-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
对比本项目与 RFC 8555 出入的地方 #3
base: rfc8555
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comment all changes
|
||
/** | ||
* @author Titouan Galopin <galopintitouan@gmail.com> | ||
*/ | ||
class AuthorizeCommand extends AbstractCommand | ||
{ | ||
use KeyOptionCommandTrait; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
因为 csrEager
需要生成 KEY
@@ -34,6 +43,14 @@ protected function configure() | |||
->setDefinition([ | |||
new InputOption('solver', 's', InputOption::VALUE_REQUIRED, 'The type of challenge solver to use (available: http, dns, route53)', 'http'), | |||
new InputArgument('domains', InputArgument::IS_ARRAY | InputArgument::REQUIRED, 'List of domains to ask an authorization for'), | |||
new InputOption('country', null, InputOption::VALUE_REQUIRED, 'Your country two-letters code (field "C" of the distinguished name, for instance: "US")'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
因为 csrEager
参数需要
@@ -68,8 +88,37 @@ protected function execute(InputInterface $input, OutputInterface $output) | |||
$solver = $solverLocator->get($solverName); | |||
$this->debug('Solver found', ['name' => $solverName]); | |||
|
|||
$alternativeNames = $domains; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
生成 CSR 的逻辑. 初始化订单时候一起提交
@@ -342,60 +342,4 @@ private function executeRenewal($domain, array $alternativeNames) | |||
throw $e; | |||
} | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
挪到 Trait 和 initializeOrder 方法共用
@@ -246,8 +246,36 @@ private function challengeDomains(array $domainConfig) | |||
$client = $this->getClient(); | |||
$domains = array_unique(array_merge([$domain], $domainConfig['subject_alternative_names'])); | |||
|
|||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
生成 CSR
src/Core/AcmeClient.php
Outdated
{ | ||
Assert::allStringNotEmpty($domains, 'requestOrder::$domains expected a list of strings. Got: %s'); | ||
|
||
$humanText = ['-----BEGIN CERTIFICATE REQUEST-----', '-----END CERTIFICATE REQUEST-----']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
将 CSR 内容转换成 UrlSafe
@@ -360,7 +366,10 @@ private function createAuthorizationChallenge($domain, array $response) | |||
$response['type'], | |||
$response['url'], | |||
$response['token'], | |||
$response['token'].'.'.$base64encoder->encode($this->getHttpClient()->getJWKThumbprint()) | |||
isset($response['filecontent']) ? $response['filecontent'] : ($response['token'].'.'.$base64encoder->encode($this->getHttpClient()->getJWKThumbprint())), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
因为 trustocean (comodoca) 的验证路径/文件名/内容不一致. 特意加上的补充参数
@@ -46,7 +46,7 @@ public function getCheckUrl(AuthorizationChallenge $authorizationChallenge) | |||
public function getCheckPath(AuthorizationChallenge $authorizationChallenge) | |||
{ | |||
return sprintf( | |||
'/.well-known/acme-challenge/%s', | |||
$authorizationChallenge->getPath() ? ($authorizationChallenge->getPath() . '%s') : '/.well-known/acme-challenge/%s', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/.well-known/acme-challenge/
=> /.well-known/pki-validation/
@@ -39,6 +39,7 @@ public function write($path, $content) | |||
|
|||
public function delete($path) | |||
{ | |||
return; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
keep un-deleted. because when program run here, comodo is not verified for certain yet.
*/ | ||
public function __construct($domain, $status, $type, $url, $token, $payload) | ||
public function __construct($domain, $status, $type, $url, $token, $payload, $path = null, $verifyurl = null, $filecontent = null) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
文件内容/路径/文件名有特殊要求
Adding Gandi.Net DNS solver class
Adding Gandi.Net DNS solver class
…-solver-aliyun
Feat solver aliyun
Fix test and add php 7.4
Added orderNotReady error type
Fix the wrong return type
Split Sign and Request
Fix getIssuerCertificate return type
No description provided.