector
-            $this->getAccount();
-        }
-
-        return $this->connector;
-    }
-
-    /**
-     * Returns the LetsEncrypt account used in the current client.
-     *
-     * @return LEAccount    The LetsEncrypt Account instance used by the client.
-     */
-    public function getAccount()
-    {
-        if (!isset($this->account)) {
-            $this->account = new LEAccount($this->getConnector(), $this->log, $this->email, $this->accountStorage);
-        }
-        return $this->account;
-    }
-
-    /**
-     * Returns a LetsEncrypt order. If an order exists, this one is returned. If not, a new order is created and
-     * returned.
-     *
-     * @param string $basename The base name for the order. Preferable the top domain (example.org). Will be the
-     *                          directory in which the keys are stored. Used for the CommonName in the certificate as
-     *                          well.
-     * @param array $domains The array of strings containing the domain names on the certificate.
-     * @param string $keyType Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format
-     *                          (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes)
-     * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the
-     *                          certificate becomes valid. Defaults to the moment the order is finalized. (optional)
-     * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the
-     *                          certificate is valid. Defaults to 90 days past the moment the order is finalized.
-     *                          (optional)
-     *
-     * @return LEOrder  The LetsEncrypt Order instance which is either retrieved or created.
-     */
-    public function getOrCreateOrder($basename, $domains, $keyType = 'rsa-4096', $notBefore = '', $notAfter = '')
-    {
-        $this->log->info("LEClient::getOrCreateOrder($basename,...)");
-
-        $order = new LEOrder(
-            $this->getConnector(),
-            $this->storage,
-            $this->accountStorage,
-            $this->log,
-            $this->dns,
-            $this->sleep
-        );
-        $order->loadOrder($basename, $domains, $keyType, $notBefore, $notAfter);
-
-        return $order;
-    }
+	const LE_PRODUCTION = 'https://acme-v02.api.letsencrypt.org';
+	const LE_STAGING = 'https://acme-staging-v02.api.letsencrypt.org';
+
+	/** @var LEConnector */
+	private $connector;
+
+	/** @var LEAccount */
+	private $account;
+
+	private $baseURL;
+
+	/** @var LoggerInterface */
+	private $log;
+
+	/** @var ClientInterface */
+	private $httpClient;
+
+	/** @var DNSValidatorInterface */
+	private $dns;
+
+	/** @var Sleep */
+	private $sleep;
+
+	/** @var CertificateStorageInterface */
+	private $storage;
+
+	/** @var AccountStorageInterface */
+	private $accountStorage;
+
+	private $email;
+
+	/**
+	 * Initiates the LetsEncrypt main client.
+	 *
+	 * @param array $email The array of strings containing e-mail addresses. Only used in this function when
+	 *                                creating a new account.
+	 * @param string|bool $acmeURL ACME URL, can be string or one of predefined values: LE_STAGING or LE_PRODUCTION.
+	 *                                Defaults to LE_STAGING. Can also pass true/false for staging/production
+	 * @param LoggerInterface $logger PSR-3 compatible logger
+	 * @param ClientInterface|null $httpClient you can pass a custom client used for HTTP requests, if null is passed
+	 *                                one will be created
+	 * @param CertificateStorageInterface|null $storage service for certificates. If not supplied, a default
+	 *                                storage object will retain certificates in the local filesystem in a directory
+	 *                                called certificates in the current working directory
+	 * @param AccountStorageInterface|null $accountStorage same as storage but for the account
+	 * @param DNSValidatorInterface|null $dnsValidator service for checking DNS challenges. By default, this will use
