/**
* Revoke a certificate
*
* @param string $fqdn
*
* @return $this
*/
public function revoke($fqdn)
{
$this->findByDomainName($fqdn);
$response = $this->client->revokeCertificate(\JOSE_URLSafeBase64::encode($this->certificate), $this->getPrivateKey(), $this->getPublicKey());
$this->storage->delete($this, 'certificate');
print_r($response);
return $this;
}
static function encode($key, $extra_components = array())
{
switch (get_class($key)) {
case 'phpseclib\\Crypt\\RSA':
$components = array('kty' => 'RSA', 'e' => JOSE_URLSafeBase64::encode($key->publicExponent->toBytes()), 'n' => JOSE_URLSafeBase64::encode($key->modulus->toBytes()));
if ($key->exponent != $key->publicExponent) {
$components = array_merge($components, array('d' => JOSE_URLSafeBase64::encode($key->exponent->toBytes())));
}
return new self(array_merge($components, $extra_components));
default:
throw new JOSE_Exception_UnexpectedAlgorithm('Unknown key type');
}
}
protected function extract($segment, $as_binary = false)
{
$stringified = JOSE_URLSafeBase64::decode($segment);
if ($as_binary) {
$extracted = $stringified;
} else {
$extracted = json_decode($stringified);
if ($stringified !== 'null' && $extracted === null) {
throw new JOSE_Exception_InvalidFormat('Compact de-serialization failed');
}
}
return $extracted;
}
function postCheck($post, &$result)
{
$result = array();
$raw = json_decode($post, true);
// adds my public key
$public_key = new RSA();
$public_key->loadKey(file_get_contents('pub.key'));
$jwk = JOSE_JWK::encode($public_key);
//print_r($jwk);
$jwt = new JOSE_JWT();
$jwt->raw = $raw["protected"] . "." . $raw["payload"] . "." . $raw["signature"];
$jwt->header = json_decode(JOSE_URLSafeBase64::decode($raw["protected"]), true);
$jwt->claims = json_decode(JOSE_URLSafeBase64::decode($raw["payload"]), true);
$jwt->signature = JOSE_URLSafeBase64::decode($raw["signature"]);
// echo "S:\n"; echo JOSE_URLSafeBase64::decode($raw["signature"]);
file_put_contents("/tmp/jwt", print_r($jwt, true));
//print_r($jwt);
print_r($jwt->verify($public_key));
}
/**
* request a certificate for a domain name
* by calling new-cert acme api endpoint.
* YOU MUST have called newReg or getReg before that (on the same session)
* to choose which account to use
* @param string $fqdn a fully qualified domain name you want a cert for
* @param array $altNames (non-mandatory) other names to sign this certificate for
* Please note that all fqdn or altNames must have been validated through an Authz + Challenge call before
* (and not too long ago, FIXME: How long is it valid? shall we validate on our side?)
* @return array an hash containing all cert informations, including an ID from the Storage, key,csr,crt,chain as PEM strings
* @throws AcmeException
*/
function newCert($fqdn, $altNames = array())
{
$this->checkFqdn($fqdn);
// may throw Exception
// Generate a proper CSR / KEY
$key = $this->ssl->genRsa();
$csr = $this->ssl->genCsr($key, $fqdn, $altNames);
$dercsr = $this->ssl->pemToDer($csr);
$resource['csr'] = JOSE_URLSafeBase64::encode($dercsr);
list($headers, $content) = $this->stdCall("new-cert", $resource);
if (isset($headers["HTTP"])) {
if ($headers["HTTP"][1] != "200") {
throw new AcmeException("Error " . $headers["HTTP"][1] . " when calling the API", 2);
}
}
// FIXME WHAT DO I GET BACK ??
$cert = array("key" => $key, "csr" => $csr, "crt" => $content["crt"], "chain" => $content["chain"]);
// store it along with contact information
$id = $this->db->setCert($cert);
$cert["id"] = $id;
return $cert;
}
