Issues in LEAccount.php (master) - Issues in master - Zwartpet/php-certificate-toolbox - Measure and Improve Code Quality continuously with Scrutinizer

Issues (18)

src/LEAccount.php (1 issue)

Labels

Severity

<?php
namespace Zwartpet\PHPCertificateToolbox;

use Zwartpet\PHPCertificateToolbox\Exception\RuntimeException;
use Psr\Log\LoggerInterface;

/**
 * LetsEncrypt Account class, containing the functions and data associated with a LetsEncrypt account.
 *
 * @author     Youri van Weegberg <[email protected]>
 * @copyright  2018 Youri van Weegberg
 * @license    https://opensource.org/licenses/mit-license.php  MIT License
 */
class LEAccount
{
    private $connector;

    public $id;
    public $key;
    public $contact;
    public $agreement;
    public $initialIp;
    public $createdAt;
    public $status;

    /** @var LoggerInterface  */
    private $log;

    /** @var CertificateStorageInterface */
    private $storage;

    /**
     * Initiates the LetsEncrypt Account class.
     *
     * @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
     * @param LoggerInterface $log   PSR-3 compatible logger
     * @param array $email           The array of strings containing e-mail addresses. Only used when creating a
     *                               new account.
     * @param AccountStorageInterface $storage  storage for account keys
     */
    public function __construct($connector, LoggerInterface $log, $email, AccountStorageInterface $storage)
    {
        $this->connector = $connector;
        $this->storage = $storage;

        $this->log = $log;

        if (empty($storage->getAccountPublicKey()) || empty($storage->getAccountPrivateKey())) {
            $this->log->notice("No account found for ".implode(',', $email).", attempting to create account");

            $accountKey = LEFunctions::RSAgenerateKeys();
            $storage->setAccountPublicKey($accountKey['public']);
            $storage->setAccountPrivateKey($accountKey['private']);

            $this->connector->accountURL = $this->createLEAccount($email);
        } else {
            $this->connector->accountURL = $this->getLEAccount();
        }
        if ($this->connector->accountURL === false) {
            throw new RuntimeException('Account not found or deactivated.');
        }
        $this->getLEAccountData();
    }

    /**
     * Creates a new LetsEncrypt account.
     *
     * @param array     $email  The array of strings containing e-mail addresses.
     *
     * @return string|bool   Returns the new account URL when the account was successfully created, false if not.
     */
    private function createLEAccount($email)
    {
        $contact = array_map(function ($addr) {
            return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
        }, $email);

        $sign = $this->connector->signRequestJWK(
            ['contact' => $contact, 'termsOfServiceAgreed' => true],
            $this->connector->newAccount
        );
        $post = $this->connector->post($this->connector->newAccount, $sign);
        if (strpos($post['header'], "201 Created") !== false) {
            if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
                return trim($matches[1]);
            }
        }
        //@codeCoverageIgnoreStart
        return false;
        //@codeCoverageIgnoreEnd
    }

    /**
     * Gets the LetsEncrypt account URL associated with the stored account keys.
     *
     * @return string|bool   Returns the account URL if it is found, or false when none is found.
     */
    private function getLEAccount()
    {
        $sign = $this->connector->signRequestJWK(['onlyReturnExisting' => true], $this->connector->newAccount);
        $post = $this->connector->post($this->connector->newAccount, $sign);

        if (strpos($post['header'], "200 OK") !== false) {
            if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
                return trim($matches[1]);
            }
        }
        return false;
    }

    /**
     * Gets the LetsEncrypt account data from the account URL.
     */
    private function getLEAccountData()
    {
        $sign = $this->connector->signRequestKid(
            ['' => ''],
            $this->connector->accountURL,
            $this->connector->accountURL
        );
        $post = $this->connector->post($this->connector->accountURL, $sign);
        if (strpos($post['header'], "200 OK") !== false) {
            $this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
            $this->key = $post['body']['key'];
            $this->contact = $post['body']['contact'];
            $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : null;
            $this->initialIp = $post['body']['initialIp'];
            $this->createdAt = $post['body']['createdAt'];
            $this->status = $post['body']['status'];
        } else {
            //@codeCoverageIgnoreStart
            throw new RuntimeException('Account data cannot be found.');
            //@codeCoverageIgnoreEnd
        }
    }

