forked from acmephp/core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAcmeClientInterface.php
127 lines (118 loc) · 5.57 KB
/
AcmeClientInterface.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
/*
* This file is part of the Acme PHP project.
*
* (c) Titouan Galopin <[email protected]>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace AcmePhp\Core;
use AcmePhp\Core\Exception\AcmeCoreClientException;
use AcmePhp\Core\Exception\AcmeCoreServerException;
use AcmePhp\Core\Exception\Protocol\CertificateRequestFailedException;
use AcmePhp\Core\Exception\Protocol\CertificateRequestTimedOutException;
use AcmePhp\Core\Exception\Protocol\CertificateRevocationException;
use AcmePhp\Core\Exception\Protocol\ChallengeFailedException;
use AcmePhp\Core\Exception\Protocol\ChallengeNotSupportedException;
use AcmePhp\Core\Exception\Protocol\ChallengeTimedOutException;
use AcmePhp\Core\Http\SecureHttpClient;
use AcmePhp\Core\Protocol\AuthorizationChallenge;
use AcmePhp\Core\Protocol\RevocationReason;
use AcmePhp\Ssl\Certificate;
use AcmePhp\Ssl\CertificateRequest;
use AcmePhp\Ssl\CertificateResponse;
/**
* ACME protocol client interface.
*
* @author Titouan Galopin <[email protected]>
*/
interface AcmeClientInterface
{
/**
* Register the local account KeyPair in the Certificate Authority.
*
* @param string|null $agreement an optionnal URI referring to a subscriber agreement or terms of service
* @param string|null $email an optionnal e-mail to associate with the account
*
* @throws AcmeCoreServerException when the ACME server returns an error HTTP status code
* (the exception will be more specific if detail is provided)
* @throws AcmeCoreClientException when an error occured during response parsing
*
* @return array the Certificate Authority response decoded from JSON into an array
*/
public function registerAccount($agreement = null, $email = null);
/**
* Request authorization challenge data for a given domain.
*
* An AuthorizationChallenge is an association between a URI, a token and a payload.
* The Certificate Authority will create this challenge data and you will then have
* to expose the payload for the verification (see challengeAuthorization).
*
* @param string $domain the domain to challenge
*
* @throws AcmeCoreServerException when the ACME server returns an error HTTP status code
* (the exception will be more specific if detail is provided)
* @throws AcmeCoreClientException when an error occured during response parsing
* @throws ChallengeNotSupportedException when the HTTP challenge is not supported by the server
*
* @return AuthorizationChallenge[] the list of challenges data returned by the Certificate Authority
*/
public function requestAuthorization($domain);
/**
* Ask the Certificate Authority to challenge a given authorization.
*
* This check will generally consists of requesting over HTTP the domain
* at a specific URL. This URL should return the raw payload generated
* by requestAuthorization.
*
* WARNING : This method SHOULD NOT BE USED in a web action. It will
* wait for the Certificate Authority to validate the challenge and this
* operation could be long.
*
* @param AuthorizationChallenge $challenge the challenge data to check
* @param int $timeout the timeout period
*
* @throws AcmeCoreServerException when the ACME server returns an error HTTP status code
* (the exception will be more specific if detail is provided)
* @throws AcmeCoreClientException when an error occured during response parsing
* @throws ChallengeTimedOutException when the challenge timed out
* @throws ChallengeFailedException when the challenge failed
*
* @return array the validate challenge response
*/
public function challengeAuthorization(AuthorizationChallenge $challenge, $timeout = 180);
/**
* Request a certificate for the given domain.
*
* This method should be called only if a previous authorization challenge has
* been successful for the asked domain.
*
* WARNING : This method SHOULD NOT BE USED in a web action. It will
* wait for the Certificate Authority to validate the certificate and
* this operation could be long.
*
* @param string $domain the domain to request a certificate for
* @param CertificateRequest $csr the Certificate Signing Request (informations for the certificate)
* @param int $timeout the timeout period
*
* @throws AcmeCoreServerException when the ACME server returns an error HTTP status code
* (the exception will be more specific if detail is provided)
* @throws AcmeCoreClientException when an error occured during response parsing
* @throws CertificateRequestFailedException when the certificate request failed
* @throws CertificateRequestTimedOutException when the certificate request timed out
*
* @return CertificateResponse the certificate data to save it somewhere you want
*/
public function requestCertificate($domain, CertificateRequest $csr, $timeout = 180);
/**
* @throws CertificateRevocationException
*/
public function revokeCertificate(Certificate $certificate, RevocationReason $revocationReason = null);
/**
* Get the HTTP client.
*
* @return SecureHttpClient
*/
public function getHttpClient();
}