+	 *                                Google's DNS over HTTPs service, which should insulate you from cached entries,
+	 *                                but this can be swapped for 'NativeDNS' or other alternative implementation
+	 */
+	public function __construct(
+		$email,
+		$acmeURL = LEClient::LE_STAGING,
+		LoggerInterface $logger = null,
+		ClientInterface $httpClient = null,
+		CertificateStorageInterface $storage = null,
+		AccountStorageInterface $accountStorage = null,
+		DNSValidatorInterface $dnsValidator = null
+	) {
+		$this->log = $logger ?? new NullLogger();
+
+		$this->initBaseUrl($acmeURL);
+
+		$this->httpClient = $httpClient ?? new Client();
+
+		$this->storage = $storage ?? new FilesystemCertificateStorage();
+		$this->accountStorage = $accountStorage ?? new FilesystemAccountStorage();
+		$this->dns = $dnsValidator ?? new DNSOverHTTPS();
+		$this->sleep = new Sleep;
+		$this->email = $email;
+	}
+
+	private function initBaseUrl($acmeURL)
+	{
+		if (is_bool($acmeURL)) {
+			$this->baseURL = $acmeURL ? LEClient::LE_STAGING : LEClient::LE_PRODUCTION;
+		} elseif (is_string($acmeURL)) {
+			$this->baseURL = $acmeURL;
+		} else {
+			throw new LogicException('acmeURL must be set to string or bool (legacy)');
+		}
+	}
+
+	public function getBaseUrl()
+	{
+		return $this->baseURL;
+	}
+
+	/**
+	 * Inject alternative DNS resolver for testing
+	 * @param DNSValidatorInterface $dns
+	 */
+	public function setDNS(DNSValidatorInterface $dns)
+	{
+		$this->dns = $dns;
+	}
+
+	/**
+	 * Inject alternative sleep service for testing
+	 * @param Sleep $sleep
+	 */
+	public function setSleep(Sleep $sleep)
+	{
+		$this->sleep = $sleep;
+	}
+
+	private function getConnector()
+	{
+		if (!isset($this->connector)) {
+			$this->connector = new LEConnector($this->log, $this->httpClient, $this->baseURL, $this->accountStorage);
+
+			//we need to initialize an account before using the connector
+			$this->getAccount();
+		}
+
+		return $this->connector;
+	}
+
+	/**
+	 * Returns the LetsEncrypt account used in the current client.
+	 *
+	 * @return LEAccount    The LetsEncrypt Account instance used by the client.
+	 */
+	public function getAccount()
+	{
+		if (!isset($this->account)) {
+			$this->account = new LEAccount($this->getConnector(), $this->log, $this->email, $this->accountStorage);
+		}
+		return $this->account;
+	}
+
+	/**
+	 * Returns a LetsEncrypt order. If an order exists, this one is returned. If not, a new order is created and
+	 * returned.
+	 *
+	 * @param string $basename The base name for the order. Preferable the top domain (example.org). Will be the
+	 *                          directory in which the keys are stored. Used for the CommonName in the certificate as
+	 *                          well.
+	 * @param array $domains The array of strings containing the domain names on the certificate.
+	 * @param string $keyType Type of the key we want to use for certificate. Can be provided in ALGO-SIZE format
+	 *                          (ex. rsa-4096 or ec-256) or simple "rsa" and "ec" (using default sizes)
+	 * @param string $notBefore A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) at which the
+	 *                          certificate becomes valid. Defaults to the moment the order is finalized. (optional)
+	 * @param string $notAfter A date string formatted like 0000-00-00T00:00:00Z (yyyy-mm-dd hh:mm:ss) until which the
+	 *                          certificate is valid. Defaults to 90 days past the moment the order is finalized.
+	 *                          (optional)
+	 *
+	 * @return LEOrder  The LetsEncrypt Order instance which is either retrieved or created.
+	 */
+	public function getOrCreateOrder($basename, $domains, $keyType = 'rsa-4096', $notBefore = '', $notAfter = '')
+	{
+		$this->log->info("LEClient::getOrCreateOrder($basename,...)");
+
+		$order = new LEOrder(
+			$this->getConnector(),
+			$this->storage,
+			$this->accountStorage,
+			$this->log,
+			$this->dns,
+			$this->sleep
+		);
+		$order->loadOrder($basename, $domains, $keyType, $notBefore, $notAfter);
+
+		return $order;
+	}
 }