    /**
     * Updates account data. Now just supporting new contact information.
     *
     * @param array     $email  The array of strings containing e-mail adresses.
     *
     * @return boolean  Returns true if the update is successful, false if not.
     */
    public function updateAccount($email)
    {
        $contact = array_map(function ($addr) {
            return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
        }, $email);

        $sign = $this->connector->signRequestKid(
            ['contact' => $contact],
            $this->connector->accountURL,
            $this->connector->accountURL
        );
        $post = $this->connector->post($this->connector->accountURL, $sign);
        if ($post['status'] !== 200) {
            //@codeCoverageIgnoreStart
            throw new RuntimeException('Unable to update account');
            //@codeCoverageIgnoreEnd
        }

        $this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
        $this->key = $post['body']['key'];
        $this->contact = $post['body']['contact'];
        $this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : '';
        $this->initialIp = $post['body']['initialIp'];
        $this->createdAt = $post['body']['createdAt'];
        $this->status = $post['body']['status'];

        $this->log->notice('Account data updated');
        return true;
    }

    /**
     * Creates new RSA account keys and updates the keys with LetsEncrypt.
     *
     * @return boolean  Returns true if the update is successful, false if not.
     */
    public function changeAccountKeys()
    {
        $new=LEFunctions::RSAgenerateKeys();

        $privateKey = openssl_pkey_get_private($new['private']);
        if ($privateKey === false) {
            //@codeCoverageIgnoreStart
            throw new RuntimeException('Failed to open newly generated private key');
            //@codeCoverageIgnoreEnd
        }


        $details = openssl_pkey_get_details($privateKey);
        $innerPayload = ['account' => $this->connector->accountURL, 'newKey' => [
            "kty" => "RSA",
            "n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
            "e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"])
        ]];
        $outerPayload = $this->connector->signRequestJWK(
            $innerPayload,
            $this->connector->keyChange,
            $new['private']
        );
        $sign = $this->connector->signRequestKid(
            $outerPayload,
            $this->connector->accountURL,
            $this->connector->keyChange
        );
        $post = $this->connector->post($this->connector->keyChange, $sign);
        if ($post['status'] !== 200) {
            //@codeCoverageIgnoreStart
            throw new RuntimeException('Unable to post new account keys');
            //@codeCoverageIgnoreEnd
        }

        $this->getLEAccountData();

        $this->storage->setAccountPublicKey($new['public']);
        $this->storage->setAccountPrivateKey($new['private']);

        $this->log->notice('Account keys changed');
        return true;
    }

    /**
     * Deactivates the LetsEncrypt account.
     *
     * @return boolean  Returns true if the deactivation is successful, false if not.
     */
    public function deactivateAccount()
    {
        $sign = $this->connector->signRequestKid(
            ['status' => 'deactivated'],
            $this->connector->accountURL,
            $this->connector->accountURL
        );
        $post = $this->connector->post($this->connector->accountURL, $sign);
        if ($post['status'] !== 200) {
            //@codeCoverageIgnoreStart
            $this->log->error('Account deactivation failed');
            return false;
            //@codeCoverageIgnoreEnd
        }

        $this->connector->accountDeactivated = true;
        $this->log->info('Account deactivated');
        return true;
    }
}


