daxi20/acmeclient
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make PHP 5.5 compat

Browse Source
This commit is contained in:
Niklas Keller
2015-12-20 21:49:23 +01:00
parent 7f0869150f
commit 5a4ab4a410
11 changed files with 182 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
bin/acme
View File

@@ -8,7 +8,6 @@ use League\CLImate\CLImate;
use Monolog\Handler\StreamHandler; use Monolog\Handler\StreamHandler;
use Monolog\Logger; use Monolog\Logger;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
use function Kelunik\AcmeClient\commandToClass;
require __DIR__ . "/../vendor/autoload.php"; require __DIR__ . "/../vendor/autoload.php";
@@ -57,9 +56,7 @@ if (!in_array($argv[1], $commands)) {
exit(1); exit(1);
} }
// TODO: Implement subcommand help $class = \Kelunik\AcmeClient\commandToClass($argv[1]);
$class = commandToClass($argv[1]);
$definition = $class::getDefinition(); $definition = $class::getDefinition();
try { try {
@@ -91,7 +88,7 @@ $logger->pushHandler($handler);
$injector->alias(LoggerInterface::class, Logger::class); $injector->alias(LoggerInterface::class, Logger::class);
$injector->share($logger); $injector->share($logger);
$command = $injector->make(commandToClass($argv[1])); $command = $injector->make($class);
Amp\run(function () use ($command, $climate, $logger) { Amp\run(function () use ($command, $climate, $logger) {
try { try {

5
src/Commands/Command.php
View File

@@ -2,11 +2,10 @@
namespace Kelunik\AcmeClient\Commands; namespace Kelunik\AcmeClient\Commands;
use Amp\Promise;
use League\CLImate\Argument\Manager; use League\CLImate\Argument\Manager;
interface Command { interface Command {
public function execute(Manager $args): Promise; public function execute(Manager $args);
public static function getDefinition(): array; public static function getDefinition();
} }

