Zwartpet /
php-certificate-toolbox
@@ -22,36 +22,36 @@ |
||
| 22 | 22 | try { |
| 23 | 23 | // Initiating the client instance. In this case using the staging server (argument 2) and outputting all status |
| 24 | 24 | // and debug information (argument 3). |
| 25 | - $client = new LEClient($email, true, $logger); |
|
| 25 | + $client = new LEClient($email, true, $logger); |
|
| 26 | 26 | // Initiating the order instance. The keys and certificate will be stored in /example.org/ (argument 1) and the |
| 27 | 27 | // domains in the array (argument 2) will be on the certificate. |
| 28 | - $order = $client->getOrCreateOrder($basename, $domains); |
|
| 28 | + $order = $client->getOrCreateOrder($basename, $domains); |
|
| 29 | 29 | // Check whether there are any authorizations pending. If that is the case, try to verify the pending authorizations. |
| 30 | - if (!$order->allAuthorizationsValid()) { |
|
| 31 | - // Get the DNS challenges from the pending authorizations. |
|
| 32 | - $pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS); |
|
| 33 | - // Walk the list of pending authorization DNS challenges. |
|
| 34 | - if (!empty($pending)) { |
|
| 35 | - foreach ($pending as $challenge) { |
|
| 36 | - // For the purpose of this example, a fictitious functions creates or updates the ACME challenge DNS |
|
| 37 | - // record for this domain. |
|
| 38 | - //setDNSRecord($challenge['identifier'], $challenge['DNSDigest']); |
|
| 39 | - printf( |
|
| 40 | - "DNS Challengage identifier = %s digest = %s\n", |
|
| 41 | - $challenge['identifier'], |
|
| 42 | - $challenge['DNSDigest'] |
|
| 43 | - ); |
|
| 44 | - } |
|
| 45 | - } |
|
| 46 | - } |
|
| 30 | + if (!$order->allAuthorizationsValid()) { |
|
| 31 | + // Get the DNS challenges from the pending authorizations. |
|
| 32 | + $pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS); |
|
| 33 | + // Walk the list of pending authorization DNS challenges. |
|
| 34 | + if (!empty($pending)) { |
|
| 35 | + foreach ($pending as $challenge) { |
|
| 36 | + // For the purpose of this example, a fictitious functions creates or updates the ACME challenge DNS |
|
| 37 | + // record for this domain. |
|
| 38 | + //setDNSRecord($challenge['identifier'], $challenge['DNSDigest']); |
|
| 39 | + printf( |
|
| 40 | + "DNS Challengage identifier = %s digest = %s\n", |
|
| 41 | + $challenge['identifier'], |
|
| 42 | + $challenge['DNSDigest'] |
|
| 43 | + ); |
|
| 44 | + } |
|
| 45 | + } |
|
| 46 | + } |
|
| 47 | 47 | } |
| 48 | 48 | catch (\Exception $e) { |
| 49 | - echo $e->getMessage()."\n"; |
|
| 50 | - echo $e->getTraceAsString()."\n"; |
|
| 49 | + echo $e->getMessage()."\n"; |
|
| 50 | + echo $e->getTraceAsString()."\n"; |
|
| 51 | 51 | |
| 52 | - echo "\nDiagnostic logs\n"; |
|
| 53 | - $logger->dumpConsole(); |
|
| 54 | - exit; |
|
| 52 | + echo "\nDiagnostic logs\n"; |
|
| 53 | + $logger->dumpConsole(); |
|
| 54 | + exit; |
|
| 55 | 55 | } |
| 56 | 56 | |
| 57 | 57 | echo "\nDiagnostic logs\n"; |
@@ -49,8 +49,8 @@ |
||
| 49 | 49 | if($order->isFinalized()) $order->getCertificate(); |
| 50 | 50 | |
| 51 | 51 | //finally, here's how we revoke |
| 52 | - //echo "REVOKING...\n"; |
|
| 53 | - //$order->revokeCertificate(); |
|
| 52 | + //echo "REVOKING...\n"; |
|
| 53 | + //$order->revokeCertificate(); |
|
| 54 | 54 | } |
| 55 | 55 | |
| 56 | 56 | |
@@ -32,7 +32,7 @@ |