1		<?php
2		namespace Zwartpet\PHPCertificateToolbox;
3
4		use Zwartpet\PHPCertificateToolbox\Exception\RuntimeException;
5		use Psr\Log\LoggerInterface;
6
7		/**
8		* LetsEncrypt Account class, containing the functions and data associated with a LetsEncrypt account.
9		*
10		* @author Youri van Weegberg <[email protected]>
11		* @copyright 2018 Youri van Weegberg
12		* @license https://opensource.org/licenses/mit-license.php MIT License
13		*/
14		class LEAccount
15		{
16		private $connector;
17
18		public $id;
19		public $key;
20		public $contact;
21		public $agreement;
22		public $initialIp;
23		public $createdAt;
24		public $status;
25
26		/** @var LoggerInterface */
27		private $log;
28
29		/** @var CertificateStorageInterface */
30		private $storage;
31
32		/**
33		* Initiates the LetsEncrypt Account class.
34		*
35		* @param LEConnector $connector The LetsEncrypt Connector instance to use for HTTP requests.
36		* @param LoggerInterface $log PSR-3 compatible logger
37		* @param array $email The array of strings containing e-mail addresses. Only used when creating a
38		* new account.
39		* @param AccountStorageInterface $storage storage for account keys
40		*/
41	12	public function __construct($connector, LoggerInterface $log, $email, AccountStorageInterface $storage)
42		{
43	12	$this->connector = $connector;
44	12	$this->storage = $storage;
		0 ignored issues – show Documentation Bug introduced 2021-02-18 11:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$storage` of type `Zwartpet\PHPCertificateT...AccountStorageInterface` is incompatible with the declared type `Zwartpet\PHPCertificateT...ificateStorageInterface` of property `$storage`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
45	12	$this->log = $log;
46
47	12	if (empty($storage->getAccountPublicKey()) \|\| empty($storage->getAccountPrivateKey())) {
48	12	$this->log->notice("No account found for ".implode(',', $email).", attempting to create account");
49
50	12	$accountKey = LEFunctions::RSAgenerateKeys();
51	12	$storage->setAccountPublicKey($accountKey['public']);
52	12	$storage->setAccountPrivateKey($accountKey['private']);
53
54	12	$this->connector->accountURL = $this->createLEAccount($email);
55		} else {
56	4	$this->connector->accountURL = $this->getLEAccount();
57		}
58	12	if ($this->connector->accountURL === false) {
59	2	throw new RuntimeException('Account not found or deactivated.');
60		}
61	12	$this->getLEAccountData();
62	12	}
63
64		/**
65		* Creates a new LetsEncrypt account.
66		*
67		* @param array $email The array of strings containing e-mail addresses.
68		*
69		* @return string\|bool Returns the new account URL when the account was successfully created, false if not.
70		*/
71		private function createLEAccount($email)
72		{
73	12	$contact = array_map(function ($addr) {
74	12	return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
75	12	}, $email);
76
77	12	$sign = $this->connector->signRequestJWK(
78	12	['contact' => $contact, 'termsOfServiceAgreed' => true],
79	12	$this->connector->newAccount
80		);
81	12	$post = $this->connector->post($this->connector->newAccount, $sign);
82	12	if (strpos($post['header'], "201 Created") !== false) {
83	12	if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
84	12	return trim($matches[1]);
85		}
86		}
87		//@codeCoverageIgnoreStart
88		return false;
89		//@codeCoverageIgnoreEnd
90		}
91
92		/**
93		* Gets the LetsEncrypt account URL associated with the stored account keys.
94		*
95		* @return string\|bool Returns the account URL if it is found, or false when none is found.
96		*/
97	4	private function getLEAccount()
98		{
99	4	$sign = $this->connector->signRequestJWK(['onlyReturnExisting' => true], $this->connector->newAccount);
100	4	$post = $this->connector->post($this->connector->newAccount, $sign);
101
102	4	if (strpos($post['header'], "200 OK") !== false) {
103	2	if (preg_match('~Location: (\S+)~i', $post['header'], $matches)) {
104	2	return trim($matches[1]);
105		}
106		}
107	2	return false;
108		}
109
110		/**
111		* Gets the LetsEncrypt account data from the account URL.
112		*/
113	12	private function getLEAccountData()
114		{
115	12	$sign = $this->connector->signRequestKid(
116	12	['' => ''],
117	12	$this->connector->accountURL,
118	12	$this->connector->accountURL
119		);
120	12	$post = $this->connector->post($this->connector->accountURL, $sign);
121	12	if (strpos($post['header'], "200 OK") !== false) {