59
src/Commands/Issue.php
View File

@@ -2,11 +2,8 @@
namespace Kelunik\AcmeClient\Commands; namespace Kelunik\AcmeClient\Commands;
use Amp\Dns as dns;
use Amp\Dns\Record; use Amp\Dns\Record;
use function Amp\File\put; use Exception;
use Amp\Promise;
use Generator;
use Kelunik\Acme\AcmeClient; use Kelunik\Acme\AcmeClient;
use Kelunik\Acme\AcmeException; use Kelunik\Acme\AcmeException;
use Kelunik\Acme\AcmeService; use Kelunik\Acme\AcmeService;
@@ -19,10 +16,6 @@ use League\CLImate\Argument\Manager;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
use stdClass; use stdClass;
use Throwable; use Throwable;
use function Amp\all;
use function Amp\any;
use function Amp\resolve;
use function Kelunik\AcmeClient\getServer;
class Issue implements Command { class Issue implements Command {
private $logger; private $logger;
@@ -31,23 +24,23 @@ class Issue implements Command {
$this->logger = $logger; $this->logger = $logger;
} }
public function execute(Manager $args): Promise { public function execute(Manager $args) {
return resolve($this->doExecute($args)); return \Amp\resolve($this->doExecute($args));
} }
private function doExecute(Manager $args): Generator { private function doExecute(Manager $args) {
$domains = array_map("trim", explode(",", $args->get("domains"))); $domains = array_map("trim", explode(",", $args->get("domains")));
yield resolve($this->checkDnsRecords($domains)); yield \Amp\resolve($this->checkDnsRecords($domains));
$user = $args->get("user") ?? "www-data"; $user = $args->get("user") ?: "www-data";
$keyStore = new KeyStore(dirname(dirname(__DIR__)) . "/data"); $keyStore = new KeyStore(dirname(dirname(__DIR__)) . "/data");
$keyPair = yield $keyStore->get("account/key.pem"); $keyPair = (yield $keyStore->get("account/key.pem"));
$acme = new AcmeService(new AcmeClient(getServer(), $keyPair), $keyPair); $acme = new AcmeService(new AcmeClient(\Kelunik\AcmeClient\getServer(), $keyPair), $keyPair);
foreach ($domains as $domain) { foreach ($domains as $domain) {
list($location, $challenges) = yield $acme->requestChallenges($domain); list($location, $challenges) = (yield $acme->requestChallenges($domain));
$goodChallenges = $this->findSuitableCombination($challenges); $goodChallenges = $this->findSuitableCombination($challenges);
if (empty($goodChallenges)) { if (empty($goodChallenges)) {
@@ -82,6 +75,10 @@ class Issue implements Command {
$this->logger->info("Challenge successful. {$domain} is now authorized."); $this->logger->info("Challenge successful. {$domain} is now authorized.");
yield $challengeStore->delete($token); yield $challengeStore->delete($token);
} catch (Exception $e) {
// no finally because generators...
yield $challengeStore->delete($token);
throw $e;
} catch (Throwable $e) { } catch (Throwable $e) {
// no finally because generators... // no finally because generators...
yield $challengeStore->delete($token); yield $challengeStore->delete($token);
@@ -90,42 +87,42 @@ class Issue implements Command {
} }
$path = "certs/" . reset($domains) . "/key.pem"; $path = "certs/" . reset($domains) . "/key.pem";
$bits = $args->get("bits") ?? 2048; $bits = $args->get("bits") ?: 2048;
try { try {
$keyPair = yield $keyStore->get($path); $keyPair = (yield $keyStore->get($path));
} catch (KeyStoreException $e) { } catch (KeyStoreException $e) {
$keyPair = (new OpenSSLKeyGenerator)->generate($bits); $keyPair = (new OpenSSLKeyGenerator)->generate($bits);
$keyPair = yield $keyStore->put($path, $keyPair); $keyPair = (yield $keyStore->put($path, $keyPair));
} }
$this->logger->info("Requesting certificate ..."); $this->logger->info("Requesting certificate ...");
$location = yield $acme->requestCertificate($keyPair, $domains); $location = (yield $acme->requestCertificate($keyPair, $domains));
$certificates = yield $acme->pollForCertificate($location); $certificates = (yield $acme->pollForCertificate($location));
$path = dirname(dirname(__DIR__)) . "/data/certs"; $path = dirname(dirname(__DIR__)) . "/data/certs";
$certificateStore = new CertificateStore($path); $certificateStore = new CertificateStore($path);
yield $certificateStore->put($certificates); yield $certificateStore->put($certificates);
yield put($path . "/" . reset($domains) . "/config.json", json_encode([ yield \Amp\File\put($path . "/" . reset($domains) . "/config.json", json_encode([
"domains" => $domains, "path" => $args->get("path"), "user" => $user, "bits" => $bits "domains" => $domains, "path" => $args->get("path"), "user" => $user, "bits" => $bits,
], JSON_PRETTY_PRINT) . "\n"); ], JSON_PRETTY_PRINT) . "\n");
$this->logger->info("Successfully issued certificate, see {$path}/" . reset($domains)); $this->logger->info("Successfully issued certificate, see {$path}/" . reset($domains));
} }
private function checkDnsRecords($domains): Generator { private function checkDnsRecords($domains) {
$promises = []; $promises = [];
foreach ($domains as $domain) { foreach ($domains as $domain) {
$promises[$domain] = dns\resolve($domain, [ $promises[$domain] = \Amp\Dns\resolve($domain, [
"types" => [Record::A], "types" => [Record::A],
"hosts" => false, "hosts" => false,
]); ]);
} }
list($errors) = yield any($promises); list($errors) = (yield \Amp\any($promises));
if (!empty($errors)) { if (!empty($errors)) {
throw new AcmeException("Couldn't resolve the following domains to an IPv4 record: " . implode(array_keys($errors))); throw new AcmeException("Couldn't resolve the following domains to an IPv4 record: " . implode(array_keys($errors)));
@@ -134,9 +131,9 @@ class Issue implements Command {
$this->logger->info("Checked DNS records, all fine."); $this->logger->info("Checked DNS records, all fine.");
} }
private function findSuitableCombination(stdClass $response): array { private function findSuitableCombination(stdClass $response) {
$challenges = $response->challenges ?? []; $challenges = isset($response->challenges) ? $response->challenges : [];
$combinations = $response->combinations ?? []; $combinations = isset($response->combinations) ? $response->combinations : [];
$goodChallenges = []; $goodChallenges = [];
foreach ($challenges as $i => $challenge) { foreach ($challenges as $i => $challenge) {
@@ -154,7 +151,7 @@ class Issue implements Command {
return $goodChallenges; return $goodChallenges;
} }
public static function getDefinition(): array { public static function getDefinition() {
return [ return [
"domains" => [ "domains" => [
"prefix" => "d", "prefix" => "d",

