Zwartpet / php-certificate-toolbox

examples/exampleDNSInit.php

Indentation +24 added lines, -24 removed lines

@@ -22,36 +22,36 @@
 try {
 // Initiating the client instance. In this case using the staging server (argument 2) and outputting all status
 // and debug information (argument 3).
-    $client = new LEClient($email, true, $logger);
+	$client = new LEClient($email, true, $logger);
 // Initiating the order instance. The keys and certificate will be stored in /example.org/ (argument 1) and the
 // domains in the array (argument 2) will be on the certificate.
-    $order = $client->getOrCreateOrder($basename, $domains);
+	$order = $client->getOrCreateOrder($basename, $domains);
 // Check whether there are any authorizations pending. If that is the case, try to verify the pending authorizations.
-    if (!$order->allAuthorizationsValid()) {
-        // Get the DNS challenges from the pending authorizations.
-        $pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS);
-        // Walk the list of pending authorization DNS challenges.
-        if (!empty($pending)) {
-            foreach ($pending as $challenge) {
-                // For the purpose of this example, a fictitious functions creates or updates the ACME challenge DNS
-                // record for this domain.
-                //setDNSRecord($challenge['identifier'], $challenge['DNSDigest']);
-                printf(
-                    "DNS Challengage identifier = %s digest = %s\n",
-                    $challenge['identifier'],
-                    $challenge['DNSDigest']
-                );
-            }
-        }
-    }
+	if (!$order->allAuthorizationsValid()) {
+		// Get the DNS challenges from the pending authorizations.
+		$pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS);
+		// Walk the list of pending authorization DNS challenges.
+		if (!empty($pending)) {
+			foreach ($pending as $challenge) {
+				// For the purpose of this example, a fictitious functions creates or updates the ACME challenge DNS
+				// record for this domain.
+				//setDNSRecord($challenge['identifier'], $challenge['DNSDigest']);
+				printf(
+					"DNS Challengage identifier = %s digest = %s\n",
+					$challenge['identifier'],
+					$challenge['DNSDigest']
+				);
+			}
+		}
+	}
 }
 catch (\Exception $e) {
-    echo $e->getMessage()."\n";
-    echo $e->getTraceAsString()."\n";
+	echo $e->getMessage()."\n";
+	echo $e->getTraceAsString()."\n";
 
-    echo "\nDiagnostic logs\n";
-    $logger->dumpConsole();
-    exit;
+	echo "\nDiagnostic logs\n";
+	$logger->dumpConsole();
+	exit;
 }
 
 echo "\nDiagnostic logs\n";

Spacing +4 added lines, -4 removed lines

@@ -1,7 +1,7 @@ 
 <?php
 namespace Elphin\LEClient;
 
-require_once(__DIR__.'/../vendor/autoload.php');
+require_once(__DIR__ . '/../vendor/autoload.php');
 
 //Sets the maximum execution time to two minutes, to be sure.
 ini_set('max_execution_time', 120);
@@ -15,7 +15,7 @@ 
 
 $email = ['paul@elphin.com'];
 $basename = 'le.dixo.net';
-$domains=['le.dixo.net'];
+$domains = ['le.dixo.net'];
 
 $logger = new DiagnosticLogger;
 
@@ -46,8 +46,8 @@ 
     }
 }
 catch (\Exception $e) {
-    echo $e->getMessage()."\n";
-    echo $e->getTraceAsString()."\n";
+    echo $e->getMessage() . "\n";
+    echo $e->getTraceAsString() . "\n";
 
     echo "\nDiagnostic logs\n";
     $logger->dumpConsole();

Braces +1 added lines, -2 removed lines

@@ -44,8 +44,7 @@
             }
         }
     }
-}
-catch (\Exception $e) {
+} catch (\Exception $e) {
     echo $e->getMessage()."\n";
     echo $e->getTraceAsString()."\n";
 

examples/exampleDNSFinish.php

Indentation +2 added lines, -2 removed lines

@@ -49,8 +49,8 @@
 	if($order->isFinalized()) $order->getCertificate();
 
 	//finally, here's how we revoke
-    //echo "REVOKING...\n";
-    //$order->revokeCertificate();
+	//echo "REVOKING...\n";
+	//$order->revokeCertificate();
 }
 
 

Spacing +8 added lines, -8 removed lines

@@ -1,7 +1,7 @@ 
 <?php
 namespace Elphin\LEClient;
 
-require_once(__DIR__.'/../vendor/autoload.php');
+require_once(__DIR__ . '/../vendor/autoload.php');
 
 //Sets the maximum execution time to two minutes, to be sure.
 ini_set('max_execution_time', 120);
@@ -15,7 +15,7 @@ 
 
 $email = ['paul@elphin.com'];
 $basename = 'le.dixo.net';
-$domains=['le.dixo.net'];
+$domains = ['le.dixo.net'];
 
 $logger = new DiagnosticLogger;
 
@@ -26,14 +26,14 @@ 
 // in the array (argument 2) will be on the certificate.
 $order = $client->getOrCreateOrder($basename, $domains);
 // Check whether there are any authorizations pending. If that is the case, try to verify the pending authorizations.
-if(!$order->allAuthorizationsValid())
+if (!$order->allAuthorizationsValid())
 {
 	// Get the DNS challenges from the pending authorizations.
 	$pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_DNS);
 	// Walk the list of pending authorization DNS challenges.
-	if(!empty($pending))
+	if (!empty($pending))
 	{
-		foreach($pending as $challenge)
+		foreach ($pending as $challenge)
 		{
 			// Let LetsEncrypt verify this challenge, which should have been fulfilled in exampleDNSStart.php.
 			$order->verifyPendingOrderAuthorization($challenge['identifier'], LEOrder::CHALLENGE_TYPE_DNS);
@@ -41,12 +41,12 @@ 
 	}
 }
 // Check once more whether all authorizations are valid before we can finalize the order.
-if($order->allAuthorizationsValid())
+if ($order->allAuthorizationsValid())
 {
 	// Finalize the order first, if that is not yet done.
-	if(!$order->isFinalized()) $order->finalizeOrder();
+	if (!$order->isFinalized()) $order->finalizeOrder();
 	// Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate.
-	if($order->isFinalized()) $order->getCertificate();
+	if ($order->isFinalized()) $order->getCertificate();
 
 	//finally, here's how we revoke
     //echo "REVOKING...\n";

Braces +6 added lines, -2 removed lines

@@ -44,9 +44,13 @@
 if($order->allAuthorizationsValid())
 {
 	// Finalize the order first, if that is not yet done.
-	if(!$order->isFinalized()) $order->finalizeOrder();
+	if(!$order->isFinalized()) {
+		$order->finalizeOrder();
+	}
 	// Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate.
-	if($order->isFinalized()) $order->getCertificate();
+	if($order->isFinalized()) {
+		$order->getCertificate();
+	}
 
 	//finally, here's how we revoke
     //echo "REVOKING...\n";

examples/exampleHTTP.php

Indentation +1 added lines, -1 removed lines

@@ -32,7 +32,7 @@
 		foreach($pending as $challenge)
 		{
 			// Define the folder in which to store the challenge. For the purpose of this example, a fictitious path is
-            // set.
+			// set.
 			$folder = '/path/to/' . $challenge['identifier'] . '/.well-known/acme-challenge/';
 			// Check if that directory yet exists. If not, create it.
 			if(!file_exists($folder)) mkdir($folder, 0777, true);

Spacing +8 added lines, -8 removed lines

@@ -1,7 +1,7 @@ 
 <?php
 namespace Elphin\LEClient;
 
-require_once(__DIR__.'/../vendor/autoload.php');
+require_once(__DIR__ . '/../vendor/autoload.php');
 
 //Sets the maximum execution time to two minutes, to be sure.
 ini_set('max_execution_time', 120);
@@ -22,20 +22,20 @@ 
 // domains in the array (argument 2) will be on the certificate.
 $order = $client->getOrCreateOrder($basename, $domains);
 // Check whether there are any authorizations pending. If that is the case, try to verify the pending authorizations.
-if(!$order->allAuthorizationsValid())
+if (!$order->allAuthorizationsValid())
 {
 	// Get the HTTP challenges from the pending authorizations.
 	$pending = $order->getPendingAuthorizations(LEOrder::CHALLENGE_TYPE_HTTP);
 	// Walk the list of pending authorization HTTP challenges.
-	if(!empty($pending))
+	if (!empty($pending))
 	{
-		foreach($pending as $challenge)
+		foreach ($pending as $challenge)
 		{
 			// Define the folder in which to store the challenge. For the purpose of this example, a fictitious path is
             // set.
 			$folder = '/path/to/' . $challenge['identifier'] . '/.well-known/acme-challenge/';
 			// Check if that directory yet exists. If not, create it.
-			if(!file_exists($folder)) mkdir($folder, 0777, true);
+			if (!file_exists($folder)) mkdir($folder, 0777, true);
 			// Store the challenge file for this domain.
 			file_put_contents($folder . $challenge['filename'], $challenge['content']);
 			// Let LetsEncrypt verify this challenge.
@@ -44,12 +44,12 @@ 
 	}
 }
 // Check once more whether all authorizations are valid before we can finalize the order.
-if($order->allAuthorizationsValid())
+if ($order->allAuthorizationsValid())
 {
 	// Finalize the order first, if that is not yet done.
-	if(!$order->isFinalized()) $order->finalizeOrder();
+	if (!$order->isFinalized()) $order->finalizeOrder();
 	// Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate.
-	if($order->isFinalized()) $order->getCertificate();
+	if ($order->isFinalized()) $order->getCertificate();
 }
 
 echo "\nDiagnostic logs\n";

