private function doExecute(Manager $args) : Generator
{
if (posix_geteuid() !== 0) {
throw new AcmeException("Please run this script as root!");
}
$server = $args->get("server");
$protocol = substr($server, 0, strpos("://", $server));
if (!$protocol || $protocol === $server) {
$server = "https://" . $server;
} elseif ($protocol !== "https") {
throw new \InvalidArgumentException("Invalid server protocol, only HTTPS supported");
}
$keyPair = $this->checkRegistration($args);
$acme = new AcmeService(new AcmeClient($server, $keyPair), $keyPair);
$this->logger->info("Revoking certificate ...");
$pem = (yield get($args->get("cert")));
$cert = new Certificate($pem);
if ($cert->getValidTo() < time()) {
$this->logger->warning("Certificate did already expire, no need to revoke it.");
return;
}
$this->logger->info("Certificate was valid for: " . implode(", ", $cert->getNames()));
(yield $acme->revokeCertificate($pem));
$this->logger->info("Certificate has been revoked.");
}
private function loadFile(string $filePath) : \Generator
{
if (isset($this->loadPromises[$filePath])) {
(yield $this->loadPromises[$filePath]);
return $this->dataCache[$filePath];
}
$deferred = new Deferred();
$this->loadPromises[$filePath] = $deferred->promise();
$this->lockMutexes[$filePath] = new QueuedExclusiveMutex();
return (yield $this->lockMutexes[$filePath]->withLock(function () use($filePath, $deferred) {
try {
// we may have been waiting on a lock and it's been populated by now
if (!isset($this->dataCache[$filePath])) {
$this->dataCache[$filePath] = (yield exists($filePath)) ? json_try_decode((yield get($filePath)), true) : [];
}
} catch (\Throwable $e) {
$this->dataCache[$filePath] = [];
} finally {
$deferred->succeed();
unset($this->loadPromises[$filePath]);
}
return $this->dataCache[$filePath];
}));
}
private function doLoadKeyPair(string $path) : Generator
{
$privateExists = (yield exists("{$path}/private.pem"));
$publicExists = (yield exists("{$path}/public.pem"));
$lockExists = (yield exists("{$path}/key.lock"));
if ($privateExists && $publicExists) {
while ($lockExists) {
(yield new Pause(500));
$lockExists = (yield exists("{$path}/key.lock"));
}
return new KeyPair((yield get("{$path}/private.pem")), (yield get("{$path}/public.pem")));
}
$lock = new Lock("{$path}/key.lock");
try {
$lock->acquire();
$gen = new OpenSSLKeyGenerator();
$keyPair = $gen->generate(4096);
(yield put("{$path}/private.pem", $keyPair->getPrivate()));
(yield put("{$path}/public.pem", $keyPair->getPublic()));
return $keyPair;
} catch (Exception $e) {
do {
(yield new Pause(500));
$lockExists = (yield exists("{$path}/key.lock"));
} while ($lockExists);
return new KeyPair((yield get("{$path}/private.pem")), (yield get("{$path}/public.pem")));
} finally {
$lock->release();
unlink("{$path}/key.lock");
// do not yield in finally!
}
}
private function doGetKeyPair(string $dns) : Generator
{
return new KeyPair((yield get($this->configPath . "/keys/{$dns}/private.pem")), (yield get($this->configPath . "/keys/{$dns}/public.pem")));
}