25
src/Commands/Renew.php
View File

@@ -3,16 +3,9 @@
namespace Kelunik\AcmeClient\Commands; namespace Kelunik\AcmeClient\Commands;
use Amp\Process; use Amp\Process;
use Amp\Promise;
use Generator;
use Kelunik\Certificate\Certificate; use Kelunik\Certificate\Certificate;
use League\CLImate\Argument\Manager; use League\CLImate\Argument\Manager;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
use function Amp\all;
use function Amp\File\get;
use function Amp\File\scandir;
use function Amp\pipe;
use function Amp\resolve;
class Renew implements Command { class Renew implements Command {
private $logger; private $logger;
@@ -21,22 +14,22 @@ class Renew implements Command {
$this->logger = $logger; $this->logger = $logger;
} }
public function execute(Manager $args): Promise { public function execute(Manager $args) {
return resolve($this->doExecute($args)); return \Amp\resolve($this->doExecute($args));
} }
private function doExecute(Manager $args): Generator { private function doExecute(Manager $args) {
$path = dirname(dirname(__DIR__)) . "/data/certs"; $path = dirname(dirname(__DIR__)) . "/data/certs";
if (!realpath($path)) { if (!realpath($path)) {
throw new \RuntimeException("Certificate path doesn't exist: '{$path}'"); throw new \RuntimeException("Certificate path doesn't exist: '{$path}'");
} }
$domains = yield scandir($path); $domains = (yield \Amp\File\scandir($path));
$promises = []; $promises = [];
foreach ($domains as $domain) { foreach ($domains as $domain) {
$pem = yield get($path . "/" . $domain . "/cert.pem"); $pem = (yield \Amp\File\get($path . "/" . $domain . "/cert.pem"));
$cert = new Certificate($pem); $cert = new Certificate($pem);
if ($cert->getValidTo() > time() + 30 * 24 * 60 * 60) { if ($cert->getValidTo() > time() + 30 * 24 * 60 * 60) {
@@ -45,7 +38,7 @@ class Renew implements Command {
continue; continue;
} }
$json = yield get($path . "/" . $domain . "/config.json"); $json = (yield \Amp\File\get($path . "/" . $domain . "/config.json"));
$config = json_decode($json); $config = json_decode($json);
$command = [ $command = [
@@ -63,7 +56,7 @@ class Renew implements Command {
$command = array_map("escapeshellarg", $command); $command = array_map("escapeshellarg", $command);
$command = implode(" ", $command); $command = implode(" ", $command);
$promises[] = pipe((new Process($command))->exec()->watch(function ($update) { $promises[] = \Amp\pipe((new Process($command))->exec()->watch(function ($update) {
list($type, $data) = $update; list($type, $data) = $update;
if ($type === "err") { if ($type === "err") {
@@ -78,7 +71,7 @@ class Renew implements Command {
}); });
} }
$results = yield all($promises); $results = (yield \Amp\all($promises));
foreach ($results as $result) { foreach ($results as $result) {
if ($result->exit !== 0) { if ($result->exit !== 0) {
@@ -87,7 +80,7 @@ class Renew implements Command {
} }
} }
public static function getDefinition(): array { public static function getDefinition() {
return []; return [];
} }
} }

19
src/Commands/Revoke.php
View File

@@ -8,16 +8,11 @@ use Generator;
use Kelunik\Acme\AcmeClient; use Kelunik\Acme\AcmeClient;
use Kelunik\Acme\AcmeException; use Kelunik\Acme\AcmeException;
use Kelunik\Acme\AcmeService; use Kelunik\Acme\AcmeService;
use Kelunik\Acme\KeyPair;
use function Kelunik\AcmeClient\getServer;
use Kelunik\AcmeClient\Stores\CertificateStore; use Kelunik\AcmeClient\Stores\CertificateStore;
use Kelunik\AcmeClient\Stores\KeyStore; use Kelunik\AcmeClient\Stores\KeyStore;
use Kelunik\Certificate\Certificate; use Kelunik\Certificate\Certificate;
use League\CLImate\Argument\Manager; use League\CLImate\Argument\Manager;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
use function Amp\File\exists;
use function Amp\File\get;
use function Amp\resolve;
class Revoke implements Command { class Revoke implements Command {
private $logger; private $logger;
@@ -26,24 +21,24 @@ class Revoke implements Command {
$this->logger = $logger; $this->logger = $logger;
} }
public function execute(Manager $args): Promise { public function execute(Manager $args) {
return resolve($this->doExecute($args)); return \Amp\resolve($this->doExecute($args));
} }
private function doExecute(Manager $args): Generator { private function doExecute(Manager $args) {
if (posix_geteuid() !== 0) { if (posix_geteuid() !== 0) {
throw new AcmeException("Please run this script as root!"); throw new AcmeException("Please run this script as root!");
} }
$keyStore = new KeyStore(dirname(dirname(__DIR__)) . "/data"); $keyStore = new KeyStore(dirname(dirname(__DIR__)) . "/data");
$keyPair = yield $keyStore->get("account/key.pem"); $keyPair = (yield $keyStore->get("account/key.pem"));
$acme = new AcmeService(new AcmeClient(getServer(), $keyPair), $keyPair); $acme = new AcmeService(new AcmeClient(\Kelunik\AcmeClient\getServer(), $keyPair), $keyPair);
$this->logger->info("Revoking certificate ..."); $this->logger->info("Revoking certificate ...");
try { try {
$pem = yield get(dirname(dirname(__DIR__)) . "/data/certs/" . $args->get("name") . "/cert.pem"); $pem = (yield \Amp\File\get(dirname(dirname(__DIR__)) . "/data/certs/" . $args->get("name") . "/cert.pem"));
$cert = new Certificate($pem); $cert = new Certificate($pem);
} catch (FilesystemException $e) { } catch (FilesystemException $e) {
throw new \RuntimeException("There's no such certificate!"); throw new \RuntimeException("There's no such certificate!");
@@ -60,7 +55,7 @@ class Revoke implements Command {
yield (new CertificateStore(dirname(dirname(__DIR__)) . "/data/certs"))->delete($args->get("name")); yield (new CertificateStore(dirname(dirname(__DIR__)) . "/data/certs"))->delete($args->get("name"));
} }
public static function getDefinition(): array { public static function getDefinition() {
return [ return [
"name" => [ "name" => [
"longPrefix" => "name", "longPrefix" => "name",

