/** * Revoke a certificate * * @param string $fqdn * * @return $this */ public function revoke($fqdn) { $this->findByDomainName($fqdn); $response = $this->client->revokeCertificate(\JOSE_URLSafeBase64::encode($this->certificate), $this->getPrivateKey(), $this->getPublicKey()); $this->storage->delete($this, 'certificate'); print_r($response); return $this; }
static function encode($key, $extra_components = array()) { switch (get_class($key)) { case 'phpseclib\\Crypt\\RSA': $components = array('kty' => 'RSA', 'e' => JOSE_URLSafeBase64::encode($key->publicExponent->toBytes()), 'n' => JOSE_URLSafeBase64::encode($key->modulus->toBytes())); if ($key->exponent != $key->publicExponent) { $components = array_merge($components, array('d' => JOSE_URLSafeBase64::encode($key->exponent->toBytes()))); } return new self(array_merge($components, $extra_components)); default: throw new JOSE_Exception_UnexpectedAlgorithm('Unknown key type'); } }
protected function extract($segment, $as_binary = false) { $stringified = JOSE_URLSafeBase64::decode($segment); if ($as_binary) { $extracted = $stringified; } else { $extracted = json_decode($stringified); if ($stringified !== 'null' && $extracted === null) { throw new JOSE_Exception_InvalidFormat('Compact de-serialization failed'); } } return $extracted; }
function postCheck($post, &$result) { $result = array(); $raw = json_decode($post, true); // adds my public key $public_key = new RSA(); $public_key->loadKey(file_get_contents('pub.key')); $jwk = JOSE_JWK::encode($public_key); //print_r($jwk); $jwt = new JOSE_JWT(); $jwt->raw = $raw["protected"] . "." . $raw["payload"] . "." . $raw["signature"]; $jwt->header = json_decode(JOSE_URLSafeBase64::decode($raw["protected"]), true); $jwt->claims = json_decode(JOSE_URLSafeBase64::decode($raw["payload"]), true); $jwt->signature = JOSE_URLSafeBase64::decode($raw["signature"]); // echo "S:\n"; echo JOSE_URLSafeBase64::decode($raw["signature"]); file_put_contents("/tmp/jwt", print_r($jwt, true)); //print_r($jwt); print_r($jwt->verify($public_key)); }
/** * request a certificate for a domain name * by calling new-cert acme api endpoint. * YOU MUST have called newReg or getReg before that (on the same session) * to choose which account to use * @param string $fqdn a fully qualified domain name you want a cert for * @param array $altNames (non-mandatory) other names to sign this certificate for * Please note that all fqdn or altNames must have been validated through an Authz + Challenge call before * (and not too long ago, FIXME: How long is it valid? shall we validate on our side?) * @return array an hash containing all cert informations, including an ID from the Storage, key,csr,crt,chain as PEM strings * @throws AcmeException */ function newCert($fqdn, $altNames = array()) { $this->checkFqdn($fqdn); // may throw Exception // Generate a proper CSR / KEY $key = $this->ssl->genRsa(); $csr = $this->ssl->genCsr($key, $fqdn, $altNames); $dercsr = $this->ssl->pemToDer($csr); $resource['csr'] = JOSE_URLSafeBase64::encode($dercsr); list($headers, $content) = $this->stdCall("new-cert", $resource); if (isset($headers["HTTP"])) { if ($headers["HTTP"][1] != "200") { throw new AcmeException("Error " . $headers["HTTP"][1] . " when calling the API", 2); } } // FIXME WHAT DO I GET BACK ?? $cert = array("key" => $key, "csr" => $csr, "crt" => $content["crt"], "chain" => $content["chain"]); // store it along with contact information $id = $this->db->setCert($cert); $cert["id"] = $id; return $cert; }