LE_ACME2\Utilities\Certificate

Complexity

Total Complexity

4

Size/Duplication

Total Lines	63
Duplicated Lines	0 %

Test Coverage

Coverage

0%

Importance

Changes	4
Bugs	0	Features	0

1 Method

Rating	Name	Duplication	Size	Complexity
A	generateCSR()	0	58	4

<?php

namespace LE_ACME2\Utilities;

use LE_ACME2\Order;
use LE_ACME2\Exception\OpenSSLException;

class Certificate {

    /**
     * @throws OpenSSLException
     */
    public static function generateCSR(Order $order) : string {

        $dn = [
            "commonName" => $order->getSubjects()[0]
        ];

        $san = implode(",", array_map(function ($dns) {

                return "DNS:" . $dns;
            }, $order->getSubjects())
        );

        $configFilePath = $order->getKeyDirectoryPath() . 'csr_config';

        $config = 'HOME = .
			RANDFILE = ' . $order->getKeyDirectoryPath() . '.rnd
			[ req ]
			default_bits = 4096
			default_keyfile = privkey.pem
			distinguished_name = req_distinguished_name
			req_extensions = v3_req
			[ req_distinguished_name ]
			countryName = Country Name (2 letter code)
			[ v3_req ]
			basicConstraints = CA:FALSE
			subjectAltName = ' . $san . '
			keyUsage = nonRepudiation, digitalSignature, keyEncipherment';

        file_put_contents($configFilePath, $config);

        $privateKey = openssl_pkey_get_private(
            file_get_contents($order->getKeyDirectoryPath() . 'private.pem')
        );

        if($privateKey === false) {
            throw new OpenSSLException('openssl_pkey_get_private');
        }

        $csr = openssl_csr_new(
            $dn,
            $privateKey,

It seems like $privateKey can also be of type resource; however, parameter $private_key of openssl_csr_new() does only seem to accept OpenSSLAsymmetricKey, maybe add an additional type check?

            [
                'config' => $configFilePath,
                'digest_alg' => 'sha256'
            ]
        );

        if($csr === false) {
            throw new OpenSSLException('openssl_csr_new');
        }

        if(!openssl_csr_export($csr, $csr)) {

$csr of type OpenSSLCertificateSigningRequest|resource is incompatible with the type string expected by parameter $output of openssl_csr_export().

            throw new OpenSSLException('openssl_csr_export');
        }

        unlink($configFilePath);

        return $csr;
    }
}