src/AccountStorageInterface.php

Indentation +20 added lines, -20 removed lines

@@ -9,27 +9,27 @@
  */
 interface AccountStorageInterface
 {
-    /**
-     * Get the public key for the ACME account
-     * @return string
-     */
-    public function getAccountPublicKey();
+	/**
+	 * Get the public key for the ACME account
+	 * @return string
+	 */
+	public function getAccountPublicKey();
 
-    /**
-     * Set the public key for the ACME account
-     * @return string
-     */
-    public function setAccountPublicKey($key);
+	/**
+	 * Set the public key for the ACME account
+	 * @return string
+	 */
+	public function setAccountPublicKey($key);
 
-    /**
-     * Get the private key for the ACME account
-     * @return string
-     */
-    public function getAccountPrivateKey();
+	/**
+	 * Get the private key for the ACME account
+	 * @return string
+	 */
+	public function getAccountPrivateKey();
 
-    /**
-     * Set the private key for the ACME account
-     * @return string
-     */
-    public function setAccountPrivateKey($key);
+	/**
+	 * Set the private key for the ACME account
+	 * @return string
+	 */
+	public function setAccountPrivateKey($key);
 }

src/CertificateStorageInterface.php

Indentation +70 added lines, -70 removed lines

@@ -9,84 +9,84 @@
  */
 interface CertificateStorageInterface
 {
-    /**
-     * Get the certificate for the given domain
-     *
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @return string|null returns null if no certificate is available for domain
-     */
-    public function getCertificate($domain);
+	/**
+	 * Get the certificate for the given domain
+	 *
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @return string|null returns null if no certificate is available for domain
+	 */
+	public function getCertificate($domain);
 
-    /**
-     * Set the certificate for the given domain
-     *
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @param $certificate string containing certificate
-     */
-    public function setCertificate($domain, $certificate);
+	/**
+	 * Set the certificate for the given domain
+	 *
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @param $certificate string containing certificate
+	 */
+	public function setCertificate($domain, $certificate);
 
-    /**
-     * Get the full chain certificate for the given domain
-     *
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @return string|null returns null if no certificate is available for domain
-     */
-    public function getFullChainCertificate($domain);
+	/**
+	 * Get the full chain certificate for the given domain
+	 *
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @return string|null returns null if no certificate is available for domain
+	 */
+	public function getFullChainCertificate($domain);
 
-    /**
-     * Set the full chain certificate for the given domain
-     *
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @param $certificate string containing certificate with any necessary chained certificates
-     */
-    public function setFullChainCertificate($domain, $certificate);
+	/**
+	 * Set the full chain certificate for the given domain
+	 *
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @param $certificate string containing certificate with any necessary chained certificates
+	 */
+	public function setFullChainCertificate($domain, $certificate);
 
-    /**
-     * Get public key for given certificate
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @return string|null returns null if no certificate is available for domain
-     */
-    public function getPublicKey($domain);
+	/**
+	 * Get public key for given certificate
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @return string|null returns null if no certificate is available for domain
+	 */
+	public function getPublicKey($domain);
 
-    /**
-     * Set public key for domain
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @param $key string containing private key for domain
-     */
-    public function setPublicKey($domain, $key);
+	/**
+	 * Set public key for domain
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @param $key string containing private key for domain
+	 */
+	public function setPublicKey($domain, $key);
 
-    /**
-     * Get private key for given certificate
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @return string|null returns null if no certificate is available for domain
-     */
-    public function getPrivateKey($domain);
+	/**
+	 * Get private key for given certificate
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @return string|null returns null if no certificate is available for domain
+	 */
+	public function getPrivateKey($domain);
 
-    /**
-     * Set private key for domain
-     * @param $domain string given base domain of certificate (which might include *.wildcard)
-     * @param $key string containing private key for domain
-     */
-    public function setPrivateKey($domain, $key);
+	/**
+	 * Set private key for domain
+	 * @param $domain string given base domain of certificate (which might include *.wildcard)
+	 * @param $key string containing private key for domain
+	 */
+	public function setPrivateKey($domain, $key);
 
-    /**
-     * Get arbitrary persistent metadata
-     * @param $key string unique key
-     * @return mixed
-     */
-    public function getMetadata($key);
+	/**
+	 * Get arbitrary persistent metadata
+	 * @param $key string unique key
+	 * @return mixed
+	 */
+	public function getMetadata($key);
 
-    /**
-     * Store persistent metadata
-     * @param $key string unique key
-     * @param $value string value to store under given key
-     */
-    public function setMetadata($key, $value);
+	/**
+	 * Store persistent metadata
+	 * @param $key string unique key
+	 * @param $value string value to store under given key
+	 */
+	public function setMetadata($key, $value);
 
-    /**
-     * Check if persistent metadata for given key is available
-     * @param $key
-     * @return string|null
-     */
-    public function hasMetadata($key);
+	/**
+	 * Check if persistent metadata for given key is available
+	 * @param $key
+	 * @return string|null
+	 */
+	public function hasMetadata($key);
 }

src/FilesystemAccountStorage.php

Indentation +71 added lines, -71 removed lines

@@ -10,84 +10,84 @@
  */
 class FilesystemAccountStorage implements AccountStorageInterface
 {
-    private $dir;
+	private $dir;
 
-    public function __construct($dir = null)
-    {
-        $this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'account';
+	public function __construct($dir = null)
+	{
+		$this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'account';
 
-        if (!is_dir($this->dir)) {
-            /** @scrutinizer ignore-unhandled */ @mkdir($this->dir);
-        }
-        if (!is_writable($this->dir)) {
-            throw new RuntimeException("{$this->dir} is not writable");
-        }
-    }
+		if (!is_dir($this->dir)) {
+			/** @scrutinizer ignore-unhandled */ @mkdir($this->dir);
+		}
+		if (!is_writable($this->dir)) {
+			throw new RuntimeException("{$this->dir} is not writable");
+		}
+	}
 
