/**
* Revoke a certificate
*
* @param string $fqdn
*
* @return $this
*/
public function revoke($fqdn)
{
$this->findByDomainName($fqdn);
$response = $this->client->revokeCertificate(\JOSE_URLSafeBase64::encode($this->certificate), $this->getPrivateKey(), $this->getPublicKey());
$this->storage->delete($this, 'certificate');
print_r($response);
return $this;
}
protected function compact($segment)
{
if (is_object($segment)) {
$stringified = str_replace("\\/", "/", json_encode($segment));
} else {
$stringified = $segment;
}
if ($stringified === 'null' && $segment !== null) {
// shouldn't happen, just for safe
throw new JOSE_Exception_InvalidFormat('Compact seriarization failed');
}
return JOSE_URLSafeBase64::encode($stringified);
}
static function encode($key, $extra_components = array())
{
switch (get_class($key)) {
case 'phpseclib\\Crypt\\RSA':
$components = array('kty' => 'RSA', 'e' => JOSE_URLSafeBase64::encode($key->publicExponent->toBytes()), 'n' => JOSE_URLSafeBase64::encode($key->modulus->toBytes()));
if ($key->exponent != $key->publicExponent) {
$components = array_merge($components, array('d' => JOSE_URLSafeBase64::encode($key->exponent->toBytes())));
}
return new self(array_merge($components, $extra_components));
default:
throw new JOSE_Exception_UnexpectedAlgorithm('Unknown key type');
}
}
/**
* request a certificate for a domain name
* by calling new-cert acme api endpoint.
* YOU MUST have called newReg or getReg before that (on the same session)
* to choose which account to use
* @param string $fqdn a fully qualified domain name you want a cert for
* @param array $altNames (non-mandatory) other names to sign this certificate for
* Please note that all fqdn or altNames must have been validated through an Authz + Challenge call before
* (and not too long ago, FIXME: How long is it valid? shall we validate on our side?)
* @return array an hash containing all cert informations, including an ID from the Storage, key,csr,crt,chain as PEM strings
* @throws AcmeException
*/
function newCert($fqdn, $altNames = array())
{
$this->checkFqdn($fqdn);
// may throw Exception
// Generate a proper CSR / KEY
$key = $this->ssl->genRsa();
$csr = $this->ssl->genCsr($key, $fqdn, $altNames);
$dercsr = $this->ssl->pemToDer($csr);
$resource['csr'] = JOSE_URLSafeBase64::encode($dercsr);
list($headers, $content) = $this->stdCall("new-cert", $resource);
if (isset($headers["HTTP"])) {
if ($headers["HTTP"][1] != "200") {
throw new AcmeException("Error " . $headers["HTTP"][1] . " when calling the API", 2);
}
}
// FIXME WHAT DO I GET BACK ??
$cert = array("key" => $key, "csr" => $csr, "crt" => $content["crt"], "chain" => $content["chain"]);
// store it along with contact information
$id = $this->db->setCert($cert);
$cert["id"] = $id;
return $cert;
}