31
src/Commands/Setup.php
View File

@@ -6,6 +6,7 @@ use Amp\Dns\Record;
use Amp\Dns\ResolutionException; use Amp\Dns\ResolutionException;
use Amp\Promise; use Amp\Promise;
use Generator; use Generator;
use InvalidArgumentException;
use Kelunik\Acme\AcmeClient; use Kelunik\Acme\AcmeClient;
use Kelunik\Acme\AcmeException; use Kelunik\Acme\AcmeException;
use Kelunik\Acme\AcmeService; use Kelunik\Acme\AcmeService;
@@ -16,10 +17,6 @@ use Kelunik\AcmeClient\Stores\KeyStoreException;
use League\CLImate\Argument\Manager; use League\CLImate\Argument\Manager;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
use RuntimeException; use RuntimeException;
use function Amp\File\exists;
use function Amp\File\put;
use function Amp\resolve;
use function Kelunik\AcmeClient\serverToIdentity;
class Setup implements Command { class Setup implements Command {
private $logger; private $logger;
@@ -28,13 +25,13 @@ class Setup implements Command {
$this->logger = $logger; $this->logger = $logger;
} }
public function execute(Manager $args): Promise { public function execute(Manager $args) {
return resolve($this->doExecute($args)); return \Amp\resolve($this->doExecute($args));
} }
public function doExecute(Manager $args): Generator { public function doExecute(Manager $args) {
$email = $args->get("email"); $email = $args->get("email");
yield resolve($this->checkEmail($email)); yield \Amp\resolve($this->checkEmail($email));
$server = $args->get("server"); $server = $args->get("server");
$protocol = substr($server, 0, strpos("://", $server)); $protocol = substr($server, 0, strpos("://", $server));
@@ -52,7 +49,7 @@ class Setup implements Command {
try { try {
$this->logger->info("Loading private key ..."); $this->logger->info("Loading private key ...");
$keyPair = yield $keyStore->get($path); $keyPair = (yield $keyStore->get($path));
$this->logger->info("Existing private key successfully loaded."); $this->logger->info("Existing private key successfully loaded.");
} catch (KeyStoreException $e) { } catch (KeyStoreException $e) {
$this->logger->info("No existing private key found, generating new one ..."); $this->logger->info("No existing private key found, generating new one ...");
@@ -60,11 +57,11 @@ class Setup implements Command {
$this->logger->info("Generated new private key with {$bits} bits."); $this->logger->info("Generated new private key with {$bits} bits.");
$this->logger->info("Saving new private key ..."); $this->logger->info("Saving new private key ...");
$keyPair = yield $keyStore->put($path, $keyPair); $keyPair = (yield $keyStore->put($path, $keyPair));
$this->logger->info("New private key successfully saved."); $this->logger->info("New private key successfully saved.");
} }
$user = $args->get("user") ?? "www-data"; $user = $args->get("user") ?: "www-data";
$userInfo = posix_getpwnam($user); $userInfo = posix_getpwnam($user);
if (!$userInfo) { if (!$userInfo) {
@@ -75,17 +72,21 @@ class Setup implements Command {
$this->logger->info("Registering with ACME server " . substr($server, 8) . " ..."); $this->logger->info("Registering with ACME server " . substr($server, 8) . " ...");
/** @var Registration $registration */ /** @var Registration $registration */
$registration = yield $acme->register($email); $registration = (yield $acme->register($email));
$this->logger->notice("Registration successful with the following contact information: " . implode(", ", $registration->getContact())); $this->logger->notice("Registration successful with the following contact information: " . implode(", ", $registration->getContact()));
yield put(dirname(dirname(__DIR__)) . "/data/account/config.json", json_encode([ yield \Amp\File\put(dirname(dirname(__DIR__)) . "/data/account/config.json", json_encode([
"version" => 1, "version" => 1,
"server" => $server, "server" => $server,
"email" => $email, "email" => $email,
], JSON_PRETTY_PRINT) . "\n"); ], JSON_PRETTY_PRINT) . "\n");
} }
private function checkEmail(string $email): Generator { private function checkEmail($email) {
if (!is_string($email)) {
throw new InvalidArgumentException(sprintf("\$email must be of type string, %s given.", gettype($email)));
}
$host = substr($email, strrpos($email, "@") + 1); $host = substr($email, strrpos($email, "@") + 1);
if (!$host) { if (!$host) {
@@ -99,7 +100,7 @@ class Setup implements Command {
} }
} }
public static function getDefinition(): array { public static function getDefinition() {
return [ return [
"server" => [ "server" => [
"prefix" => "s", "prefix" => "s",

6
src/Configuration.php
View File

@@ -7,7 +7,7 @@ use RuntimeException;
class Configuration { class Configuration {
private $config; private $config;
public function __construct(string $file) { public function __construct($file) {
$json = file_get_contents($file); $json = file_get_contents($file);
if (!$json) { if (!$json) {
@@ -21,7 +21,7 @@ class Configuration {
} }
} }
public function get(string $key) { public function get($key) {
return $this->config->{$key} ?? null; return isset($this->config->{$key}) ? $this->config->{$key} : null;
} }
} }

63
src/Stores/CertificateStore.php
View File

@@ -3,30 +3,25 @@
namespace Kelunik\AcmeClient\Stores; namespace Kelunik\AcmeClient\Stores;
use Amp\File\FilesystemException; use Amp\File\FilesystemException;
use Amp\Promise;
use Generator;
use InvalidArgumentException; use InvalidArgumentException;
use Kelunik\Certificate\Certificate; use Kelunik\Certificate\Certificate;
use function Amp\File\put;
use function Amp\File\chmod;
use function Amp\File\chown;
use function Amp\File\scandir;
use function Amp\File\unlink;
use function Amp\resolve;
use function Amp\File\rmdir;
class CertificateStore { class CertificateStore {
private $root; private $root;
public function __construct(string $root) { public function __construct($root) {
if (!is_string($root)) {
throw new InvalidArgumentException(sprintf("\$root must be of type string, %s given.", gettype($root)));
}
$this->root = rtrim(str_replace("\\", "/", $root), "/"); $this->root = rtrim(str_replace("\\", "/", $root), "/");
} }
public function put(array $certificates): Promise { public function put(array $certificates) {
return resolve($this->doPut($certificates)); return \Amp\resolve($this->doPut($certificates));
} }
private function doPut(array $certificates): Generator { private function doPut(array $certificates) {
if (empty($certificates)) { if (empty($certificates)) {
throw new InvalidArgumentException("Empty array not allowed"); throw new InvalidArgumentException("Empty array not allowed");
} }
@@ -52,31 +47,39 @@ class CertificateStore {
throw new FilesystemException("Couldn't create certificate directory: '{$path}'"); throw new FilesystemException("Couldn't create certificate directory: '{$path}'");
} }
yield put($path . "/cert.pem", $certificates[0]); yield \Amp\File\put($path . "/cert.pem", $certificates[0]);
yield chown($path . "/cert.pem", 0, 0); yield \Amp\File\chown($path . "/cert.pem", 0, 0);
yield chmod($path . "/cert.pem", 0640); yield \Amp\File\chmod($path . "/cert.pem", 0640);
yield put($path . "/fullchain.pem", implode("\n", $certificates)); yield \Amp\File\put($path . "/fullchain.pem", implode("\n", $certificates));
yield chown($path . "/fullchain.pem", 0, 0); yield \Amp\File\chown($path . "/fullchain.pem", 0, 0);
yield chmod($path . "/fullchain.pem", 0640); yield \Amp\File\chmod($path . "/fullchain.pem", 0640);
yield put($path . "/chain.pem", implode("\n", $chain)); yield \Amp\File\put($path . "/chain.pem", implode("\n", $chain));
yield chown($path . "/chain.pem", 0, 0); yield \Amp\File\chown($path . "/chain.pem", 0, 0);
yield chmod($path . "/chain.pem", 0640); yield \Amp\File\chmod($path . "/chain.pem", 0640);
} catch (FilesystemException $e) { } catch (FilesystemException $e) {
throw new CertificateStoreException("Couldn't save certificates for '{$commonName}'", 0, $e); throw new CertificateStoreException("Couldn't save certificates for '{$commonName}'", 0, $e);
} }
} }
public function delete(string $name): Promise { public function delete($name) {
return resolve($this->doDelete($name)); if (!is_string($name)) {
} throw new InvalidArgumentException(sprintf("\$name must be of type string, %s given.", gettype($name)));
private function doDelete(string $name): Generator {
foreach ((yield scandir($this->root . "/" . $name)) as $file) {
yield unlink($this->root . "/" . $name . "/" . $file);
} }
yield rmdir($this->root . "/" . $name); return \Amp\resolve($this->doDelete($name));
}
private function doDelete($name) {
if (!is_string($name)) {
throw new InvalidArgumentException(sprintf("\$name must be of type string, %s given.", gettype($name)));
}
foreach ((yield \Amp\File\scandir($this->root . "/" . $name)) as $file) {
yield \Amp\File\unlink($this->root . "/" . $name . "/" . $file);
}
yield \Amp\File\rmdir($this->root . "/" . $name);
} }
} }