Braces +10 added lines, -4 removed lines

@@ -35,7 +35,9 @@ 
             // set.
 			$folder = '/path/to/' . $challenge['identifier'] . '/.well-known/acme-challenge/';
 			// Check if that directory yet exists. If not, create it.
-			if(!file_exists($folder)) mkdir($folder, 0777, true);
+			if(!file_exists($folder)) {
+				mkdir($folder, 0777, true);
+			}
 			// Store the challenge file for this domain.
 			file_put_contents($folder . $challenge['filename'], $challenge['content']);
 			// Let LetsEncrypt verify this challenge.
@@ -47,10 +49,14 @@ 
 if($order->allAuthorizationsValid())
 {
 	// Finalize the order first, if that is not yet done.
-	if(!$order->isFinalized()) $order->finalizeOrder();
+	if(!$order->isFinalized()) {
+		$order->finalizeOrder();
+	}
 	// Check whether the order has been finalized before we can get the certificate. If finalized, get the certificate.
-	if($order->isFinalized()) $order->getCertificate();
-}
+	if($order->isFinalized()) {
+		$order->getCertificate();
+	}
+	}
 
 echo "\nDiagnostic logs\n";
 $logger->dumpConsole();
\ No newline at end of file

src/LEAccount.php

Spacing +4 added lines, -4 removed lines

@@ -45,7 +45,7 @@ 
         $this->log = $log;
 
         if (empty($storage->getAccountPublicKey()) || empty($storage->getAccountPrivateKey())) {
-            $this->log->notice("No account found for ".implode(',', $email).", attempting to create account");
+            $this->log->notice("No account found for " . implode(',', $email) . ", attempting to create account");
 
             $accountKey = LEFunctions::RSAgenerateKeys();
             $storage->setAccountPublicKey($accountKey['public']);
@@ -70,7 +70,7 @@ 
      */
     private function createLEAccount($email)
     {
-        $contact = array_map(function ($addr) {
+        $contact = array_map(function($addr) {
             return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
         }, $email);
 
@@ -142,7 +142,7 @@ 
      */
     public function updateAccount($email)
     {
-        $contact = array_map(function ($addr) {
+        $contact = array_map(function($addr) {
             return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
         }, $email);
 
@@ -177,7 +177,7 @@ 
      */
     public function changeAccountKeys()
     {
-        $new=LEFunctions::RSAgenerateKeys();
+        $new = LEFunctions::RSAgenerateKeys();
 
         $privateKey = openssl_pkey_get_private($new['private']);
         if ($privateKey === false) {

Indentation +230 added lines, -230 removed lines

@@ -13,234 +13,234 @@
  */
 class LEAccount
 {
-    private $connector;
-
-    public $id;
-    public $key;
-    public $contact;
-    public $agreement;
-    public $initialIp;
-    public $createdAt;
-    public $status;
-
-    /** @var LoggerInterface  */
-    private $log;
-
-    /** @var CertificateStorageInterface */
-    private $storage;
-
-    /**
-     * Initiates the LetsEncrypt Account class.
-     *
-     * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
-     * @param LoggerInterface $log   PSR-3 compatible logger
-     * @param array $email           The array of strings containing e-mail addresses. Only used when creating a
-     *                               new account.
-     * @param AccountStorageInterface $storage  storage for account keys
-     */
-    public function __construct($connector, LoggerInterface $log, $email, AccountStorageInterface $storage)
-    {
-        $this->connector = $connector;
-        $this->storage = $storage;
-        $this->log = $log;
-
-        if (empty($storage->getAccountPublicKey()) || empty($storage->getAccountPrivateKey())) {
-            $this->log->notice("No account found for ".implode(',', $email).", attempting to create account");
-
-            $accountKey = LEFunctions::RSAgenerateKeys();
-            $storage->setAccountPublicKey($accountKey['public']);
-            $storage->setAccountPrivateKey($accountKey['private']);
-
-            $this->connector->accountURL = $this->createLEAccount($email);
-        } else {
-            $this->connector->accountURL = $this->getLEAccount();
-        }
-        if ($this->connector->accountURL === false) {
-            throw new RuntimeException('Account not found or deactivated.');
-        }
-        $this->getLEAccountData();
-    }
-
-    /**
-     * Creates a new LetsEncrypt account.
-     *
-     * @param array     $email  The array of strings containing e-mail addresses.
-     *
-     * @return string|bool   Returns the new account URL when the account was successfully created, false if not.
-     */
-    private function createLEAccount($email)
-    {
-        $contact = array_map(function ($addr) {
-            return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
-        }, $email);
-
-        $sign = $this->connector->signRequestJWK(
-            ['contact' => $contact, 'termsOfServiceAgreed' => true],
-            $this->connector->newAccount
-        );
-        $post = $this->connector->post($this->connector->newAccount, $sign);
-        if (strpos($post['header'], "201 Created") !== false) {
-            if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
-                return trim($matches[1]);
-            }
-        }
-        //@codeCoverageIgnoreStart
-        return false;
-        //@codeCoverageIgnoreEnd
-    }
-
-    /**
-     * Gets the LetsEncrypt account URL associated with the stored account keys.
-     *
-     * @return string|bool   Returns the account URL if it is found, or false when none is found.
-     */
-    private function getLEAccount()
-    {
-        $sign = $this->connector->signRequestJWK(['onlyReturnExisting' => true], $this->connector->newAccount);
-        $post = $this->connector->post($this->connector->newAccount, $sign);
-
-        if (strpos($post['header'], "200 OK") !== false) {
-            if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
-                return trim($matches[1]);
-            }
-        }
-        return false;
-    }
-
-    /**
-     * Gets the LetsEncrypt account data from the account URL.
-     */
-    private function getLEAccountData()
-    {
-        $sign = $this->connector->signRequestKid(
-            ['' => ''],
-            $this->connector->accountURL,
-            $this->connector->accountURL
-        );
-        $post = $this->connector->post($this->connector->accountURL, $sign);
-        if (strpos($post['header'], "200 OK") !== false) {
-            $this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
-            $this->key = $post['body']['key'];
-            $this->contact = $post['body']['contact'];
-            $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : null;
-            $this->initialIp = $post['body']['initialIp'];
-            $this->createdAt = $post['body']['createdAt'];
-            $this->status = $post['body']['status'];
-        } else {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('Account data cannot be found.');
-            //@codeCoverageIgnoreEnd
-        }
-    }
-
-    /**
-     * Updates account data. Now just supporting new contact information.
-     *
-     * @param array     $email  The array of strings containing e-mail adresses.
-     *
-     * @return boolean  Returns true if the update is successful, false if not.
-     */
-    public function updateAccount($email)
-    {
-        $contact = array_map(function ($addr) {
-            return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
-        }, $email);
-
-        $sign = $this->connector->signRequestKid(
-            ['contact' => $contact],
-            $this->connector->accountURL,
-            $this->connector->accountURL
-        );
-        $post = $this->connector->post($this->connector->accountURL, $sign);
-        if ($post['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('Unable to update account');
-            //@codeCoverageIgnoreEnd
-        }
-
-        $this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
-        $this->key = $post['body']['key'];
-        $this->contact = $post['body']['contact'];
-        $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : '';
-        $this->initialIp = $post['body']['initialIp'];
-        $this->createdAt = $post['body']['createdAt'];
-        $this->status = $post['body']['status'];
-
-        $this->log->notice('Account data updated');
-        return true;
-    }
-
-    /**
-     * Creates new RSA account keys and updates the keys with LetsEncrypt.
-     *
-     * @return boolean  Returns true if the update is successful, false if not.
-     */
-    public function changeAccountKeys()
-    {
-        $new=LEFunctions::RSAgenerateKeys();
-
-        $privateKey = openssl_pkey_get_private($new['private']);
-        if ($privateKey === false) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('Failed to open newly generated private key');
-            //@codeCoverageIgnoreEnd
-        }
-
-
-        $details = openssl_pkey_get_details($privateKey);
-        $innerPayload = ['account' => $this->connector->accountURL, 'newKey' => [
-            "kty" => "RSA",
-            "n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
-            "e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"])
-        ]];
-        $outerPayload = $this->connector->signRequestJWK(
-            $innerPayload,
-            $this->connector->keyChange,
-            $new['private']
-        );
-        $sign = $this->connector->signRequestKid(
-            $outerPayload,
-            $this->connector->accountURL,
-            $this->connector->keyChange
-        );
-        $post = $this->connector->post($this->connector->keyChange, $sign);
-        if ($post['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('Unable to post new account keys');
-            //@codeCoverageIgnoreEnd
-        }
-
-        $this->getLEAccountData();
-
-        $this->storage->setAccountPublicKey($new['public']);
-        $this->storage->setAccountPrivateKey($new['private']);
-
-        $this->log->notice('Account keys changed');
-        return true;
-    }
-
-    /**
-     * Deactivates the LetsEncrypt account.
-     *
-     * @return boolean  Returns true if the deactivation is successful, false if not.
-     */
-    public function deactivateAccount()
-    {