||
| 32 | 32 | foreach($pending as $challenge) |
| 33 | 33 | { |
| 34 | 34 | // Define the folder in which to store the challenge. For the purpose of this example, a fictitious path is |
| 35 | - // set. |
|
| 35 | + // set. |
|
| 36 | 36 | $folder = '/path/to/' . $challenge['identifier'] . '/.well-known/acme-challenge/'; |
| 37 | 37 | // Check if that directory yet exists. If not, create it. |
| 38 | 38 | if(!file_exists($folder)) mkdir($folder, 0777, true); |
@@ -13,88 +13,88 @@ |
||
| 13 | 13 | */ |
| 14 | 14 | class DiagnosticLogger extends AbstractLogger |
| 15 | 15 | { |
| 16 | - private $logs = []; |
|
| 17 | - |
|
| 18 | - public function log($level, $message, array $context = []) |
|
| 19 | - { |
|
| 20 | - $this->logs[] = [$level, $message, $context]; |
|
| 21 | - } |
|
| 22 | - |
|
| 23 | - public function dumpConsole($useColours = true) |
|
| 24 | - { |
|
| 25 | - $colours = [ |
|
| 26 | - 'alert' => "\e[97m\e[41m", |
|
| 27 | - 'emergency' => "\e[97m\e[41m", |
|
| 28 | - 'critical' => "\e[97m\e[41m", |
|
| 29 | - 'error' => "\e[91m", |
|
| 30 | - 'warning' => "\e[93m", |
|
| 31 | - 'notice' => "\e[96m", |
|
| 32 | - 'info' => "\e[92m", |
|
| 33 | - 'debug' => "\e[2m", |
|
| 34 | - ]; |
|
| 35 | - |
|
| 36 | - $reset = $useColours ? "\e[0m" : ''; |
|
| 37 | - |
|
| 38 | - foreach ($this->logs as $log) { |
|
| 39 | - $col = $useColours ? $colours[$log[0]] : ''; |
|
| 40 | - echo $col . $log[0] . ': ' . $this->interpolateMessage($log[1], $log[2]) . $reset . "\n"; |
|
| 41 | - } |
|
| 42 | - } |
|
| 43 | - |
|
| 44 | - public function dumpHTML($echo = true) |
|
| 45 | - { |
|
| 46 | - $html = '<div class="liblynx-diagnostic-log">'; |
|
| 47 | - $html .= '<table class="table"><thead><tr><th>Level</th><th>Message</th></tr></thead><tbody>'; |
|
| 48 | - $html .= "\n"; |
|
| 49 | - |
|
| 50 | - foreach ($this->logs as $log) { |
|
| 51 | - $html .= '<tr class="level-' . $log[0] . '"><td>' . $log[0] . '</td><td>' . |
|
| 52 | - htmlentities($this->interpolateMessage($log[1], $log[2])) . |
|
| 53 | - "</td></tr>\n"; |
|
| 54 | - } |
|
| 55 | - $html .= "</tbody></table></div>\n"; |
|
| 56 | - |
|
| 57 | - if ($echo) { |
|
| 58 | - echo $html; //@codeCoverageIgnore |
|
| 59 | - } |
|
| 60 | - return $html; |
|
| 61 | - } |
|
| 62 | - |
|
| 63 | - /** |
|
| 64 | - * Interpolates context values into the message placeholders. |
|
| 65 | - */ |
|
| 66 | - private function interpolateMessage($message, array $context = []) |
|
| 67 | - { |
|
| 68 | - // build a replacement array with braces around the context keys |
|
| 69 | - $replace = []; |
|
| 70 | - foreach ($context as $key => $val) { |
|
| 71 | - // check that the value can be casted to string |
|
| 72 | - if (!is_array($val) && (!is_object($val) || method_exists($val, '__toString'))) { |
|
| 73 | - $replace['{' . $key . '}'] = $val; |
|
| 74 | - } |
|
| 75 | - } |
|
| 76 | - |
|
| 77 | - // interpolate replacement values into the message and return |
|
| 78 | - return strtr($message, $replace); |
|
| 79 | - } |
|
| 80 | - |
|
| 81 | - |
|
| 82 | - public function cleanLogs() |
|
| 83 | - { |
|
| 84 | - $logs = $this->logs; |
|
| 85 | - $this->logs = []; |
|
| 86 | - |
|
| 87 | - return $logs; |
|
| 88 | - } |
|
| 89 | - |
|
| 90 | - public function countLogs($level) |
|
| 91 | - { |
|
| 92 | - $count = 0; |
|
| 93 | - foreach ($this->logs as $log) { |
|
| 94 | - if ($log[0] == $level) { |
|
| 95 | - $count++; |
|
| 96 | - } |
|
| 97 | - } |
|
| 98 | - return $count; |
|
| 99 | - } |
|
| 16 | + private $logs = []; |
|
| 17 | + |
|
| 18 | + public function log($level, $message, array $context = []) |
|
| 19 | + { |
|
| 20 | + $this->logs[] = [$level, $message, $context]; |
|
| 21 | + } |
|
| 22 | + |
|
| 23 | + public function dumpConsole($useColours = true) |
|
| 24 | + { |
|
| 25 | + $colours = [ |
|
| 26 | + 'alert' => "\e[97m\e[41m", |
|
| 27 | + 'emergency' => "\e[97m\e[41m", |
|
| 28 | + 'critical' => "\e[97m\e[41m", |
|
| 29 | + 'error' => "\e[91m", |
|
| 30 | + 'warning' => "\e[93m", |
|
| 31 | + 'notice' => "\e[96m", |
|
| 32 | + 'info' => "\e[92m", |
|
| 33 | + 'debug' => "\e[2m", |
|
| 34 | + ]; |
|
| 35 | + |
|
| 36 | + $reset = $useColours ? "\e[0m" : ''; |
|
| 37 | + |
|
| 38 | + foreach ($this->logs as $log) { |
|
| 39 | + $col = $useColours ? $colours[$log[0]] : ''; |
|
| 40 | + echo $col . $log[0] . ': ' . $this->interpolateMessage($log[1], $log[2]) . $reset . "\n"; |
|
| 41 | + } |
|
| 42 | + } |
|
| 43 | + |
|
| 44 | + public function dumpHTML($echo = true) |
|
| 45 | + { |
|
| 46 | + $html = '<div class="liblynx-diagnostic-log">'; |
|
| 47 | + $html .= '<table class="table"><thead><tr><th>Level</th><th>Message</th></tr></thead><tbody>'; |
|
| 48 | + $html .= "\n"; |
|
| 49 | + |
|
| 50 | + foreach ($this->logs as $log) { |
|
| 51 | + $html .= '<tr class="level-' . $log[0] . '"><td>' . $log[0] . '</td><td>' . |
|
| 52 | + htmlentities($this->interpolateMessage($log[1], $log[2])) . |
|
| 53 | + "</td></tr>\n"; |
|
| 54 | + } |
|
| 55 | + $html .= "</tbody></table></div>\n"; |
|
| 56 | + |
|
| 57 | + if ($echo) { |
|
| 58 | + echo $html; //@codeCoverageIgnore |
|
| 59 | + } |
|
| 60 | + return $html; |
|
| 61 | + } |
|
| 62 | + |
|
| 63 | + /** |
|
| 64 | + * Interpolates context values into the message placeholders. |
|
| 65 | + */ |
|
| 66 | + private function interpolateMessage($message, array $context = []) |
|
| 67 | + { |
|
| 68 | + // build a replacement array with braces around the context keys |
|
| 69 | + $replace = []; |
|
| 70 | + foreach ($context as $key => $val) { |
|
| 71 | + // check that the value can be casted to string |
|
| 72 | + if (!is_array($val) && (!is_object($val) || method_exists($val, '__toString'))) { |
|
| 73 | + $replace['{' . $key . '}'] = $val; |
|
| 74 | + } |
|
| 75 | + } |
|
| 76 | + |
|
| 77 | + // interpolate replacement values into the message and return |
|
| 78 | + return strtr($message, $replace); |
|
| 79 | + } |
|
| 80 | + |
|
| 81 | + |
|
| 82 | + public function cleanLogs() |
|
| 83 | + { |
|
| 84 | + $logs = $this->logs; |
|
| 85 | + $this->logs = []; |
|
| 86 | + |
|
| 87 | + return $logs; |
|
| 88 | + } |
|
| 89 | + |
|
| 90 | + public function countLogs($level) |
|
| 91 | + { |
|
| 92 | + $count = 0; |
|
| 93 | + foreach ($this->logs as $log) { |
|
| 94 | + if ($log[0] == $level) { |
|
| 95 | + $count++; |
|
| 96 | + } |
|
| 97 | + } |
|
| 98 | + return $count; |
|
| 99 | + } |
|
| 100 | 100 | } |
@@ -14,106 +14,106 @@ |
||
| 14 | 14 | */ |
| 15 | 15 | class LEFunctions |
| 16 | 16 | { |
| 17 | - /** |
|
| 18 | - * Generates a new RSA keypair and returns both |
|
| 19 | - * |
|
| 20 | - * @param integer $keySize RSA key size, must be between 2048 and 4096 (default is 4096) |
|
| 21 | - * @return array containing public and private indexes containing the new keys |
|
| 22 | - */ |
|
| 23 | - public static function RSAGenerateKeys($keySize = 4096) |
|
| 24 | - { |
|
| 25 | - |
|
| 26 | - if ($keySize < 2048 || $keySize > 4096) { |
|
| 27 | - throw new LogicException("RSA key size must be between 2048 and 4096"); |
|
| 28 | - } |
|
| 29 | - |
|
| 30 | - $res = openssl_pkey_new([ |
|
| 31 | - "private_key_type" => OPENSSL_KEYTYPE_RSA, |
|
| 32 | - "private_key_bits" => intval($keySize), |
|
| 33 | - ]); |
|
| 34 | - |
|
| 35 | - if (!openssl_pkey_export($res, $privateKey)) { |
|
| 36 | - throw new RuntimeException("RSA keypair export failed!"); //@codeCoverageIgnore |
|
| 37 | - } |
|
| 38 | - |
|
| 39 | - $details = openssl_pkey_get_details($res); |
|
| 40 | - |
|
| 41 | - $result = ['public' => $details['key'], 'private' => $privateKey]; |
|
| 42 | - |
|
| 43 | - openssl_pkey_free($res); |
|
| 44 | - |
|
| 45 | - return $result; |
|
| 46 | - } |
|
| 47 | - |
|
| 48 | - |
|
| 49 | - /** |
|
| 50 | - * Generates a new EC prime256v1 keypair and saves both keys to a new file. |
|
| 51 | - * |
|
| 52 | - * @param integer $keySize EC key size, possible values are 256 (prime256v1) or 384 (secp384r1), |
|
| 53 | - * default is 256 |
|
| 54 | - * @return array containing public and private indexes containing the new keys |
|
| 55 | - */ |
|
| 56 | - public static function ECGenerateKeys($keySize = 256) |
|
| 57 | - { |
|
| 58 | - if (version_compare(PHP_VERSION, '7.1.0') == -1) { |
|
| 59 | - throw new RuntimeException("PHP 7.1+ required for EC keys"); //@codeCoverageIgnore |
|
| 60 | - } |
|
| 61 | - |
|
| 62 | - if ($keySize == 256) { |
|
| 63 | - $res = openssl_pkey_new([ |
|
| 64 | - "private_key_type" => OPENSSL_KEYTYPE_EC, |
|
| 65 | - "curve_name" => "prime256v1", |
|
| 66 | - ]); |
|
| 67 | - } elseif ($keySize == 384) { |
|
| 68 | - $res = openssl_pkey_new([ |
|
| 69 | - "private_key_type" => OPENSSL_KEYTYPE_EC, |
|
| 70 | - "curve_name" => "secp384r1", |
|
| 71 | - ]); |
|
| 72 | - } else { |
|
| 73 | - throw new LogicException("EC key size must be 256 or 384"); |
|
| 74 | - } |
|
| 75 | - |
|
| 76 | - |
|
| 77 | - if (!openssl_pkey_export($res, $privateKey)) { |
|
| 78 | - throw new RuntimeException("EC keypair export failed!"); //@codeCoverageIgnore |
|
| 79 | - } |
|
| 80 | - |
|
| 81 | - $details = openssl_pkey_get_details($res); |
|
| 82 | - |
|
| 83 | - $result = ['public' => $details['key'], 'private' => $privateKey]; |
|
| 84 | - |
|
| 85 | - openssl_pkey_free($res); |
|
| 86 | - |
|
| 87 | - return $result; |
|
| 88 | - } |
|
| 89 | - |
|
| 90 | - |
|
| 91 | - /** |
|
| 92 | - * Encodes a string input to a base64 encoded string which is URL safe. |
|
| 93 | - * |
|
| 94 | - * @param string $input The input string to encode. |
|
| 95 | - * |
|
| 96 | - * @return string Returns a URL safe base64 encoded string. |
|
| 97 | - */ |
|
| 98 | - public static function base64UrlSafeEncode($input) |
|
| 99 | - { |
|
| 100 | - return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); |
|
| 101 | - } |
|
| 102 | - |
|
| 103 | - /** |
|
| 104 | - * Decodes a string that is URL safe base64 encoded. |
|
| 105 | - * |
|
| 106 | - * @param string $input The encoded input string to decode. |
|
| 107 | - * |
|
| 108 | - * @return string Returns the decoded input string. |
|
| 109 | - */ |
|
| 110 | - public static function base64UrlSafeDecode($input) |
|
| 111 | - { |
|
| 112 | - $remainder = strlen($input) % 4; |
|
| 113 | - if ($remainder) { |
|
| 114 | - $padlen = 4 - $remainder; |
|
| 115 | - $input .= str_repeat('=', $padlen); |
|
| 116 | - } |
|
| 117 | - return base64_decode(strtr($input, '-_', '+/')); |
|
| 118 | - } |
|
| 17 | + /** |
|
| 18 | + * Generates a new RSA keypair and returns both |
|
| 19 | + * |
|
| 20 | + * @param integer $keySize RSA key size, must be between 2048 and 4096 (default is 4096) |
|
| 21 | + * @return array containing public and private indexes containing the new keys |
|
| 22 | + */ |
|
| 23 | + public static function RSAGenerateKeys($keySize = 4096) |
|
| 24 | + { |
|
| 25 | + |
|
| 26 | + if ($keySize < 2048 || $keySize > 4096) { |
|
| 27 | + throw new LogicException("RSA key size must be between 2048 and 4096"); |
|
| 28 | + } |
|
| 29 | + |
|
| 30 | + $res = openssl_pkey_new([ |
|
| 31 | + "private_key_type" => OPENSSL_KEYTYPE_RSA, |
|
| 32 | + "private_key_bits" => intval($keySize), |
|
| 33 | + ]); |
|
| 34 | + |
|
| 35 | + if (!openssl_pkey_export($res, $privateKey)) { |
|
| 36 | + throw new RuntimeException("RSA keypair export failed!"); //@codeCoverageIgnore |
|
| 37 | + } |
|
| 38 | + |
|
| 39 | + $details = openssl_pkey_get_details($res); |
|
| 40 | + |
|
| 41 | + $result = ['public' => $details['key'], 'private' => $privateKey]; |
|
| 42 | + |
|
| 43 | + openssl_pkey_free($res); |
|
| 44 | + |
|
| 45 | + return $result; |
|
| 46 | + } |
|
| 47 | + |
|
| 48 | + |
|
| 49 | + /** |
|
| 50 | + * Generates a new EC prime256v1 keypair and saves both keys to a new file. |
|
| 51 | + * |
|
| 52 | + * @param integer $keySize EC key size, possible values are 256 (prime256v1) or 384 (secp384r1), |
|
| 53 | + * default is 256 |
|
| 54 | + * @return array containing public and private indexes containing the new keys |
|
| 55 | + */ |
|
| 56 | + public static function ECGenerateKeys($keySize = 256) |
|
| 57 | + { |
|
| 58 | + if (version_compare(PHP_VERSION, '7.1.0') == -1) { |
|
| 59 | + throw new RuntimeException("PHP 7.1+ required for EC keys"); //@codeCoverageIgnore |
|
| 60 | + } |
|
| 61 | + |
|
| 62 | + if ($keySize == 256) { |
|
| 63 | + $res = openssl_pkey_new([ |
|
| 64 | + "private_key_type" => OPENSSL_KEYTYPE_EC, |
|
| 65 | + "curve_name" => "prime256v1", |
|
| 66 | + ]); |
|
| 67 | + } elseif ($keySize == 384) { |
|
| 68 | + $res = openssl_pkey_new([ |
|
| 69 | + "private_key_type" => OPENSSL_KEYTYPE_EC, |
|
| 70 | + "curve_name" => "secp384r1", |
|
| 71 | + ]); |
|
| 72 | + } else { |
|
| 73 | + throw new LogicException("EC key size must be 256 or 384"); |
|
| 74 | + } |
|
| 75 | + |
|
| 76 | + |
|
| 77 | + if (!openssl_pkey_export($res, $privateKey)) { |
|
| 78 | + throw new RuntimeException("EC keypair export failed!"); //@codeCoverageIgnore |
|
| 79 | + } |
|
| 80 | + |
|
| 81 | + $details = openssl_pkey_get_details($res); |
|
| 82 | + |
|
| 83 | + $result = ['public' => $details['key'], 'private' => $privateKey]; |
|
| 84 | + |
|
| 85 | + openssl_pkey_free($res); |
|
| 86 | + |
|
| 87 | + return $result; |
|
| 88 | + } |
|
| 89 | + |
|
| 90 | + |
|
| 91 | + /** |
|
| 92 | + * Encodes a string input to a base64 encoded string which is URL safe. |
|
| 93 | + * |
|
| 94 | + * @param string $input The input string to encode. |
|
| 95 | + * |
|
| 96 | + * @return string Returns a URL safe base64 encoded string. |
|
| 97 | + */ |
|
| 98 | + public static function base64UrlSafeEncode($input) |
|
| 99 | + { |
|
| 100 | + return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); |
|
| 101 | + } |
|
| 102 | + |
|
| 103 | + /** |
|
| 104 | + * Decodes a string that is URL safe base64 encoded. |
|
| 105 | + * |
|
| 106 | + * @param string $input The encoded input string to decode. |
|
| 107 | + * |
|
| 108 | + * @return string Returns the decoded input string. |
|
| 109 | + */ |
|
| 110 | + public static function base64UrlSafeDecode($input) |
|
| 111 | + { |
|
| 112 | + $remainder = strlen($input) % 4; |
|
| 113 | + if ($remainder) { |
|
| 114 | + $padlen = 4 - $remainder; |
|
| 115 | + $input .= str_repeat('=', $padlen); |
|
| 116 | + } |
|
| 117 | + return base64_decode(strtr($input, '-_', '+/')); |
|
| 118 | + } |
|
| 119 | 119 | } |
@@ -39,93 +39,93 @@ |
||
| 39 | 39 | class DNSOverHTTPS implements DNSValidatorInterface |
| 40 | 40 | { |
| 41 | 41 | |
| 42 | - const DNS_GOOGLE = 'https://dns.google.com/resolve'; |
|
| 43 | - const DNS_MOZILLA = 'https://mozilla.cloudflare-dns.com/dns-query'; |
|
| 44 | - const DNS_CLOUDFLARE = 'https://cloudflare-dns.com/dns-query'; |
|
| 45 | - |
|
| 46 | - /** |
|
| 47 | - * What DNS-over-HTTPS service to use |
|
| 48 | - * |
|
| 49 | - * @var null|string |
|
| 50 | - */ |
|
| 51 | - private $baseURI; |
|
| 52 | - |
|
| 53 | - /** |
|
| 54 | - * Guzzle client handler |
|
| 55 | - * |
|
| 56 | - * @var Client object |
|
| 57 | - */ |
|
| 58 | - private $client; |
|
| 59 | - |
|
| 60 | - /** |
|
| 61 | - * DNSOverHTTPS constructor. |
|
| 62 | - * @param string|null $baseURI |
|
| 63 | - */ |
|
| 64 | - public function __construct(string $baseURI = null) |
|
| 65 | - { |
|
| 66 | - //Default to Google, seems like a safe bet... |
|
| 67 | - if ($baseURI === null) { |
|
| 68 | - $this->baseURI = self::DNS_GOOGLE; |
|
| 69 | - } else { |
|
| 70 | - $this->baseURI = $baseURI; |
|
| 71 | - } |
|
| 72 | - |
|
| 73 | - $this->client = new Client([ |
|
| 74 | - 'base_uri' => $this->baseURI |
|
| 75 | - ]); |
|
| 76 | - } |
|
| 77 | - |
|
| 78 | - public function checkChallenge($domain, $requiredDigest) : bool |
|
| 79 | - { |
|
| 80 | - $hostname = '_acme-challenge.' . str_replace('*.', '', $domain); |
|
| 81 | - |
|
| 82 | - $records = $this->get($hostname, 'TXT'); |
|
| 83 | - if ($records->Status == 0) { |
|
| 84 | - foreach ($records->Answer as $record) { |
|
| 85 | - if ((rtrim($record->name, ".") == $hostname) && |
|
| 86 | - ($record->type == 16) && |
|
| 87 | - (trim($record->data, '"') == $requiredDigest)) { |
|
| 88 | - return true; |
|
| 89 | - } |
|
| 90 | - } |
|
| 91 | - } |
|
| 92 | - |
|
| 93 | - return false; |
|
| 94 | - } |
|
| 95 | - |
|
| 96 | - /** |
|
| 97 | - * @param string $name |
|
| 98 | - * @param string $type per experimental spec this can be string OR int, we force string |
|
| 99 | - * @return \stdClass |
|
| 100 | - */ |
|
| 101 | - public function get(string $name, string $type) : \stdClass |
|
| 102 | - { |
|
| 103 | - $query = [ |
|
| 104 | - 'query' => [ |
|
| 105 | - 'name' => $name, |
|
| 106 | - 'type' => $type, |
|
| 107 | - 'edns_client_subnet' => '0.0.0.0/0', //disable geotagged dns results |
