Merge pull request #14 from ekohl/fixes

Permission fixes and rewrite to kelunik/acme 0.3.0-dev
Rewrite to kelunik/acme version 0.3.0-dev
2016-02-24 15:45:51 +01:00 · 2016-02-24 15:33:38 +01:00 · 2016-02-24 15:33:34 +01:00 · 2016-02-23 16:20:11 +01:00
4 changed files with 17 additions and 21 deletions
--- a/composer.json
+++ b/composer.json
@@ -6,8 +6,8 @@
        "ext-posix": "*",
        "ext-openssl": "*",
        "bramus/monolog-colored-line-formatter": "^2",
-        "kelunik/acme": "dev-master",
-        "kelunik/certificate": "dev-master",
+        "kelunik/acme": "^0.3",
+        "kelunik/certificate": "^1",
        "league/climate": "^3",
        "monolog/monolog": "^1.17",
        "psr/log": "^1",
--- a/src/Commands/Issue.php
+++ b/src/Commands/Issue.php
@@ -32,11 +32,16 @@ class Issue implements Command {

    private function doExecute(Manager $args): Generator {
        if (posix_geteuid() !== 0) {
-            throw new AcmeException("Please run this script as root!");
+            $processUser = posix_getpwuid(posix_geteuid());
+            $currentUsername = $processUser['name'];
+            $user = $args->get("user") ?? $currentUsername;
+            if ($currentUsername !== $user) {
+                throw new AcmeException("Running this script with --user only works as root");
+            }
+        } else {
+            $user = $args->get("user") ?? "www-data";
        }

-        $user = $args->get("user") ?? "www-data";
-
        $server = $args->get("server");
        $protocol = substr($server, 0, strpos("://", $server));

@@ -52,7 +57,7 @@ class Issue implements Command {

        $keyPair = $this->checkRegistration($args);

-        $acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
+        $acme = new AcmeService(new AcmeClient($server, $keyPair));

        foreach ($domains as $domain) {
            list($location, $challenges) = yield $acme->requestChallenges($domain);
@@ -70,7 +75,7 @@ class Issue implements Command {
            }

            $this->logger->debug("Generating payload...");
-            $payload = $acme->generateHttp01Payload($token);
+            $payload = $acme->generateHttp01Payload($keyPair, $token);

            $docRoot = rtrim($args->get("path") ?? __DIR__ . "/../../data/public", "/\\");
            $path = $docRoot . "/.well-known/acme-challenge";
@@ -95,9 +100,9 @@ class Issue implements Command {

                file_put_contents("{$path}/{$token}", $payload);
                chown("{$path}/{$token}", $userInfo["uid"]);
-                chmod("{$path}/{$token}", 0660);
+                chmod("{$path}/{$token}", 0664);

-                yield $acme->selfVerify($domain, $token, $payload);
+                yield $acme->verifyHttp01Challenge($domain, $token, $payload);
                $this->logger->info("Successfully self-verified challenge.");

                yield $acme->answerChallenge($challenge->uri, $payload);
--- a/src/Commands/Register.php
+++ b/src/Commands/Register.php
@@ -29,10 +29,6 @@ class Register implements Command {
    }

    public function doExecute(Manager $args): Generator {
-        if (posix_geteuid() !== 0) {
-            throw new AcmeException("Please run this script as root!");
-        }
-
        $email = $args->get("email");
        yield resolve($this->checkEmail($email));

@@ -70,11 +66,10 @@ class Register implements Command {
            file_put_contents($pathPrivate, $keyPair->getPrivate());
            file_put_contents($pathPublic, $keyPair->getPublic());

-            chmod($pathPrivate, 600);
-            chmod($pathPrivate, 600);
+            chmod($pathPrivate, 0600);
        }

-        $acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
+        $acme = new AcmeService(new AcmeClient($server, $keyPair));

        $this->logger->info("Registering with ACME server " . substr($server, 8) . " ...");

--- a/src/Commands/Revoke.php
+++ b/src/Commands/Revoke.php
@@ -27,10 +27,6 @@ class Revoke implements Command {
    }

    private function doExecute(Manager $args): Generator {
-        if (posix_geteuid() !== 0) {
-            throw new AcmeException("Please run this script as root!");
-        }
-
        $server = $args->get("server");
        $protocol = substr($server, 0, strpos("://", $server));

@@ -41,7 +37,7 @@ class Revoke implements Command {
        }

        $keyPair = $this->checkRegistration($args);
-        $acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
+        $acme = new AcmeService(new AcmeClient($server, $keyPair));

        $this->logger->info("Revoking certificate ...");
Author	SHA1	Message	Date
Niklas Keller	9b34d667d0	Merge pull request #14 from ekohl/fixes Permission fixes and rewrite to kelunik/acme 0.3.0-dev	2016-02-24 15:45:51 +01:00
Ewoud Kohl van Wijngaarden	8ed17841b8	Rewrite to kelunik/acme version 0.3.0-dev	2016-02-24 15:33:38 +01:00
Ewoud Kohl van Wijngaarden	1fcd437aaf	Remove the requirement to run as root	2016-02-24 15:33:34 +01:00
Ewoud Kohl van Wijngaarden	0db38e9d95	Correct permissions on files	2016-02-23 16:20:11 +01:00