-        $sign = $this->connector->signRequestKid(
-            ['status' => 'deactivated'],
-            $this->connector->accountURL,
-            $this->connector->accountURL
-        );
-        $post = $this->connector->post($this->connector->accountURL, $sign);
-        if ($post['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            $this->log->error('Account deactivation failed');
-            return false;
-            //@codeCoverageIgnoreEnd
-        }
-
-        $this->connector->accountDeactivated = true;
-        $this->log->info('Account deactivated');
-        return true;
-    }
+	private $connector;
+
+	public $id;
+	public $key;
+	public $contact;
+	public $agreement;
+	public $initialIp;
+	public $createdAt;
+	public $status;
+
+	/** @var LoggerInterface  */
+	private $log;
+
+	/** @var CertificateStorageInterface */
+	private $storage;
+
+	/**
+	 * Initiates the LetsEncrypt Account class.
+	 *
+	 * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
+	 * @param LoggerInterface $log   PSR-3 compatible logger
+	 * @param array $email           The array of strings containing e-mail addresses. Only used when creating a
+	 *                               new account.
+	 * @param AccountStorageInterface $storage  storage for account keys
+	 */
+	public function __construct($connector, LoggerInterface $log, $email, AccountStorageInterface $storage)
+	{
+		$this->connector = $connector;
+		$this->storage = $storage;
+		$this->log = $log;
+
+		if (empty($storage->getAccountPublicKey()) || empty($storage->getAccountPrivateKey())) {
+			$this->log->notice("No account found for ".implode(',', $email).", attempting to create account");
+
+			$accountKey = LEFunctions::RSAgenerateKeys();
+			$storage->setAccountPublicKey($accountKey['public']);
+			$storage->setAccountPrivateKey($accountKey['private']);
+
+			$this->connector->accountURL = $this->createLEAccount($email);
+		} else {
+			$this->connector->accountURL = $this->getLEAccount();
+		}
+		if ($this->connector->accountURL === false) {
+			throw new RuntimeException('Account not found or deactivated.');
+		}
+		$this->getLEAccountData();
+	}
+
+	/**
+	 * Creates a new LetsEncrypt account.
+	 *
+	 * @param array     $email  The array of strings containing e-mail addresses.
+	 *
+	 * @return string|bool   Returns the new account URL when the account was successfully created, false if not.
+	 */
+	private function createLEAccount($email)
+	{
+		$contact = array_map(function ($addr) {
+			return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
+		}, $email);
+
+		$sign = $this->connector->signRequestJWK(
+			['contact' => $contact, 'termsOfServiceAgreed' => true],
+			$this->connector->newAccount
+		);
+		$post = $this->connector->post($this->connector->newAccount, $sign);
+		if (strpos($post['header'], "201 Created") !== false) {
+			if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
+				return trim($matches[1]);
+			}
+		}
+		//@codeCoverageIgnoreStart
+		return false;
+		//@codeCoverageIgnoreEnd
+	}
+
+	/**
+	 * Gets the LetsEncrypt account URL associated with the stored account keys.
+	 *
+	 * @return string|bool   Returns the account URL if it is found, or false when none is found.
+	 */
+	private function getLEAccount()
+	{
+		$sign = $this->connector->signRequestJWK(['onlyReturnExisting' => true], $this->connector->newAccount);
+		$post = $this->connector->post($this->connector->newAccount, $sign);
+
+		if (strpos($post['header'], "200 OK") !== false) {
+			if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
+				return trim($matches[1]);
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * Gets the LetsEncrypt account data from the account URL.
+	 */
+	private function getLEAccountData()
+	{
+		$sign = $this->connector->signRequestKid(
+			['' => ''],
+			$this->connector->accountURL,
+			$this->connector->accountURL
+		);
+		$post = $this->connector->post($this->connector->accountURL, $sign);
+		if (strpos($post['header'], "200 OK") !== false) {
+			$this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
+			$this->key = $post['body']['key'];
+			$this->contact = $post['body']['contact'];
+			$this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : null;
+			$this->initialIp = $post['body']['initialIp'];
+			$this->createdAt = $post['body']['createdAt'];
+			$this->status = $post['body']['status'];
+		} else {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('Account data cannot be found.');
+			//@codeCoverageIgnoreEnd
+		}
+	}
+
+	/**
+	 * Updates account data. Now just supporting new contact information.
+	 *
+	 * @param array     $email  The array of strings containing e-mail adresses.
+	 *
+	 * @return boolean  Returns true if the update is successful, false if not.
+	 */
+	public function updateAccount($email)
+	{
+		$contact = array_map(function ($addr) {
+			return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
+		}, $email);
+
+		$sign = $this->connector->signRequestKid(
+			['contact' => $contact],
+			$this->connector->accountURL,
+			$this->connector->accountURL
+		);
+		$post = $this->connector->post($this->connector->accountURL, $sign);
+		if ($post['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('Unable to update account');
+			//@codeCoverageIgnoreEnd
+		}
+
+		$this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
+		$this->key = $post['body']['key'];
+		$this->contact = $post['body']['contact'];
+		$this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : '';
+		$this->initialIp = $post['body']['initialIp'];
+		$this->createdAt = $post['body']['createdAt'];
+		$this->status = $post['body']['status'];
+
+		$this->log->notice('Account data updated');
+		return true;
+	}
+
+	/**
+	 * Creates new RSA account keys and updates the keys with LetsEncrypt.
+	 *
+	 * @return boolean  Returns true if the update is successful, false if not.
+	 */
+	public function changeAccountKeys()
+	{
+		$new=LEFunctions::RSAgenerateKeys();
+
+		$privateKey = openssl_pkey_get_private($new['private']);
+		if ($privateKey === false) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('Failed to open newly generated private key');
+			//@codeCoverageIgnoreEnd
+		}
+
+
+		$details = openssl_pkey_get_details($privateKey);
+		$innerPayload = ['account' => $this->connector->accountURL, 'newKey' => [
+			"kty" => "RSA",
+			"n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
+			"e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"])
+		]];
+		$outerPayload = $this->connector->signRequestJWK(
+			$innerPayload,
+			$this->connector->keyChange,
+			$new['private']
+		);
+		$sign = $this->connector->signRequestKid(
+			$outerPayload,
+			$this->connector->accountURL,
+			$this->connector->keyChange
+		);
+		$post = $this->connector->post($this->connector->keyChange, $sign);
+		if ($post['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('Unable to post new account keys');
+			//@codeCoverageIgnoreEnd
+		}
+
+		$this->getLEAccountData();
+
+		$this->storage->setAccountPublicKey($new['public']);
+		$this->storage->setAccountPrivateKey($new['private']);
+
+		$this->log->notice('Account keys changed');
+		return true;
+	}
+
+	/**
+	 * Deactivates the LetsEncrypt account.
+	 *
+	 * @return boolean  Returns true if the deactivation is successful, false if not.
+	 */
+	public function deactivateAccount()
+	{
+		$sign = $this->connector->signRequestKid(
+			['status' => 'deactivated'],
+			$this->connector->accountURL,
+			$this->connector->accountURL
+		);
+		$post = $this->connector->post($this->connector->accountURL, $sign);
+		if ($post['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			$this->log->error('Account deactivation failed');
+			return false;
+			//@codeCoverageIgnoreEnd
+		}
+
+		$this->connector->accountDeactivated = true;
+		$this->log->info('Account deactivated');
+		return true;
+	}
 }

