Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

对比本项目与 RFC 8555 出入的地方 #3

Open
wants to merge 174 commits into
base: rfc8555
Choose a base branch
from
Open

Conversation

xiaohuilam
Copy link

No description provided.

@xiaohuilam xiaohuilam added the documentation Improvements or additions to documentation label Jul 30, 2019
@digitalsign digitalsign locked as off-topic and limited conversation to collaborators Jul 30, 2019
@xiaohuilam xiaohuilam added the wontfix This will not be worked on label Jul 30, 2019
Copy link
Author

@xiaohuilam xiaohuilam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comment all changes


/**
* @author Titouan Galopin <galopintitouan@gmail.com>
*/
class AuthorizeCommand extends AbstractCommand
{
use KeyOptionCommandTrait;
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

因为 csrEager 需要生成 KEY

@@ -34,6 +43,14 @@ protected function configure()
->setDefinition([
new InputOption('solver', 's', InputOption::VALUE_REQUIRED, 'The type of challenge solver to use (available: http, dns, route53)', 'http'),
new InputArgument('domains', InputArgument::IS_ARRAY | InputArgument::REQUIRED, 'List of domains to ask an authorization for'),
new InputOption('country', null, InputOption::VALUE_REQUIRED, 'Your country two-letters code (field "C" of the distinguished name, for instance: "US")'),
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

因为 csrEager 参数需要

@@ -68,8 +88,37 @@ protected function execute(InputInterface $input, OutputInterface $output)
$solver = $solverLocator->get($solverName);
$this->debug('Solver found', ['name' => $solverName]);

$alternativeNames = $domains;
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

生成 CSR 的逻辑. 初始化订单时候一起提交

@@ -342,60 +342,4 @@ private function executeRenewal($domain, array $alternativeNames)
throw $e;
}
}

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

挪到 Trait 和 initializeOrder 方法共用

@@ -246,8 +246,36 @@ private function challengeDomains(array $domainConfig)
$client = $this->getClient();
$domains = array_unique(array_merge([$domain], $domainConfig['subject_alternative_names']));


Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

生成 CSR

{
Assert::allStringNotEmpty($domains, 'requestOrder::$domains expected a list of strings. Got: %s');

$humanText = ['-----BEGIN CERTIFICATE REQUEST-----', '-----END CERTIFICATE REQUEST-----'];
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

将 CSR 内容转换成 UrlSafe

@@ -360,7 +366,10 @@ private function createAuthorizationChallenge($domain, array $response)
$response['type'],
$response['url'],
$response['token'],
$response['token'].'.'.$base64encoder->encode($this->getHttpClient()->getJWKThumbprint())
isset($response['filecontent']) ? $response['filecontent'] : ($response['token'].'.'.$base64encoder->encode($this->getHttpClient()->getJWKThumbprint())),
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

因为 trustocean (comodoca) 的验证路径/文件名/内容不一致. 特意加上的补充参数

@@ -46,7 +46,7 @@ public function getCheckUrl(AuthorizationChallenge $authorizationChallenge)
public function getCheckPath(AuthorizationChallenge $authorizationChallenge)
{
return sprintf(
'/.well-known/acme-challenge/%s',
$authorizationChallenge->getPath() ? ($authorizationChallenge->getPath() . '%s') : '/.well-known/acme-challenge/%s',
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/.well-known/acme-challenge/ => /.well-known/pki-validation/

@@ -39,6 +39,7 @@ public function write($path, $content)

public function delete($path)
{
return;
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

keep un-deleted. because when program run here, comodo is not verified for certain yet.

*/
public function __construct($domain, $status, $type, $url, $token, $payload)
public function __construct($domain, $status, $type, $url, $token, $payload, $path = null, $verifyurl = null, $filecontent = null)
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

文件内容/路径/文件名有特殊要求

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Improvements or additions to documentation wontfix This will not be worked on
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants