daxi20/acmeclient
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove renew and replace with check mechanism, remove sudo requirement, add multiple accounts again

Browse Source
This commit is contained in:
Niklas Keller
2016-03-12 16:26:49 +01:00
parent 37d054975c
commit 68afa4e0e9
14 changed files with 260 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/Stores/CertificateStore.php
View File

@@ -5,6 +5,7 @@ namespace Kelunik\AcmeClient\Stores;
use Amp\File\FilesystemException;
use InvalidArgumentException;
use Kelunik\Certificate\Certificate;
use Webmozart\Assert\Assert;
class CertificateStore {
private $root;
@@ -43,38 +44,29 @@ class CertificateStore {
$path = $this->root . "/" . $commonName;
$realpath = realpath($path);
if (!$realpath && !mkdir($path, 0770, true)) {
if (!$realpath && !mkdir($path, 0775, true)) {
throw new FilesystemException("Couldn't create certificate directory: '{$path}'");
}
yield \Amp\File\put($path . "/cert.pem", $certificates[0]);
yield \Amp\File\chown($path . "/cert.pem", 0, 0);
yield \Amp\File\chmod($path . "/cert.pem", 0640);
yield \Amp\File\chmod($path . "/cert.pem", 0644);
yield \Amp\File\put($path . "/fullchain.pem", implode("\n", $certificates));
yield \Amp\File\chown($path . "/fullchain.pem", 0, 0);
yield \Amp\File\chmod($path . "/fullchain.pem", 0640);
yield \Amp\File\chmod($path . "/fullchain.pem", 0644);
yield \Amp\File\put($path . "/chain.pem", implode("\n", $chain));
yield \Amp\File\chown($path . "/chain.pem", 0, 0);
yield \Amp\File\chmod($path . "/chain.pem", 0640);
yield \Amp\File\chmod($path . "/chain.pem", 0644);
} catch (FilesystemException $e) {
throw new CertificateStoreException("Couldn't save certificates for '{$commonName}'", 0, $e);
}
}
public function delete($name) {
if (!is_string($name)) {
throw new InvalidArgumentException(sprintf("\$name must be of type string, %s given.", gettype($name)));
}
return \Amp\resolve($this->doDelete($name));
}
private function doDelete($name) {
if (!is_string($name)) {
throw new InvalidArgumentException(sprintf("\$name must be of type string, %s given.", gettype($name)));
}
Assert::string($name, "Name must be a string. Got: %s");
foreach ((yield \Amp\File\scandir($this->root . "/" . $name)) as $file) {
yield \Amp\File\unlink($this->root . "/" . $name . "/" . $file);

63
src/Stores/ChallengeStore.php
View File

@@ -2,9 +2,8 @@
namespace Kelunik\AcmeClient\Stores;
use Amp\Promise;
use Generator;
use InvalidArgumentException;
use Webmozart\Assert\Assert;
class ChallengeStore {
private $docroot;
@@ -17,34 +16,14 @@ class ChallengeStore {
$this->docroot = rtrim(str_replace("\\", "/", $docroot), "/");
}
public function put($token, $payload, $user) {
if (!is_string($token)) {
throw new InvalidArgumentException(sprintf("\$token must be of type string, %s given.", gettype($token)));
}
if (!is_string($payload)) {
throw new InvalidArgumentException(sprintf("\$payload must be of type string, %s given.", gettype($payload)));
}
if (!is_string($user)) {
throw new InvalidArgumentException(sprintf("\$user must be of type string, %s given.", gettype($user)));
}
public function put($token, $payload, $user = null) {
return \Amp\resolve($this->doPut($token, $payload, $user));
}
private function doPut($token, $payload, $user) {
if (!is_string($token)) {
throw new InvalidArgumentException(sprintf("\$token must be of type string, %s given.", gettype($token)));
}
if (!is_string($payload)) {
throw new InvalidArgumentException(sprintf("\$payload must be of type string, %s given.", gettype($payload)));
}
if (!is_string($user)) {
throw new InvalidArgumentException(sprintf("\$user must be of type string, %s given.", gettype($user)));
}
private function doPut($token, $payload, $user = null) {
Assert::string($token, "Token must be a string. Got: %s");
Assert::string($payload, "Payload must be a string. Got: %s");
Assert::nullOrString($user, "User must be a string or null. Got: %s");
$path = $this->docroot . "/.well-known/acme-challenge";
$realpath = realpath($path);
@@ -53,36 +32,36 @@ class ChallengeStore {
throw new ChallengeStoreException("Document root doesn't exist: '{$this->docroot}'");
}
if (!$realpath && !@mkdir($path, 0770, true)) {
if (!$realpath && !@mkdir($path, 0755, true)) {
throw new ChallengeStoreException("Couldn't create public directory to serve the challenges: '{$path}'");
}
if (!$userInfo = posix_getpwnam($user)) {
throw new ChallengeStoreException("Unknown user: '{$user}'");
if ($user) {
if (!$userInfo = posix_getpwnam($user)) {
throw new ChallengeStoreException("Unknown user: '{$user}'");
}
}
// TODO: Make async, see https://github.com/amphp/file/issues/6
chown($this->docroot . "/.well-known", $userInfo["uid"]);
chown($this->docroot . "/.well-known/acme-challenge", $userInfo["uid"]);
if (isset($userInfo)) {
yield \Amp\File\chown($this->docroot . "/.well-known", $userInfo["uid"], -1);
yield \Amp\File\chown($this->docroot . "/.well-known/acme-challenge", $userInfo["uid"], -1);
}
yield \Amp\File\put("{$path}/{$token}", $payload);
chown("{$path}/{$token}", $userInfo["uid"]);
chmod("{$path}/{$token}", 0660);
if (isset($userInfo)) {
yield \Amp\File\chown("{$path}/{$token}", $userInfo["uid"], -1);
}
yield \Amp\File\chmod("{$path}/{$token}", 0644);
}
public function delete($token) {
if (!is_string($token)) {
throw new InvalidArgumentException(sprintf("\$token must be of type string, %s given.", gettype($token)));
}
return \Amp\resolve($this->doDelete($token));
}
private function doDelete($token) {
if (!is_string($token)) {
throw new InvalidArgumentException(sprintf("\$token must be of type string, %s given.", gettype($token)));
}
Assert::string($token, "Token must be a string. Got: %s");
$path = $this->docroot . "/.well-known/acme-challenge/{$token}";
$realpath = realpath($path);

2
src/Stores/KeyStore.php
View File

@@ -67,7 +67,7 @@ class KeyStore {
try {
// TODO: Replace with async version once available
mkdir(dirname($file), 0770, true);
mkdir(dirname($file), 0755, true);
yield \Amp\File\put($file, $keyPair->getPrivate());
yield \Amp\File\chmod($file, 0600);