public function test signCertificateRequest with subject alternative names()
{
$dummyDistinguishedName = new DistinguishedName('acmephp.com', 'FR', 'france', 'Paris', 'acme', 'IT', '*****@*****.**', ['www.acmephp.com']);
$dummyKeyPair = (new KeyPairGenerator())->generateKeyPair(1024);
$result = $this->service->signCertificateRequest(new CertificateRequest($dummyDistinguishedName, $dummyKeyPair));
$this->assertInternalType('string', $result);
$this->assertContains('-----BEGIN CERTIFICATE REQUEST-----', $result);
$csrResult = openssl_csr_get_subject($result, false);
$this->assertSame(['commonName' => 'acmephp.com', 'countryName' => 'FR', 'stateOrProvinceName' => 'france', 'localityName' => 'Paris', 'organizationName' => 'acme', 'organizationalUnitName' => 'IT', 'emailAddress' => '*****@*****.**'], $csrResult);
}
/**
* {@inheritdoc}
*/
public function requestCertificate($domain, CertificateRequest $csr, $timeout = 180)
{
Assert::stringNotEmpty($domain, 'requestCertificate::$domain expected a non-empty string. Got: %s');
Assert::integer($timeout, 'requestCertificate::$timeout expected an integer. Got: %s');
$humanText = ['-----BEGIN CERTIFICATE REQUEST-----', '-----END CERTIFICATE REQUEST-----'];
$csrContent = $this->csrSigner->signCertificateRequest($csr);
$csrContent = trim(str_replace($humanText, '', $csrContent));
$csrContent = trim($this->httpClient->getBase64Encoder()->encode(base64_decode($csrContent)));
$response = $this->requestResource('POST', ResourcesDirectory::NEW_CERTIFICATE, ['resource' => ResourcesDirectory::NEW_CERTIFICATE, 'csr' => $csrContent], false);
// If the CA has not yet issued the certificate, the body of this response will be empty
if (strlen(trim($response)) < 10) {
// 10 to avoid false results
$location = $this->httpClient->getLastLocation();
// Waiting loop
$endTime = time() + $timeout;
while (time() <= $endTime) {
$response = $this->httpClient->unsignedRequest('GET', $location, null, false);
if (200 === $this->httpClient->getLastCode()) {
break;
}
if (202 !== $this->httpClient->getLastCode()) {
throw new CertificateRequestFailedException($response);
}
sleep(1);
}
if (202 === $this->httpClient->getLastCode()) {
throw new CertificateRequestTimedOutException($response);
}
}
// Find issuers certificate
$links = $this->httpClient->getLastLinks();
$certificatesChain = null;
foreach ($links as $link) {
if (!isset($link['rel']) || 'up' !== $link['rel']) {
continue;
}
$location = trim($link[0], '<>');
$certificate = $this->httpClient->unsignedRequest('GET', $location, null, false);
if (strlen(trim($certificate)) > 10) {
$pem = chunk_split(base64_encode($certificate), 64, "\n");
$pem = "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
$certificatesChain = new Certificate($pem, $certificatesChain);
}
}
// Domain certificate
$pem = chunk_split(base64_encode($response), 64, "\n");
$pem = "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
return new CertificateResponse($csr, new Certificate($pem, $certificatesChain));
}