58
src/Stores/ChallengeStore.php
View File

@@ -4,22 +4,48 @@ namespace Kelunik\AcmeClient\Stores;
use Amp\Promise; use Amp\Promise;
use Generator; use Generator;
use function Amp\File\put; use InvalidArgumentException;
use function Amp\File\unlink;
use function Amp\resolve;
class ChallengeStore { class ChallengeStore {
private $docroot; private $docroot;
public function __construct(string $docroot) { public function __construct($docroot) {
if (!is_string($docroot)) {
throw new InvalidArgumentException(sprintf("\$docroot must be of type string, %s given.", gettype($docroot)));
}
$this->docroot = rtrim(str_replace("\\", "/", $docroot), "/"); $this->docroot = rtrim(str_replace("\\", "/", $docroot), "/");
} }
public function put(string $token, string $payload, string $user): Promise { public function put($token, $payload, $user) {
return resolve($this->doPut($token, $payload, $user)); if (!is_string($token)) {
throw new InvalidArgumentException(sprintf("\$token must be of type string, %s given.", gettype($token)));
}
if (!is_string($payload)) {
throw new InvalidArgumentException(sprintf("\$payload must be of type string, %s given.", gettype($payload)));
}
if (!is_string($user)) {
throw new InvalidArgumentException(sprintf("\$user must be of type string, %s given.", gettype($user)));
}
return \Amp\resolve($this->doPut($token, $payload, $user));
} }
private function doPut(string $token, string $payload, string $user): Generator { private function doPut($token, $payload, $user) {
if (!is_string($token)) {
throw new InvalidArgumentException(sprintf("\$token must be of type string, %s given.", gettype($token)));
}
if (!is_string($payload)) {
throw new InvalidArgumentException(sprintf("\$payload must be of type string, %s given.", gettype($payload)));
}
if (!is_string($user)) {
throw new InvalidArgumentException(sprintf("\$user must be of type string, %s given.", gettype($user)));
}
$path = $this->docroot . "/.well-known/acme-challenge"; $path = $this->docroot . "/.well-known/acme-challenge";
$realpath = realpath($path); $realpath = realpath($path);
@@ -39,22 +65,30 @@ class ChallengeStore {
chown($this->docroot . "/.well-known", $userInfo["uid"]); chown($this->docroot . "/.well-known", $userInfo["uid"]);
chown($this->docroot . "/.well-known/acme-challenge", $userInfo["uid"]); chown($this->docroot . "/.well-known/acme-challenge", $userInfo["uid"]);
yield put("{$path}/{$token}", $payload); yield \Amp\File\put("{$path}/{$token}", $payload);
chown("{$path}/{$token}", $userInfo["uid"]); chown("{$path}/{$token}", $userInfo["uid"]);
chmod("{$path}/{$token}", 0660); chmod("{$path}/{$token}", 0660);
} }
public function delete(string $token): Promise { public function delete($token) {
return resolve($this->doDelete($token)); if (!is_string($token)) {
throw new InvalidArgumentException(sprintf("\$token must be of type string, %s given.", gettype($token)));
}
return \Amp\resolve($this->doDelete($token));
} }
private function doDelete(string $token): Generator { private function doDelete($token) {
if (!is_string($token)) {
throw new InvalidArgumentException(sprintf("\$token must be of type string, %s given.", gettype($token)));
}
$path = $this->docroot . "/.well-known/acme-challenge/{$token}"; $path = $this->docroot . "/.well-known/acme-challenge/{$token}";
$realpath = realpath($path); $realpath = realpath($path);
if ($realpath) { if ($realpath) {
yield unlink($realpath); yield \Amp\File\unlink($realpath);
} }
} }
} }