 
-    /**
-     * @inheritdoc
-     */
-    public function getAccountPublicKey()
-    {
-        return $this->getMetadata('account.public');
-    }
+	/**
+	 * @inheritdoc
+	 */
+	public function getAccountPublicKey()
+	{
+		return $this->getMetadata('account.public');
+	}
 
-    /**
-     * @inheritdoc
-     */
-    public function setAccountPublicKey($key)
-    {
-        $this->setMetadata('account.public', $key);
-    }
+	/**
+	 * @inheritdoc
+	 */
+	public function setAccountPublicKey($key)
+	{
+		$this->setMetadata('account.public', $key);
+	}
 
-    /**
-     * @inheritdoc
-     */
-    public function getAccountPrivateKey()
-    {
-        return $this->getMetadata('account.key');
-    }
+	/**
+	 * @inheritdoc
+	 */
+	public function getAccountPrivateKey()
+	{
+		return $this->getMetadata('account.key');
+	}
 
-    /**
-     * @inheritdoc
-     */
-    public function setAccountPrivateKey($key)
-    {
-        $this->setMetadata('account.key', $key);
-    }
+	/**
+	 * @inheritdoc
+	 */
+	public function setAccountPrivateKey($key)
+	{
+		$this->setMetadata('account.key', $key);
+	}
 
-    private function getMetadataFilename($key)
-    {
-        $key=str_replace('*', 'wildcard', $key);
-        $file=$this->dir.DIRECTORY_SEPARATOR.$key;
-        return $file;
-    }
-    /**
-     * @inheritdoc
-     */
-    public function getMetadata($key)
-    {
-        $file=$this->getMetadataFilename($key);
-        if (!file_exists($file)) {
-            return null;
-        }
-        return file_get_contents($file);
-    }
+	private function getMetadataFilename($key)
+	{
+		$key=str_replace('*', 'wildcard', $key);
+		$file=$this->dir.DIRECTORY_SEPARATOR.$key;
+		return $file;
+	}
+	/**
+	 * @inheritdoc
+	 */
+	public function getMetadata($key)
+	{
+		$file=$this->getMetadataFilename($key);
+		if (!file_exists($file)) {
+			return null;
+		}
+		return file_get_contents($file);
+	}
 
-    /**
-     * @inheritdoc
-     */
-    public function setMetadata($key, $value)
-    {
-        $file=$this->getMetadataFilename($key);
-        if (is_null($value)) {
-            //nothing to store, ensure file is removed
-            if (file_exists($file)) {
-                unlink($file);
-            }
-        } else {
-            file_put_contents($file, $value);
-        }
-    }
+	/**
+	 * @inheritdoc
+	 */
+	public function setMetadata($key, $value)
+	{
+		$file=$this->getMetadataFilename($key);
+		if (is_null($value)) {
+			//nothing to store, ensure file is removed
+			if (file_exists($file)) {
+				unlink($file);
+			}
+		} else {
+			file_put_contents($file, $value);
+		}
+	}
 }

Spacing +5 added lines, -5 removed lines

@@ -14,7 +14,7 @@ 
 
     public function __construct($dir = null)
     {
-        $this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'account';
+        $this->dir = $dir ?? getcwd() . DIRECTORY_SEPARATOR . 'account';
 
         if (!is_dir($this->dir)) {
             /** @scrutinizer ignore-unhandled */ @mkdir($this->dir);
@@ -59,8 +59,8 @@ 
 
     private function getMetadataFilename($key)
     {
-        $key=str_replace('*', 'wildcard', $key);
-        $file=$this->dir.DIRECTORY_SEPARATOR.$key;
+        $key = str_replace('*', 'wildcard', $key);
+        $file = $this->dir . DIRECTORY_SEPARATOR . $key;
         return $file;
     }
     /**
@@ -68,7 +68,7 @@ 
      */
     public function getMetadata($key)
     {
-        $file=$this->getMetadataFilename($key);
+        $file = $this->getMetadataFilename($key);
         if (!file_exists($file)) {
             return null;
         }
@@ -80,7 +80,7 @@ 
      */
     public function setMetadata($key, $value)
     {
-        $file=$this->getMetadataFilename($key);
+        $file = $this->getMetadataFilename($key);
         if (is_null($value)) {
             //nothing to store, ensure file is removed
             if (file_exists($file)) {