src/DiagnosticLogger.php

Indentation +84 added lines, -84 removed lines

@@ -13,88 +13,88 @@
  */
 class DiagnosticLogger extends AbstractLogger
 {
-    private $logs = [];
-
-    public function log($level, $message, array $context = [])
-    {
-        $this->logs[] = [$level, $message, $context];
-    }
-
-    public function dumpConsole($useColours = true)
-    {
-        $colours = [
-            'alert' => "\e[97m\e[41m",
-            'emergency' => "\e[97m\e[41m",
-            'critical' => "\e[97m\e[41m",
-            'error' => "\e[91m",
-            'warning' => "\e[93m",
-            'notice' => "\e[96m",
-            'info' => "\e[92m",
-            'debug' => "\e[2m",
-        ];
-
-        $reset = $useColours ? "\e[0m" : '';
-
-        foreach ($this->logs as $log) {
-            $col = $useColours ? $colours[$log[0]] : '';
-            echo $col . $log[0] . ': ' . $this->interpolateMessage($log[1], $log[2]) . $reset . "\n";
-        }
-    }
-
-    public function dumpHTML($echo = true)
-    {
-        $html = '<div class="liblynx-diagnostic-log">';
-        $html .= '<table class="table"><thead><tr><th>Level</th><th>Message</th></tr></thead><tbody>';
-        $html .= "\n";
-
-        foreach ($this->logs as $log) {
-            $html .= '<tr class="level-' . $log[0] . '"><td>' . $log[0] . '</td><td>' .
-                htmlentities($this->interpolateMessage($log[1], $log[2])) .
-                "</td></tr>\n";
-        }
-        $html .= "</tbody></table></div>\n";
-
-        if ($echo) {
-            echo $html; //@codeCoverageIgnore
-        }
-        return $html;
-    }
-
-    /**
-     * Interpolates context values into the message placeholders.
-     */
-    private function interpolateMessage($message, array $context = [])
-    {
-        // build a replacement array with braces around the context keys
-        $replace = [];
-        foreach ($context as $key => $val) {
-            // check that the value can be casted to string
-            if (!is_array($val) && (!is_object($val) || method_exists($val, '__toString'))) {
-                $replace['{' . $key . '}'] = $val;
-            }
-        }
-
-        // interpolate replacement values into the message and return
-        return strtr($message, $replace);
-    }
-
-
-    public function cleanLogs()
-    {
-        $logs = $this->logs;
-        $this->logs = [];
-
-        return $logs;
-    }
-
-    public function countLogs($level)
-    {
-        $count = 0;
-        foreach ($this->logs as $log) {
-            if ($log[0] == $level) {
-                $count++;
-            }
-        }
-        return $count;
-    }
+	private $logs = [];
+
+	public function log($level, $message, array $context = [])
+	{
+		$this->logs[] = [$level, $message, $context];
+	}
+
+	public function dumpConsole($useColours = true)
+	{
+		$colours = [
+			'alert' => "\e[97m\e[41m",
+			'emergency' => "\e[97m\e[41m",
+			'critical' => "\e[97m\e[41m",
+			'error' => "\e[91m",
+			'warning' => "\e[93m",
+			'notice' => "\e[96m",
+			'info' => "\e[92m",
+			'debug' => "\e[2m",
+		];
+
+		$reset = $useColours ? "\e[0m" : '';
+
+		foreach ($this->logs as $log) {
+			$col = $useColours ? $colours[$log[0]] : '';
+			echo $col . $log[0] . ': ' . $this->interpolateMessage($log[1], $log[2]) . $reset . "\n";
+		}
+	}
+
+	public function dumpHTML($echo = true)
+	{
+		$html = '<div class="liblynx-diagnostic-log">';
+		$html .= '<table class="table"><thead><tr><th>Level</th><th>Message</th></tr></thead><tbody>';
+		$html .= "\n";
+
+		foreach ($this->logs as $log) {
+			$html .= '<tr class="level-' . $log[0] . '"><td>' . $log[0] . '</td><td>' .
+				htmlentities($this->interpolateMessage($log[1], $log[2])) .
+				"</td></tr>\n";
+		}
+		$html .= "</tbody></table></div>\n";
+
+		if ($echo) {
+			echo $html; //@codeCoverageIgnore
+		}
+		return $html;
+	}
+
+	/**
+	 * Interpolates context values into the message placeholders.
+	 */
+	private function interpolateMessage($message, array $context = [])
+	{
+		// build a replacement array with braces around the context keys
+		$replace = [];
+		foreach ($context as $key => $val) {
+			// check that the value can be casted to string
+			if (!is_array($val) && (!is_object($val) || method_exists($val, '__toString'))) {
+				$replace['{' . $key . '}'] = $val;
+			}
+		}
+
+		// interpolate replacement values into the message and return
+		return strtr($message, $replace);
+	}
+
+
+	public function cleanLogs()
+	{
+		$logs = $this->logs;
+		$this->logs = [];
+
+		return $logs;
+	}
+
+	public function countLogs($level)
+	{
+		$count = 0;
+		foreach ($this->logs as $log) {
+			if ($log[0] == $level) {
+				$count++;
+			}
+		}
+		return $count;
+	}
 }

src/FilesystemCertificateStorage.php

Spacing +7 added lines, -7 removed lines

@@ -14,7 +14,7 @@ 
 
     public function __construct($dir = null)
     {
-        $this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'certificates';
+        $this->dir = $dir ?? getcwd() . DIRECTORY_SEPARATOR . 'certificates';
 
         if (!is_dir($this->dir)) {
             /** @scrutinizer ignore-unhandled */ @mkdir($this->dir);
@@ -59,7 +59,7 @@ 
 
     private function getDomainKey($domain, $suffix)
     {
-        return str_replace('*', 'wildcard', $domain).'.'.$suffix;
+        return str_replace('*', 'wildcard', $domain) . '.' . $suffix;
     }
     /**
      * @inheritdoc
@@ -127,8 +127,8 @@ 
 
     private function getMetadataFilename($key)
     {
-        $key=str_replace('*', 'wildcard', $key);
-        $file=$this->dir.DIRECTORY_SEPARATOR.$key;
+        $key = str_replace('*', 'wildcard', $key);
+        $file = $this->dir . DIRECTORY_SEPARATOR . $key;
         return $file;
     }
     /**
@@ -136,7 +136,7 @@ 
      */
     public function getMetadata($key)
     {
-        $file=$this->getMetadataFilename($key);
+        $file = $this->getMetadataFilename($key);
         if (!file_exists($file)) {
             return null;
         }
@@ -148,7 +148,7 @@ 
      */
     public function setMetadata($key, $value)
     {
-        $file=$this->getMetadataFilename($key);
+        $file = $this->getMetadataFilename($key);
         if (is_null($value)) {
             //nothing to store, ensure file is removed
             if (file_exists($file)) {
@@ -164,7 +164,7 @@ 
      */
     public function hasMetadata($key)
     {
-        $file=$this->getMetadataFilename($key);
+        $file = $this->getMetadataFilename($key);
         return file_exists($file);
     }
 }

Indentation +124 added lines, -124 removed lines

@@ -10,128 +10,128 @@
  */
 class FilesystemCertificateStorage implements CertificateStorageInterface
 {
-    private $dir;
-
-    public function __construct($dir = null)
-    {
-        $this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'certificates';
-
-        if (!is_dir($this->dir)) {
-            /** @scrutinizer ignore-unhandled */ @mkdir($this->dir);
-        }
-        if (!is_writable($this->dir)) {
-            throw new RuntimeException("{$this->dir} is not writable");
-        }
-    }
-
-    private function getDomainKey($domain, $suffix)
-    {
-        return str_replace('*', 'wildcard', $domain).'.'.$suffix;
-    }
-    /**
-     * @inheritdoc
-     */
-    public function getCertificate($domain)
-    {
-        return $this->getMetadata($this->getDomainKey($domain, 'crt'));
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setCertificate($domain, $certificate)
-    {
-        $this->setMetadata($this->getDomainKey($domain, 'crt'), $certificate);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function getFullChainCertificate($domain)
-    {
-        return $this->getMetadata($this->getDomainKey($domain, 'fullchain.crt'));
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setFullChainCertificate($domain, $certificate)
-    {
-        $this->setMetadata($this->getDomainKey($domain, 'fullchain.crt'), $certificate);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function getPrivateKey($domain)
-    {
-        return $this->getMetadata($this->getDomainKey($domain, 'key'));
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setPrivateKey($domain, $key)
-    {
-        $this->setMetadata($this->getDomainKey($domain, 'key'), $key);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function getPublicKey($domain)
-    {
-        return $this->getMetadata($this->getDomainKey($domain, 'public'));
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setPublicKey($domain, $key)
-    {
-        $this->setMetadata($this->getDomainKey($domain, 'public'), $key);
-    }
-
-    private function getMetadataFilename($key)
-    {
-        $key=str_replace('*', 'wildcard', $key);
-        $file=$this->dir.DIRECTORY_SEPARATOR.$key;
-        return $file;
-    }
-    /**
-     * @inheritdoc
-     */
-    public function getMetadata($key)
-    {
-        $file=$this->getMetadataFilename($key);
-        if (!file_exists($file)) {
-            return null;
-        }
-        return file_get_contents($file);
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function setMetadata($key, $value)
-    {
-        $file=$this->getMetadataFilename($key);
-        if (is_null($value)) {
-            //nothing to store, ensure file is removed
-            if (file_exists($file)) {
-                unlink($file);
-            }
-        } else {
-            file_put_contents($file, $value);
-        }
-    }
-
-    /**
-     * @inheritdoc
-     */
-    public function hasMetadata($key)
-    {
-        $file=$this->getMetadataFilename($key);
-        return file_exists($file);
-    }
+	private $dir;
+
+	public function __construct($dir = null)
+	{
+		$this->dir = $dir ?? getcwd().DIRECTORY_SEPARATOR.'certificates';
+
+		if (!is_dir($this->dir)) {
+			/** @scrutinizer ignore-unhandled */ @mkdir($this->dir);
+		}
+		if (!is_writable($this->dir)) {
+			throw new RuntimeException("{$this->dir} is not writable");
+		}
+	}
+
+	private function getDomainKey($domain, $suffix)
+	{
+		return str_replace('*', 'wildcard', $domain).'.'.$suffix;
+	}
+	/**
+	 * @inheritdoc
+	 */
+	public function getCertificate($domain)
+	{
+		return $this->getMetadata($this->getDomainKey($domain, 'crt'));
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setCertificate($domain, $certificate)
+	{
+		$this->setMetadata($this->getDomainKey($domain, 'crt'), $certificate);
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getFullChainCertificate($domain)
+	{
+		return $this->getMetadata($this->getDomainKey($domain, 'fullchain.crt'));
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setFullChainCertificate($domain, $certificate)
+	{
+		$this->setMetadata($this->getDomainKey($domain, 'fullchain.crt'), $certificate);
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getPrivateKey($domain)
+	{
+		return $this->getMetadata($this->getDomainKey($domain, 'key'));
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setPrivateKey($domain, $key)
+	{
+		$this->setMetadata($this->getDomainKey($domain, 'key'), $key);
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function getPublicKey($domain)
+	{
+		return $this->getMetadata($this->getDomainKey($domain, 'public'));
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setPublicKey($domain, $key)
+	{
+		$this->setMetadata($this->getDomainKey($domain, 'public'), $key);
+	}
+
+	private function getMetadataFilename($key)
+	{
+		$key=str_replace('*', 'wildcard', $key);
+		$file=$this->dir.DIRECTORY_SEPARATOR.$key;
+		return $file;
+	}
+	/**
+	 * @inheritdoc
+	 */
+	public function getMetadata($key)
+	{
+		$file=$this->getMetadataFilename($key);
+		if (!file_exists($file)) {
+			return null;
+		}
+		return file_get_contents($file);
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function setMetadata($key, $value)
+	{
+		$file=$this->getMetadataFilename($key);
+		if (is_null($value)) {
+			//nothing to store, ensure file is removed
+			if (file_exists($file)) {
+				unlink($file);
+			}
+		} else {
+			file_put_contents($file, $value);
+		}
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	public function hasMetadata($key)
+	{
+		$file=$this->getMetadataFilename($key);
+		return file_exists($file);
+	}
 }

