daxi20/acmeclient
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #14 from ekohl/fixes

Browse Source 
Permission fixes and rewrite to kelunik/acme 0.3.0-dev
This commit is contained in:
Niklas Keller
2016-02-24 15:45:51 +01:00
parent b1e3839323 8ed17841b8
commit 9b34d667d0
4 changed files with 17 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
composer.json
View File

@@ -6,8 +6,8 @@
"ext-posix": "*",
"ext-openssl": "*",
"bramus/monolog-colored-line-formatter": "^2",
"kelunik/acme": "dev-master",
"kelunik/certificate": "dev-master",
"kelunik/acme": "^0.3",
"kelunik/certificate": "^1",
"league/climate": "^3",
"monolog/monolog": "^1.17",
"psr/log": "^1",

19
src/Commands/Issue.php
View File

@@ -32,11 +32,16 @@ class Issue implements Command {
private function doExecute(Manager $args): Generator {
if (posix_geteuid() !== 0) {
throw new AcmeException("Please run this script as root!");
$processUser = posix_getpwuid(posix_geteuid());
$currentUsername = $processUser['name'];
$user = $args->get("user") ?? $currentUsername;
if ($currentUsername !== $user) {
throw new AcmeException("Running this script with --user only works as root");
}
} else {
$user = $args->get("user") ?? "www-data";
}
$user = $args->get("user") ?? "www-data";
$server = $args->get("server");
$protocol = substr($server, 0, strpos("://", $server));
@@ -52,7 +57,7 @@ class Issue implements Command {
$keyPair = $this->checkRegistration($args);
$acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
$acme = new AcmeService(new AcmeClient($server, $keyPair));
foreach ($domains as $domain) {
list($location, $challenges) = yield $acme->requestChallenges($domain);
@@ -70,7 +75,7 @@ class Issue implements Command {
}
$this->logger->debug("Generating payload...");
$payload = $acme->generateHttp01Payload($token);
$payload = $acme->generateHttp01Payload($keyPair, $token);
$docRoot = rtrim($args->get("path") ?? __DIR__ . "/../../data/public", "/\\");
$path = $docRoot . "/.well-known/acme-challenge";
@@ -95,9 +100,9 @@ class Issue implements Command {
file_put_contents("{$path}/{$token}", $payload);
chown("{$path}/{$token}", $userInfo["uid"]);
chmod("{$path}/{$token}", 0660);
chmod("{$path}/{$token}", 0664);
yield $acme->selfVerify($domain, $token, $payload);
yield $acme->verifyHttp01Challenge($domain, $token, $payload);
$this->logger->info("Successfully self-verified challenge.");
yield $acme->answerChallenge($challenge->uri, $payload);

9
src/Commands/Register.php
View File

@@ -29,10 +29,6 @@ class Register implements Command {
}
public function doExecute(Manager $args): Generator {
if (posix_geteuid() !== 0) {
throw new AcmeException("Please run this script as root!");
}
$email = $args->get("email");
yield resolve($this->checkEmail($email));
@@ -70,11 +66,10 @@ class Register implements Command {
file_put_contents($pathPrivate, $keyPair->getPrivate());
file_put_contents($pathPublic, $keyPair->getPublic());
chmod($pathPrivate, 600);
chmod($pathPrivate, 600);
chmod($pathPrivate, 0600);
}
$acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
$acme = new AcmeService(new AcmeClient($server, $keyPair));
$this->logger->info("Registering with ACME server " . substr($server, 8) . " ...");

6
src/Commands/Revoke.php
View File

@@ -27,10 +27,6 @@ class Revoke implements Command {
}
private function doExecute(Manager $args): Generator {
if (posix_geteuid() !== 0) {
throw new AcmeException("Please run this script as root!");
}
$server = $args->get("server");
$protocol = substr($server, 0, strpos("://", $server));
@@ -41,7 +37,7 @@ class Revoke implements Command {
}
$keyPair = $this->checkRegistration($args);
$acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
$acme = new AcmeService(new AcmeClient($server, $keyPair));
$this->logger->info("Revoking certificate ...");