122	12	$this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
123	12	$this->key = $post['body']['key'];
124	12	$this->contact = $post['body']['contact'];
125	12	$this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : null;
126	12	$this->initialIp = $post['body']['initialIp'];
127	12	$this->createdAt = $post['body']['createdAt'];
128	12	$this->status = $post['body']['status'];
129		} else {
130		//@codeCoverageIgnoreStart
131		throw new RuntimeException('Account data cannot be found.');
132		//@codeCoverageIgnoreEnd
133		}
134	12	}
135
136		/**
137		* Updates account data. Now just supporting new contact information.
138		*
139		* @param array $email The array of strings containing e-mail adresses.
140		*
141		* @return boolean Returns true if the update is successful, false if not.
142		*/
143		public function updateAccount($email)
144		{
145	2	$contact = array_map(function ($addr) {
146	2	return empty($addr) ? '' : (strpos($addr, 'mailto') === false ? 'mailto:' . $addr : $addr);
147	2	}, $email);
148
149	2	$sign = $this->connector->signRequestKid(
150	2	['contact' => $contact],
151	2	$this->connector->accountURL,
152	2	$this->connector->accountURL
153		);
154	2	$post = $this->connector->post($this->connector->accountURL, $sign);
155	2	if ($post['status'] !== 200) {
156		//@codeCoverageIgnoreStart
157		throw new RuntimeException('Unable to update account');
158		//@codeCoverageIgnoreEnd
159		}
160
161	2	$this->id = isset($post['body']['id']) ? $post['body']['id'] : '';
162	2	$this->key = $post['body']['key'];
163	2	$this->contact = $post['body']['contact'];
164	2	$this->agreement = isset($post['body']['agreement']) ? $post['body']['agreement'] : '';
165	2	$this->initialIp = $post['body']['initialIp'];
166	2	$this->createdAt = $post['body']['createdAt'];
167	2	$this->status = $post['body']['status'];
168
169	2	$this->log->notice('Account data updated');
170	2	return true;
171		}
172
173		/**
174		* Creates new RSA account keys and updates the keys with LetsEncrypt.
175		*
176		* @return boolean Returns true if the update is successful, false if not.
177		*/
178	2	public function changeAccountKeys()
179		{
180	2	$new=LEFunctions::RSAgenerateKeys();
181
182	2	$privateKey = openssl_pkey_get_private($new['private']);
183	2	if ($privateKey === false) {
184		//@codeCoverageIgnoreStart
185		throw new RuntimeException('Failed to open newly generated private key');
186		//@codeCoverageIgnoreEnd
187		}
188
189
190	2	$details = openssl_pkey_get_details($privateKey);
191	2	$innerPayload = ['account' => $this->connector->accountURL, 'newKey' => [
192	2	"kty" => "RSA",
193	2	"n" => LEFunctions::base64UrlSafeEncode($details["rsa"]["n"]),
194	2	"e" => LEFunctions::base64UrlSafeEncode($details["rsa"]["e"])
195		]];
196	2	$outerPayload = $this->connector->signRequestJWK(
197	2	$innerPayload,
198	2	$this->connector->keyChange,
199	2	$new['private']
200		);
201	2	$sign = $this->connector->signRequestKid(
202	2	$outerPayload,
203	2	$this->connector->accountURL,
204	2	$this->connector->keyChange
205		);
206	2	$post = $this->connector->post($this->connector->keyChange, $sign);
207	2	if ($post['status'] !== 200) {
208		//@codeCoverageIgnoreStart
209		throw new RuntimeException('Unable to post new account keys');
210		//@codeCoverageIgnoreEnd
211		}
212
213	2	$this->getLEAccountData();
214
215	2	$this->storage->setAccountPublicKey($new['public']);
216	2	$this->storage->setAccountPrivateKey($new['private']);
217
218	2	$this->log->notice('Account keys changed');
219	2	return true;
220		}
221
222		/**
223		* Deactivates the LetsEncrypt account.
224		*
225		* @return boolean Returns true if the deactivation is successful, false if not.
226		*/
227	2	public function deactivateAccount()
228		{
229	2	$sign = $this->connector->signRequestKid(
230	2	['status' => 'deactivated'],
231	2	$this->connector->accountURL,
232	2	$this->connector->accountURL
233		);
234	2	$post = $this->connector->post($this->connector->accountURL, $sign);
235	2	if ($post['status'] !== 200) {
236		//@codeCoverageIgnoreStart
237		$this->log->error('Account deactivation failed');
238		return false;
239		//@codeCoverageIgnoreEnd
240		}
241
242	2	$this->connector->accountDeactivated = true;
243	2	$this->log->info('Account deactivated');
244	2	return true;
245		}
246		}
247

Zwartpet / php-certificate-toolbox

Issues (18)

src/LEAccount.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like