src/LEConnector.php

Spacing +1 added lines, -1 removed lines

@@ -154,7 +154,7 @@
             //4xx/5xx failures are not expected and we throw exceptions for them
             $msg = "$method $URL failed";
             if ($e->hasResponse()) {
-                $body = (string)$e->getResponse()->getBody();
+                $body = (string) $e->getResponse()->getBody();
                 $json = json_decode($body, true);
                 if (!empty($json) && isset($json['detail'])) {
                     $msg .= " ({$json['detail']})";

Indentation +331 added lines, -331 removed lines

@@ -21,335 +21,335 @@
  */
 class LEConnector
 {
-    public $baseURL;
-
-    private $nonce;
-
-    public $keyChange;
-    public $newAccount;
-    public $newNonce;
-    public $newOrder;
-    public $revokeCert;
-
-    public $accountURL;
-    public $accountDeactivated = false;
-
-    /** @var LoggerInterface */
-    private $log;
-
-    /** @var ClientInterface */
-    private $httpClient;
-
-    /** @var AccountStorageInterface */
-    private $storage;
-
-    /**
-     * Initiates the LetsEncrypt Connector class.
-     *
-     * @param LoggerInterface $log
-     * @param ClientInterface $httpClient
-     * @param string $baseURL The LetsEncrypt server URL to make requests to.
-     * @param AccountStorageInterface $storage
-     */
-    public function __construct(
-        LoggerInterface $log,
-        ClientInterface $httpClient,
-        $baseURL,
-        AccountStorageInterface $storage
-    ) {
-
-        $this->baseURL = $baseURL;
-        $this->storage = $storage;
-        $this->log = $log;
-        $this->httpClient = $httpClient;
-
-        $this->getLEDirectory();
-        $this->getNewNonce();
-    }
-
-    /**
-     * Requests the LetsEncrypt Directory and stores the necessary URLs in this LetsEncrypt Connector instance.
-     */
-    private function getLEDirectory()
-    {
-        $req = $this->get('/directory');
-        $this->keyChange = $req['body']['keyChange'];
-        $this->newAccount = $req['body']['newAccount'];
-        $this->newNonce = $req['body']['newNonce'];
-        $this->newOrder = $req['body']['newOrder'];
-        $this->revokeCert = $req['body']['revokeCert'];
-    }
-
-    /**
-     * Requests a new nonce from the LetsEncrypt server and stores it in this LetsEncrypt Connector instance.
-     */
-    private function getNewNonce()
-    {
-        $result = $this->head($this->newNonce);
-
-        if ($result['status'] !== 200) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException("No new nonce - fetched {$this->newNonce} got " . $result['header']);
-            //@codeCoverageIgnoreEnd
-        }
-    }
-
-    /**
-     * Makes a request to the HTTP challenge URL and checks whether the authorization is valid for the given $domain.
-     *
-     * @param string $domain The domain to check the authorization for.
-     * @param string $token The token (filename) to request.
-     * @param string $keyAuthorization the keyAuthorization (file content) to compare.
-     *
-     * @return boolean  Returns true if the challenge is valid, false if not.
-     */
-    public function checkHTTPChallenge($domain, $token, $keyAuthorization)
-    {
-        $requestURL = $domain . '/.well-known/acme-challenge/' . $token;
-
-        $request = new Request('GET', $requestURL);
-
-        try {
-            $response = $this->httpClient->send($request);
-        } catch (\Exception $e) {
-            $this->log->warning(
-                "HTTP check on $requestURL failed ({msg})",
-                ['msg' => $e->getMessage()]
-            );
-            return false;
-        }
-
-        $content = $response->getBody()->getContents();
-        return $content == $keyAuthorization;
-    }
-
-    /**
-     * Makes a Curl request.
-     *
-     * @param string $method The HTTP method to use. Accepting GET, POST and HEAD requests.
-     * @param string $URL The URL or partial URL to make the request to.
-     *                       If it is partial, the baseURL will be prepended.
-     * @param string $data The body to attach to a POST request. Expected as a JSON encoded string.
-     *
-     * @return array Returns an array with the keys 'request', 'header' and 'body'.
-     */
-    private function request($method, $URL, $data = null)
-    {
-        if ($this->accountDeactivated) {
-            throw new LogicException('The account was deactivated. No further requests can be made.');
-        }
-
-        $requestURL = preg_match('~^http~', $URL) ? $URL : $this->baseURL . $URL;
-
-        $hdrs = ['Accept' => 'application/json'];
-        if (!empty($data)) {
-            $hdrs['Content-Type'] = 'application/jose+json';
-        }
-
-        $request = new Request($method, $requestURL, $hdrs, $data);
-
-        try {
-            $response = $this->httpClient->send($request);
-        } catch (BadResponseException $e) {
-            //4xx/5xx failures are not expected and we throw exceptions for them
-            $msg = "$method $URL failed";
-            if ($e->hasResponse()) {
-                $body = (string)$e->getResponse()->getBody();
-                $json = json_decode($body, true);
-                if (!empty($json) && isset($json['detail'])) {
-                    $msg .= " ({$json['detail']})";
-                }
-            }
-            throw new RuntimeException($msg, 0, $e);
-        } catch (GuzzleException $e) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException("$method $URL failed", 0, $e);
-            //@codeCoverageIgnoreEnd
-        }
-
-        //uncomment this to generate a test simulation of this request
-        //TestResponseGenerator::dumpTestSimulation($method, $requestURL, $response);
-
-        $this->maintainNonce($method, $response);
-
-        return $this->formatResponse($method, $requestURL, $response);
-    }
-
-    private function formatResponse($method, $requestURL, ResponseInterface $response)
-    {
-        $body = $response->getBody();
-
-        $header = $response->getStatusCode() . ' ' . $response->getReasonPhrase() . "\n";
-        $allHeaders = $response->getHeaders();
-        foreach ($allHeaders as $name => $values) {
-            foreach ($values as $value) {
-                $header .= "$name: $value\n";
-            }
-        }
-
-        $decoded = $body;
-        if ($response->getHeaderLine('Content-Type') === 'application/json') {
-            $decoded = json_decode($body, true);
-            if (!$decoded) {
-                //@codeCoverageIgnoreStart
-                throw new RuntimeException('Bad JSON received ' . $body);
-                //@codeCoverageIgnoreEnd
-            }
-        }
-
-        $jsonresponse = [
-            'request' => $method . ' ' . $requestURL,
-            'header' => $header,
-            'body' => $decoded,
-            'raw' => $body,
-            'status' => $response->getStatusCode()
-        ];
-
-        //$this->log->debug('{request} got {status} header = {header} body = {raw}', $jsonresponse);
-
-        return $jsonresponse;
-    }
-
-    private function maintainNonce($requestMethod, ResponseInterface $response)
-    {
-        if ($response->hasHeader('Replay-Nonce')) {
-            $this->nonce = $response->getHeader('Replay-Nonce')[0];
-            $this->log->debug("got new nonce " . $this->nonce);
-        } elseif ($requestMethod == 'POST') {
-            $this->getNewNonce(); // Not expecting a new nonce with GET and HEAD requests.
-        }
-    }
-
-    /**
-     * Makes a GET request.
-     *
-     * @param string $url The URL or partial URL to make the request to.
-     *                    If it is partial, the baseURL will be prepended.
-     *
-     * @return array Returns an array with the keys 'request', 'header' and 'body'.
-     */
-    public function get($url)
-    {
-        return $this->request('GET', $url);
-    }
-
-    /**
-     * Makes a POST request.
-     *
-     * @param string $url The URL or partial URL for the request to. If it is partial, the baseURL will be prepended.
-     * @param string $data The body to attach to a POST request. Expected as a json string.
-     *
-     * @return array Returns an array with the keys 'request', 'header' and 'body'.
-     */
-    public function post($url, $data = null)
-    {
-        return $this->request('POST', $url, $data);
-    }
-
-    /**
-     * Makes a HEAD request.
-     *
-     * @param string $url The URL or partial URL to make the request to.
-     *                    If it is partial, the baseURL will be prepended.
-     *
-     * @return array Returns an array with the keys 'request', 'header' and 'body'.
-     */
-    public function head($url)
-    {
-        return $this->request('HEAD', $url);
-    }
-
-    /**
-     * Generates a JSON Web Key signature to attach to the request.
-     *
-     * @param array|string $payload The payload to add to the signature.
-     * @param string $url The URL to use in the signature.
-     * @param string $privateKey The private key to sign the request with.
-     *
-     * @return string   Returns a JSON encoded string containing the signature.
-     */
-    public function signRequestJWK($payload, $url, $privateKey = '')
-    {
-        if ($privateKey == '') {
-            $privateKey = $this->storage->getAccountPrivateKey();
-        }
-        $privateKey = openssl_pkey_get_private($privateKey);
-        if ($privateKey === false) {
-            //@codeCoverageIgnoreStart
-            throw new RuntimeException('LEConnector::signRequestJWK failed to get private key');
-            //@codeCoverageIgnoreEnd
-        }
-
-        $details = openssl_pkey_get_details($privateKey);
-
-        $protected = [
-            "alg" => "RS256",
-            "jwk" => [
-                "kty" => "RSA",
-                "n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
-                "e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]),
-            ],
-            "nonce" => $this->nonce,
-            "url" => $url
-        ];
-
-        $payload64 = LEFunctions::base64UrlSafeEncode(
-            str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload)
-        );
-        $protected64 = LEFunctions::base64UrlSafeEncode(json_encode($protected));
-
-        openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, OPENSSL_ALGO_SHA256);
-        $signed64 = LEFunctions::base64UrlSafeEncode($signed);
-
-        $data = [
-            'protected' => $protected64,
-            'payload' => $payload64,
-            'signature' => $signed64
-        ];
-
-        return json_encode($data);
-    }
-
-    /**
-     * Generates a Key ID signature to attach to the request.
-     *
-     * @param array|string $payload The payload to add to the signature.
-     * @param string $kid The Key ID to use in the signature.
-     * @param string $url The URL to use in the signature.
-     * @param string $privateKey The private key to sign the request with. Defaults to account key
-     *