|
| 108 | - 'ct' => 'application/dns-json', //cloudflare requires this |
|
| 109 | - ], |
|
| 110 | - 'headers' => [ |
|
| 111 | - 'Accept' => 'application/dns-json' |
|
| 112 | - ] |
|
| 113 | - ]; |
|
| 114 | - |
|
| 115 | - try { |
|
| 116 | - $response = $this->client->get(null, $query); |
|
| 117 | - } catch (BadResponseException $e) { |
|
| 118 | - throw new RuntimeException("GET {$this->baseURI} failed", 0, $e); |
|
| 119 | - } |
|
| 120 | - |
|
| 121 | - $decode = json_decode($response->getBody()); |
|
| 122 | - |
|
| 123 | - if (json_last_error() !== JSON_ERROR_NONE) { |
|
| 124 | - throw new RuntimeException( |
|
| 125 | - 'Attempted to decode expected JSON response, however server returned something unexpected.' |
|
| 126 | - ); |
|
| 127 | - } |
|
| 128 | - |
|
| 129 | - return $decode; |
|
| 130 | - } |
|
| 42 | + const DNS_GOOGLE = 'https://dns.google.com/resolve'; |
|
| 43 | + const DNS_MOZILLA = 'https://mozilla.cloudflare-dns.com/dns-query'; |
|
| 44 | + const DNS_CLOUDFLARE = 'https://cloudflare-dns.com/dns-query'; |
|
| 45 | + |
|
| 46 | + /** |
|
| 47 | + * What DNS-over-HTTPS service to use |
|
| 48 | + * |
|
| 49 | + * @var null|string |
|
| 50 | + */ |
|
| 51 | + private $baseURI; |
|
| 52 | + |
|
| 53 | + /** |
|
| 54 | + * Guzzle client handler |
|
| 55 | + * |
|
| 56 | + * @var Client object |
|
| 57 | + */ |
|
| 58 | + private $client; |
|
| 59 | + |
|
| 60 | + /** |
|
| 61 | + * DNSOverHTTPS constructor. |
|
| 62 | + * @param string|null $baseURI |
|
| 63 | + */ |
|
| 64 | + public function __construct(string $baseURI = null) |
|
| 65 | + { |
|
| 66 | + //Default to Google, seems like a safe bet... |
|
| 67 | + if ($baseURI === null) { |
|
| 68 | + $this->baseURI = self::DNS_GOOGLE; |
|
| 69 | + } else { |
|
| 70 | + $this->baseURI = $baseURI; |
|
| 71 | + } |
|
| 72 | + |
|
| 73 | + $this->client = new Client([ |
|
| 74 | + 'base_uri' => $this->baseURI |
|
| 75 | + ]); |
|
| 76 | + } |
|
| 77 | + |
|
| 78 | + public function checkChallenge($domain, $requiredDigest) : bool |
|
| 79 | + { |
|
| 80 | + $hostname = '_acme-challenge.' . str_replace('*.', '', $domain); |
|
| 81 | + |
|
| 82 | + $records = $this->get($hostname, 'TXT'); |
|
| 83 | + if ($records->Status == 0) { |
|
| 84 | + foreach ($records->Answer as $record) { |
|
| 85 | + if ((rtrim($record->name, ".") == $hostname) && |
|
| 86 | + ($record->type == 16) && |
|
| 87 | + (trim($record->data, '"') == $requiredDigest)) { |
|
| 88 | + return true; |
|
| 89 | + } |
|
| 90 | + } |
|
| 91 | + } |
|
| 92 | + |
|
| 93 | + return false; |
|
| 94 | + } |
|
| 95 | + |
|
| 96 | + /** |
|
| 97 | + * @param string $name |
|
| 98 | + * @param string $type per experimental spec this can be string OR int, we force string |
|
| 99 | + * @return \stdClass |
|
| 100 | + */ |
|
| 101 | + public function get(string $name, string $type) : \stdClass |
|
| 102 | + { |
|
| 103 | + $query = [ |
|
| 104 | + 'query' => [ |
|
| 105 | + 'name' => $name, |
|
| 106 | + 'type' => $type, |
|
| 107 | + 'edns_client_subnet' => '0.0.0.0/0', //disable geotagged dns results |
|
| 108 | + 'ct' => 'application/dns-json', //cloudflare requires this |
|
| 109 | + ], |
|
| 110 | + 'headers' => [ |
|
| 111 | + 'Accept' => 'application/dns-json' |
|
| 112 | + ] |
|
| 113 | + ]; |
|
| 114 | + |
|
| 115 | + try { |
|
