private function doExecute(Manager $args) : Generator { if (posix_geteuid() !== 0) { throw new AcmeException("Please run this script as root!"); } $server = $args->get("server"); $protocol = substr($server, 0, strpos("://", $server)); if (!$protocol || $protocol === $server) { $server = "https://" . $server; } elseif ($protocol !== "https") { throw new \InvalidArgumentException("Invalid server protocol, only HTTPS supported"); } $keyPair = $this->checkRegistration($args); $acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair); $this->logger->info("Revoking certificate ..."); $pem = (yield get($args->get("cert"))); $cert = new Certificate($pem); if ($cert->getValidTo() < time()) { $this->logger->warning("Certificate did already expire, no need to revoke it."); return; } $this->logger->info("Certificate was valid for: " . implode(", ", $cert->getNames())); (yield $acme->revokeCertificate($pem)); $this->logger->info("Certificate has been revoked."); }
private function loadFile(string $filePath) : \Generator { if (isset($this->loadPromises[$filePath])) { (yield $this->loadPromises[$filePath]); return $this->dataCache[$filePath]; } $deferred = new Deferred(); $this->loadPromises[$filePath] = $deferred->promise(); $this->lockMutexes[$filePath] = new QueuedExclusiveMutex(); return (yield $this->lockMutexes[$filePath]->withLock(function () use($filePath, $deferred) { try { // we may have been waiting on a lock and it's been populated by now if (!isset($this->dataCache[$filePath])) { $this->dataCache[$filePath] = (yield exists($filePath)) ? json_try_decode((yield get($filePath)), true) : []; } } catch (\Throwable $e) { $this->dataCache[$filePath] = []; } finally { $deferred->succeed(); unset($this->loadPromises[$filePath]); } return $this->dataCache[$filePath]; })); }
private function doLoadKeyPair(string $path) : Generator { $privateExists = (yield exists("{$path}/private.pem")); $publicExists = (yield exists("{$path}/public.pem")); $lockExists = (yield exists("{$path}/key.lock")); if ($privateExists && $publicExists) { while ($lockExists) { (yield new Pause(500)); $lockExists = (yield exists("{$path}/key.lock")); } return new KeyPair((yield get("{$path}/private.pem")), (yield get("{$path}/public.pem"))); } $lock = new Lock("{$path}/key.lock"); try { $lock->acquire(); $gen = new OpenSSLKeyGenerator(); $keyPair = $gen->generate(4096); (yield put("{$path}/private.pem", $keyPair->getPrivate())); (yield put("{$path}/public.pem", $keyPair->getPublic())); return $keyPair; } catch (Exception $e) { do { (yield new Pause(500)); $lockExists = (yield exists("{$path}/key.lock")); } while ($lockExists); return new KeyPair((yield get("{$path}/private.pem")), (yield get("{$path}/public.pem"))); } finally { $lock->release(); unlink("{$path}/key.lock"); // do not yield in finally! } }
private function doGetKeyPair(string $dns) : Generator { return new KeyPair((yield get($this->configPath . "/keys/{$dns}/private.pem")), (yield get($this->configPath . "/keys/{$dns}/public.pem"))); }