-     * @return string   Returns a JSON encoded string containing the signature.
-     */
-    public function signRequestKid($payload, $kid, $url, $privateKey = '')
-    {
-        if ($privateKey == '') {
-            $privateKey = $this->storage->getAccountPrivateKey();
-        }
-        $privateKey = openssl_pkey_get_private($privateKey);
-
-        //$details = openssl_pkey_get_details($privateKey);
-
-        $protected = [
-            "alg" => "RS256",
-            "kid" => $kid,
-            "nonce" => $this->nonce,
-            "url" => $url
-        ];
-
-        $payload64 = LEFunctions::base64UrlSafeEncode(
-            str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload)
-        );
-        $protected64 = LEFunctions::base64UrlSafeEncode(json_encode($protected));
-
-        openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, OPENSSL_ALGO_SHA256);
-        $signed64 = LEFunctions::base64UrlSafeEncode($signed);
-
-        $data = [
-            'protected' => $protected64,
-            'payload' => $payload64,
-            'signature' => $signed64
-        ];
-
-        return json_encode($data);
-    }
+	public $baseURL;
+
+	private $nonce;
+
+	public $keyChange;
+	public $newAccount;
+	public $newNonce;
+	public $newOrder;
+	public $revokeCert;
+
+	public $accountURL;
+	public $accountDeactivated = false;
+
+	/** @var LoggerInterface */
+	private $log;
+
+	/** @var ClientInterface */
+	private $httpClient;
+
+	/** @var AccountStorageInterface */
+	private $storage;
+
+	/**
+	 * Initiates the LetsEncrypt Connector class.
+	 *
+	 * @param LoggerInterface $log
+	 * @param ClientInterface $httpClient
+	 * @param string $baseURL The LetsEncrypt server URL to make requests to.
+	 * @param AccountStorageInterface $storage
+	 */
+	public function __construct(
+		LoggerInterface $log,
+		ClientInterface $httpClient,
+		$baseURL,
+		AccountStorageInterface $storage
+	) {
+
+		$this->baseURL = $baseURL;
+		$this->storage = $storage;
+		$this->log = $log;
+		$this->httpClient = $httpClient;
+
+		$this->getLEDirectory();
+		$this->getNewNonce();
+	}
+
+	/**
+	 * Requests the LetsEncrypt Directory and stores the necessary URLs in this LetsEncrypt Connector instance.
+	 */
+	private function getLEDirectory()
+	{
+		$req = $this->get('/directory');
+		$this->keyChange = $req['body']['keyChange'];
+		$this->newAccount = $req['body']['newAccount'];
+		$this->newNonce = $req['body']['newNonce'];
+		$this->newOrder = $req['body']['newOrder'];
+		$this->revokeCert = $req['body']['revokeCert'];
+	}
+
+	/**
+	 * Requests a new nonce from the LetsEncrypt server and stores it in this LetsEncrypt Connector instance.
+	 */
+	private function getNewNonce()
+	{
+		$result = $this->head($this->newNonce);
+
+		if ($result['status'] !== 200) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException("No new nonce - fetched {$this->newNonce} got " . $result['header']);
+			//@codeCoverageIgnoreEnd
+		}
+	}
+
+	/**
+	 * Makes a request to the HTTP challenge URL and checks whether the authorization is valid for the given $domain.
+	 *
+	 * @param string $domain The domain to check the authorization for.
+	 * @param string $token The token (filename) to request.
+	 * @param string $keyAuthorization the keyAuthorization (file content) to compare.
+	 *
+	 * @return boolean  Returns true if the challenge is valid, false if not.
+	 */
+	public function checkHTTPChallenge($domain, $token, $keyAuthorization)
+	{
+		$requestURL = $domain . '/.well-known/acme-challenge/' . $token;
+
+		$request = new Request('GET', $requestURL);
+
+		try {
+			$response = $this->httpClient->send($request);
+		} catch (\Exception $e) {
+			$this->log->warning(
+				"HTTP check on $requestURL failed ({msg})",
+				['msg' => $e->getMessage()]
+			);
+			return false;
+		}
+
+		$content = $response->getBody()->getContents();
+		return $content == $keyAuthorization;
+	}
+
+	/**
+	 * Makes a Curl request.
+	 *
+	 * @param string $method The HTTP method to use. Accepting GET, POST and HEAD requests.
+	 * @param string $URL The URL or partial URL to make the request to.
+	 *                       If it is partial, the baseURL will be prepended.
+	 * @param string $data The body to attach to a POST request. Expected as a JSON encoded string.
+	 *
+	 * @return array Returns an array with the keys 'request', 'header' and 'body'.
+	 */
+	private function request($method, $URL, $data = null)
+	{
+		if ($this->accountDeactivated) {
+			throw new LogicException('The account was deactivated. No further requests can be made.');
+		}
+
+		$requestURL = preg_match('~^http~', $URL) ? $URL : $this->baseURL . $URL;
+
+		$hdrs = ['Accept' => 'application/json'];
+		if (!empty($data)) {
+			$hdrs['Content-Type'] = 'application/jose+json';
+		}
+
+		$request = new Request($method, $requestURL, $hdrs, $data);
+
+		try {
+			$response = $this->httpClient->send($request);
+		} catch (BadResponseException $e) {
+			//4xx/5xx failures are not expected and we throw exceptions for them
+			$msg = "$method $URL failed";
+			if ($e->hasResponse()) {
+				$body = (string)$e->getResponse()->getBody();
+				$json = json_decode($body, true);
+				if (!empty($json) && isset($json['detail'])) {
+					$msg .= " ({$json['detail']})";
+				}
+			}
+			throw new RuntimeException($msg, 0, $e);
+		} catch (GuzzleException $e) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException("$method $URL failed", 0, $e);
+			//@codeCoverageIgnoreEnd
+		}
+
+		//uncomment this to generate a test simulation of this request
+		//TestResponseGenerator::dumpTestSimulation($method, $requestURL, $response);
+
+		$this->maintainNonce($method, $response);
+
+		return $this->formatResponse($method, $requestURL, $response);
+	}
+
+	private function formatResponse($method, $requestURL, ResponseInterface $response)
+	{
+		$body = $response->getBody();
+
+		$header = $response->getStatusCode() . ' ' . $response->getReasonPhrase() . "\n";
+		$allHeaders = $response->getHeaders();
+		foreach ($allHeaders as $name => $values) {
+			foreach ($values as $value) {
+				$header .= "$name: $value\n";
+			}
+		}
+
+		$decoded = $body;
+		if ($response->getHeaderLine('Content-Type') === 'application/json') {
+			$decoded = json_decode($body, true);
+			if (!$decoded) {
+				//@codeCoverageIgnoreStart
+				throw new RuntimeException('Bad JSON received ' . $body);
+				//@codeCoverageIgnoreEnd
+			}
+		}
+
+		$jsonresponse = [
+			'request' => $method . ' ' . $requestURL,
+			'header' => $header,
+			'body' => $decoded,
+			'raw' => $body,
+			'status' => $response->getStatusCode()
+		];
+
+		//$this->log->debug('{request} got {status} header = {header} body = {raw}', $jsonresponse);
+
+		return $jsonresponse;
+	}
+
+	private function maintainNonce($requestMethod, ResponseInterface $response)
+	{
+		if ($response->hasHeader('Replay-Nonce')) {
+			$this->nonce = $response->getHeader('Replay-Nonce')[0];
+			$this->log->debug("got new nonce " . $this->nonce);
+		} elseif ($requestMethod == 'POST') {
+			$this->getNewNonce(); // Not expecting a new nonce with GET and HEAD requests.
+		}
+	}
+
+	/**
+	 * Makes a GET request.
+	 *
+	 * @param string $url The URL or partial URL to make the request to.
+	 *                    If it is partial, the baseURL will be prepended.
+	 *
+	 * @return array Returns an array with the keys 'request', 'header' and 'body'.
+	 */
+	public function get($url)
+	{
+		return $this->request('GET', $url);
+	}
+
+	/**
+	 * Makes a POST request.
+	 *
+	 * @param string $url The URL or partial URL for the request to. If it is partial, the baseURL will be prepended.
+	 * @param string $data The body to attach to a POST request. Expected as a json string.
+	 *
+	 * @return array Returns an array with the keys 'request', 'header' and 'body'.
+	 */
+	public function post($url, $data = null)
+	{
+		return $this->request('POST', $url, $data);
+	}
+
+	/**
+	 * Makes a HEAD request.
+	 *
+	 * @param string $url The URL or partial URL to make the request to.
+	 *                    If it is partial, the baseURL will be prepended.
+	 *
+	 * @return array Returns an array with the keys 'request', 'header' and 'body'.
+	 */
+	public function head($url)
+	{
+		return $this->request('HEAD', $url);
+	}
+
+	/**
+	 * Generates a JSON Web Key signature to attach to the request.
+	 *
+	 * @param array|string $payload The payload to add to the signature.
+	 * @param string $url The URL to use in the signature.
+	 * @param string $privateKey The private key to sign the request with.
+	 *
+	 * @return string   Returns a JSON encoded string containing the signature.
+	 */
+	public function signRequestJWK($payload, $url, $privateKey = '')
+	{
+		if ($privateKey == '') {
+			$privateKey = $this->storage->getAccountPrivateKey();
+		}
+		$privateKey = openssl_pkey_get_private($privateKey);
+		if ($privateKey === false) {
+			//@codeCoverageIgnoreStart
+			throw new RuntimeException('LEConnector::signRequestJWK failed to get private key');
+			//@codeCoverageIgnoreEnd
+		}
+
+		$details = openssl_pkey_get_details($privateKey);
+
+		$protected = [
+			"alg" => "RS256",
+			"jwk" => [
+				"kty" => "RSA",
+				"n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
+				"e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"]),
+			],
+			"nonce" => $this->nonce,
+			"url" => $url
+		];
+
+		$payload64 = LEFunctions::base64UrlSafeEncode(
+			str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload)
+		);
+		$protected64 = LEFunctions::base64UrlSafeEncode(json_encode($protected));
+
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, OPENSSL_ALGO_SHA256);
+		$signed64 = LEFunctions::base64UrlSafeEncode($signed);
+
+		$data = [
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		];
+
+		return json_encode($data);
+	}
+
+	/**
+	 * Generates a Key ID signature to attach to the request.
+	 *
+	 * @param array|string $payload The payload to add to the signature.
+	 * @param string $kid The Key ID to use in the signature.
+	 * @param string $url The URL to use in the signature.
+	 * @param string $privateKey The private key to sign the request with. Defaults to account key
+	 *
+	 * @return string   Returns a JSON encoded string containing the signature.
+	 */
+	public function signRequestKid($payload, $kid, $url, $privateKey = '')
+	{
+		if ($privateKey == '') {
+			$privateKey = $this->storage->getAccountPrivateKey();
+		}
+		$privateKey = openssl_pkey_get_private($privateKey);
+
+		//$details = openssl_pkey_get_details($privateKey);
+
+		$protected = [
+			"alg" => "RS256",
+			"kid" => $kid,
+			"nonce" => $this->nonce,
+			"url" => $url
+		];
+
+		$payload64 = LEFunctions::base64UrlSafeEncode(
+			str_replace('\\/', '/', is_array($payload) ? json_encode($payload) : $payload)
+		);
+		$protected64 = LEFunctions::base64UrlSafeEncode(json_encode($protected));
+
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, OPENSSL_ALGO_SHA256);
+		$signed64 = LEFunctions::base64UrlSafeEncode($signed);
+
+		$data = [
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		];
+
+		return json_encode($data);
+	}
 }

src/LEFunctions.php

Indentation +102 added lines, -102 removed lines

@@ -14,106 +14,106 @@
  */
 class LEFunctions
 {
-    /**
-     * Generates a new RSA keypair and returns both
-     *
-     * @param integer $keySize RSA key size, must be between 2048 and 4096 (default is 4096)
-     * @return array containing public and private indexes containing the new keys
-     */
-    public static function RSAGenerateKeys($keySize = 4096)
-    {
-
-        if ($keySize < 2048 || $keySize > 4096) {
-            throw new LogicException("RSA key size must be between 2048 and 4096");
-        }
-
-        $res = openssl_pkey_new([
-            "private_key_type" => OPENSSL_KEYTYPE_RSA,
-            "private_key_bits" => intval($keySize),
-        ]);
-
-        if (!openssl_pkey_export($res, $privateKey)) {
-            throw new RuntimeException("RSA keypair export failed!"); //@codeCoverageIgnore
-        }
-
-        $details = openssl_pkey_get_details($res);
-
-        $result = ['public' => $details['key'], 'private' => $privateKey];
-
-        openssl_pkey_free($res);
-
-        return $result;
-    }
-
-
-    /**
-     * Generates a new EC prime256v1 keypair and saves both keys to a new file.
-     *
-     * @param integer $keySize EC key size, possible values are 256 (prime256v1) or 384 (secp384r1),
-     *                               default is 256
-     * @return array containing public and private indexes containing the new keys
-     */
-    public static function ECGenerateKeys($keySize = 256)
-    {
-        if (version_compare(PHP_VERSION, '7.1.0') == -1) {
-            throw new RuntimeException("PHP 7.1+ required for EC keys"); //@codeCoverageIgnore
-        }
-
-        if ($keySize == 256) {
-            $res = openssl_pkey_new([
-                "private_key_type" => OPENSSL_KEYTYPE_EC,
-                "curve_name" => "prime256v1",
-            ]);
-        } elseif ($keySize == 384) {
-            $res = openssl_pkey_new([
-                "private_key_type" => OPENSSL_KEYTYPE_EC,
-                "curve_name" => "secp384r1",
-            ]);
-        } else {
-            throw new LogicException("EC key size must be 256 or 384");
-        }
-
-
-        if (!openssl_pkey_export($res, $privateKey)) {
-            throw new RuntimeException("EC keypair export failed!"); //@codeCoverageIgnore
-        }
-
-        $details = openssl_pkey_get_details($res);
-
-        $result = ['public' => $details['key'], 'private' => $privateKey];
-
-        openssl_pkey_free($res);
-
-        return $result;
-    }
-
-
-    /**
-     * Encodes a string input to a base64 encoded string which is URL safe.
-     *
-     * @param string $input The input string to encode.
-     *
-     * @return string   Returns a URL safe base64 encoded string.
-     */
-    public static function base64UrlSafeEncode($input)
-    {
-        return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
-    }
-
-    /**
-     * Decodes a string that is URL safe base64 encoded.
-     *
-     * @param string $input The encoded input string to decode.
-     *
-     * @return string   Returns the decoded input string.
-     */
-    public static function base64UrlSafeDecode($input)
-    {
-        $remainder = strlen($input) % 4;
-        if ($remainder) {
-            $padlen = 4 - $remainder;
-            $input .= str_repeat('=', $padlen);
-        }
-        return base64_decode(strtr($input, '-_', '+/'));
-    }
+	/**
+	 * Generates a new RSA keypair and returns both
+	 *
+	 * @param integer $keySize RSA key size, must be between 2048 and 4096 (default is 4096)
+	 * @return array containing public and private indexes containing the new keys
+	 */
+	public static function RSAGenerateKeys($keySize = 4096)
+	{
+
+		if ($keySize < 2048 || $keySize > 4096) {
+			throw new LogicException("RSA key size must be between 2048 and 4096");
+		}
+
+		$res = openssl_pkey_new([
+			"private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => intval($keySize),
+		]);
+
+		if (!openssl_pkey_export($res, $privateKey)) {
+			throw new RuntimeException("RSA keypair export failed!"); //@codeCoverageIgnore
+		}
+
+		$details = openssl_pkey_get_details($res);
+
+		$result = ['public' => $details['key'], 'private' => $privateKey];
+
+		openssl_pkey_free($res);
+
+		return $result;
+	}
+
+
+	/**
+	 * Generates a new EC prime256v1 keypair and saves both keys to a new file.
+	 *
+	 * @param integer $keySize EC key size, possible values are 256 (prime256v1) or 384 (secp384r1),
+	 *                               default is 256
+	 * @return array containing public and private indexes containing the new keys
+	 */
+	public static function ECGenerateKeys($keySize = 256)
+	{
+		if (version_compare(PHP_VERSION, '7.1.0') == -1) {
+			throw new RuntimeException("PHP 7.1+ required for EC keys"); //@codeCoverageIgnore
+		}
+
+		if ($keySize == 256) {
+			$res = openssl_pkey_new([
+				"private_key_type" => OPENSSL_KEYTYPE_EC,
+				"curve_name" => "prime256v1",
+			]);
+		} elseif ($keySize == 384) {
+			$res = openssl_pkey_new([
+				"private_key_type" => OPENSSL_KEYTYPE_EC,
+				"curve_name" => "secp384r1",
+			]);
+		} else {
+			throw new LogicException("EC key size must be 256 or 384");
+		}
+
+
+		if (!openssl_pkey_export($res, $privateKey)) {
+			throw new RuntimeException("EC keypair export failed!"); //@codeCoverageIgnore
+		}
+
+		$details = openssl_pkey_get_details($res);
+
+		$result = ['public' => $details['key'], 'private' => $privateKey];
+
+		openssl_pkey_free($res);
+
+		return $result;
+	}
+
+
+	/**
+	 * Encodes a string input to a base64 encoded string which is URL safe.
+	 *
+	 * @param string $input The input string to encode.
+	 *
+	 * @return string   Returns a URL safe base64 encoded string.
+	 */
+	public static function base64UrlSafeEncode($input)
+	{
+		return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
+	}
+
+	/**
+	 * Decodes a string that is URL safe base64 encoded.
+	 *
+	 * @param string $input The encoded input string to decode.
+	 *
+	 * @return string   Returns the decoded input string.
+	 */
+	public static function base64UrlSafeDecode($input)
+	{
+		$remainder = strlen($input) % 4;
+		if ($remainder) {
+			$padlen = 4 - $remainder;
+			$input .= str_repeat('=', $padlen);
+		}
+		return base64_decode(strtr($input, '-_', '+/'));
+	}
 }

src/DNSValidator/DNSOverHTTPS.php

Indentation +89 added lines, -89 removed lines

@@ -39,93 +39,93 @@
 class DNSOverHTTPS implements DNSValidatorInterface
 {
 
-    const DNS_GOOGLE     = 'https://dns.google.com/resolve';
-    const DNS_MOZILLA    = 'https://mozilla.cloudflare-dns.com/dns-query';
-    const DNS_CLOUDFLARE = 'https://cloudflare-dns.com/dns-query';
-
-    /**
-     * What DNS-over-HTTPS service to use
-     *
-     * @var null|string
-     */
-    private $baseURI;
-
-    /**
-     * Guzzle client handler
-     *
-     * @var Client object
-     */
-    private $client;
-
-    /**
-     * DNSOverHTTPS constructor.
-     * @param string|null $baseURI
-     */
-    public function __construct(string $baseURI = null)
-    {
-        //Default to Google, seems like a safe bet...
-        if ($baseURI === null) {
-            $this->baseURI = self::DNS_GOOGLE;
-        } else {
-            $this->baseURI = $baseURI;
-        }
-
-        $this->client = new Client([
-            'base_uri' => $this->baseURI
-        ]);
-    }
-
-    public function checkChallenge($domain, $requiredDigest) : bool
-    {
-        $hostname = '_acme-challenge.' . str_replace('*.', '', $domain);
-
-        $records = $this->get($hostname, 'TXT');
-        if ($records->Status == 0) {
-            foreach ($records->Answer as $record) {
-                if ((rtrim($record->name, ".") == $hostname) &&
-                    ($record->type == 16) &&
-                    (trim($record->data, '"') == $requiredDigest)) {
-                    return true;
-                }
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * @param string $name
-     * @param string $type per experimental spec this can be string OR int, we force string
-     * @return \stdClass
-     */
-    public function get(string $name, string $type) : \stdClass
-    {
-        $query = [
-            'query' => [
-                'name'               => $name,
-                'type'               => $type,
-                'edns_client_subnet' => '0.0.0.0/0',            //disable geotagged dns results
-                'ct'                 => 'application/dns-json', //cloudflare requires this
-            ],
-            'headers' => [
-                'Accept' => 'application/dns-json'
-            ]
-        ];
-
-        try {
-            $response = $this->client->get(null, $query);
-        } catch (BadResponseException $e) {
-            throw new RuntimeException("GET {$this->baseURI} failed", 0, $e);
-        }
-
-        $decode = json_decode($response->getBody());
-
-        if (json_last_error() !== JSON_ERROR_NONE) {
-            throw new RuntimeException(
-                'Attempted to decode expected JSON response, however server returned something unexpected.'
-            );
-        }
-
-        return $decode;
-    }
+	const DNS_GOOGLE     = 'https://dns.google.com/resolve';
+	const DNS_MOZILLA    = 'https://mozilla.cloudflare-dns.com/dns-query';
+	const DNS_CLOUDFLARE = 'https://cloudflare-dns.com/dns-query';
+
+	/**
+	 * What DNS-over-HTTPS service to use
+	 *
+	 * @var null|string
+	 */
+	private $baseURI;
+
+	/**
+	 * Guzzle client handler
+	 *
+	 * @var Client object
+	 */
+	private $client;
+
+	/**
+	 * DNSOverHTTPS constructor.
+	 * @param string|null $baseURI
+	 */
+	public function __construct(string $baseURI = null)
+	{
+		//Default to Google, seems like a safe bet...
+		if ($baseURI === null) {
+			$this->baseURI = self::DNS_GOOGLE;
+		} else {
+			$this->baseURI = $baseURI;
+		}
+
+		$this->client = new Client([
+			'base_uri' => $this->baseURI
+		]);
+	}
+
+	public function checkChallenge($domain, $requiredDigest) : bool
+	{
+		$hostname = '_acme-challenge.' . str_replace('*.', '', $domain);
+
+		$records = $this->get($hostname, 'TXT');
+		if ($records->Status == 0) {
+			foreach ($records->Answer as $record) {
+				if ((rtrim($record->name, ".") == $hostname) &&
+					($record->type == 16) &&
+					(trim($record->data, '"') == $requiredDigest)) {
+					return true;
+				}
+			}
+		}
+
+		return false;
+	}
+
+	/**
+	 * @param string $name
+	 * @param string $type per experimental spec this can be string OR int, we force string
+	 * @return \stdClass
+	 */
+	public function get(string $name, string $type) : \stdClass
+	{
+		$query = [
+			'query' => [
+				'name'               => $name,
+				'type'               => $type,
+				'edns_client_subnet' => '0.0.0.0/0',            //disable geotagged dns results
+				'ct'                 => 'application/dns-json', //cloudflare requires this
+			],
+			'headers' => [
+				'Accept' => 'application/dns-json'
+			]
+		];
+
+		try {
+			$response = $this->client->get(null, $query);
+		} catch (BadResponseException $e) {
+			throw new RuntimeException("GET {$this->baseURI} failed", 0, $e);
+		}
+
+		$decode = json_decode($response->getBody());
+
+		if (json_last_error() !== JSON_ERROR_NONE) {
+			throw new RuntimeException(
+				'Attempted to decode expected JSON response, however server returned something unexpected.'
+			);
+		}
+
+		return $decode;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -104,7 +104,7 @@
             'query' => [
                 'name'               => $name,
                 'type'               => $type,
-                'edns_client_subnet' => '0.0.0.0/0',            //disable geotagged dns results
+                'edns_client_subnet' => '0.0.0.0/0', //disable geotagged dns results
                 'ct'                 => 'application/dns-json', //cloudflare requires this
             ],
             'headers' => [