| 116 | + $response = $this->client->get(null, $query); |
|
| 117 | + } catch (BadResponseException $e) { |
|
| 118 | + throw new RuntimeException("GET {$this->baseURI} failed", 0, $e); |
|
| 119 | + } |
|
| 120 | + |
|
| 121 | + $decode = json_decode($response->getBody()); |
|
| 122 | + |
|
| 123 | + if (json_last_error() !== JSON_ERROR_NONE) { |
|
| 124 | + throw new RuntimeException( |
|
| 125 | + 'Attempted to decode expected JSON response, however server returned something unexpected.' |
|
| 126 | + ); |
|
| 127 | + } |
|
| 128 | + |
|
| 129 | + return $decode; |
|
| 130 | + } |
|
| 131 | 131 | } |
@@ -10,14 +10,14 @@ |
||
| 10 | 10 | */ |
| 11 | 11 | interface DNSValidatorInterface |
| 12 | 12 | { |
| 13 | - /** |
|
| 14 | - * This will strip any leading *. wildcard and prepend _acme-challenge. to form the challenge domain, |
|
| 15 | - * and will then request TXT record for that domain. If the record is found, and the content matches |
|
| 16 | - * the given digest, return true. Otherwise, return false |
|
| 17 | - * |
|
| 18 | - * @param $domain string base domain for certificate, which can include wildcard |
|
| 19 | - * @param $requiredDigest string expected digest value |
|
| 20 | - * @return bool |
|
| 21 | - */ |
|
| 22 | - public function checkChallenge($domain, $requiredDigest) : bool; |
|
| 13 | + /** |
|
| 14 | + * This will strip any leading *. wildcard and prepend _acme-challenge. to form the challenge domain, |
|
| 15 | + * and will then request TXT record for that domain. If the record is found, and the content matches |
|
| 16 | + * the given digest, return true. Otherwise, return false |
|
| 17 | + * |
|
| 18 | + * @param $domain string base domain for certificate, which can include wildcard |
|
| 19 | + * @param $requiredDigest string expected digest value |
|
| 20 | + * @return bool |
|
| 21 | + */ |
|
| 22 | + public function checkChallenge($domain, $requiredDigest) : bool; |
|
| 23 | 23 | } |
@@ -10,15 +10,15 @@ |
||
| 10 | 10 | */ |
| 11 | 11 | class NativeDNS implements DNSValidatorInterface |
| 12 | 12 | { |
| 13 | - public function checkChallenge($domain, $requiredDigest) : bool |
|
| 14 | - { |
|
| 15 | - $hostname = '_acme-challenge.' . str_replace('*.', '', $domain); |
|
| 16 | - $records = dns_get_record($hostname, DNS_TXT); |
|
| 17 | - foreach ($records as $record) { |
|
| 18 | - if ($record['host'] == $hostname && $record['type'] == 'TXT' && $record['txt'] == $requiredDigest) { |
|
| 19 | - return true; |
|
| 20 | - } |
|
| 21 | - } |
|
| 22 | - return false; |
|
| 23 | - } |
|
| 13 | + public function checkChallenge($domain, $requiredDigest) : bool |
|
| 14 | + { |
|
| 15 | + $hostname = '_acme-challenge.' . str_replace('*.', '', $domain); |
|
| 16 | + $records = dns_get_record($hostname, DNS_TXT); |
|
| 17 | + foreach ($records as $record) { |
|
| 18 | + if ($record['host'] == $hostname && $record['type'] == 'TXT' && $record['txt'] == $requiredDigest) { |
|
| 19 | + return true; |
|
| 20 | + } |
|
| 21 | + } |
|
| 22 | + return false; |
|
| 23 | + } |
|
| 24 | 24 | } |
@@ -10,8 +10,8 @@ |
||
| 10 | 10 | */ |
| 11 | 11 | class Sleep |
| 12 | 12 | { |
| 13 | - public function for($seconds) |
|
| 14 | - { |
|
| 15 | - sleep($seconds); |
|
| 16 | - } |
|
| 13 | + public function for($seconds) |
|
| 14 | + { |
|
| 15 | + sleep($seconds); |
|
| 16 | + } |
|
| 17 | 17 | } |