55
src/Stores/KeyStore.php
View File

@@ -2,28 +2,35 @@
namespace Kelunik\AcmeClient\Stores; namespace Kelunik\AcmeClient\Stores;
use Amp\CoroutineResult;
use Amp\File\FilesystemException; use Amp\File\FilesystemException;
use Amp\Promise; use InvalidArgumentException;
use Generator;
use Kelunik\Acme\KeyPair; use Kelunik\Acme\KeyPair;
use function Amp\File\chmod;
use function Amp\File\chown;
use function Amp\File\get;
use function Amp\File\put;
use function Amp\resolve;
class KeyStore { class KeyStore {
private $root; private $root;
public function __construct(string $root = "") { public function __construct($root = "") {
if (!is_string($root)) {
throw new InvalidArgumentException(sprintf("\$root must be of type string, %s given.", gettype($root)));
}
$this->root = rtrim(str_replace("\\", "/", $root), "/"); $this->root = rtrim(str_replace("\\", "/", $root), "/");
} }
public function get(string $path): Promise { public function get($path) {
return resolve($this->doGet($path)); if (!is_string($path)) {
throw new InvalidArgumentException(sprintf("\$root must be of type string, %s given.", gettype($path)));
}
return \Amp\resolve($this->doGet($path));
} }
private function doGet(string $path): Generator { private function doGet($path) {
if (!is_string($path)) {
throw new InvalidArgumentException(sprintf("\$root must be of type string, %s given.", gettype($path)));
}
$file = $this->root . "/" . $path; $file = $this->root . "/" . $path;
$realpath = realpath($file); $realpath = realpath($file);
@@ -31,7 +38,7 @@ class KeyStore {
throw new KeyStoreException("File not found: '{$file}'"); throw new KeyStoreException("File not found: '{$file}'");
} }
$privateKey = yield get($realpath); $privateKey = (yield \Amp\File\get($realpath));
$res = openssl_pkey_get_private($privateKey); $res = openssl_pkey_get_private($privateKey);
if ($res === false) { if ($res === false) {
@@ -40,27 +47,35 @@ class KeyStore {
$publicKey = openssl_pkey_get_details($res)["key"]; $publicKey = openssl_pkey_get_details($res)["key"];
return new KeyPair($privateKey, $publicKey); yield new CoroutineResult(new KeyPair($privateKey, $publicKey));
} }
public function put(string $path, KeyPair $keyPair): Promise { public function put($path, KeyPair $keyPair) {
return resolve($this->doPut($path, $keyPair)); if (!is_string($path)) {
throw new InvalidArgumentException(sprintf("\$root must be of type string, %s given.", gettype($path)));
}
return \Amp\resolve($this->doPut($path, $keyPair));
} }
private function doPut(string $path, KeyPair $keyPair): Generator { private function doPut($path, KeyPair $keyPair) {
if (!is_string($path)) {
throw new InvalidArgumentException(sprintf("\$root must be of type string, %s given.", gettype($path)));
}
$file = $this->root . "/" . $path; $file = $this->root . "/" . $path;
try { try {
// TODO: Replace with async version once available // TODO: Replace with async version once available
mkdir(dirname($file), 0770, true); mkdir(dirname($file), 0770, true);
yield put($file, $keyPair->getPrivate()); yield \Amp\File\put($file, $keyPair->getPrivate());
yield chmod($file, 0600); yield \Amp\File\chmod($file, 0600);
yield chown($file, 0, 0); yield \Amp\File\chown($file, 0, 0);
} catch (FilesystemException $e) { } catch (FilesystemException $e) {
throw new KeyStoreException("Could not save key.", 0, $e); throw new KeyStoreException("Could not save key.", 0, $e);
} }
return $keyPair; yield new CoroutineResult($keyPair);
} }
} }

2
src/functions.php
View File

@@ -2,7 +2,7 @@
namespace Kelunik\AcmeClient; namespace Kelunik\AcmeClient;
function commandToClass(string $command): string { function commandToClass($command) {
return __NAMESPACE__ . "\\Commands\\" . ucfirst($command); return __NAMESPACE__ . "\\Commands\\" . ucfirst($command);
} }