infinityfree/acmecore 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

infinityfree/acmecore

Composer 安装命令:

composer require infinityfree/acmecore

包简介

Raw implementation of the ACME protocol in PHP

README 文档

README

AcmeCore is a modified version of the Acme PHP Core library.

When to use AcmeCore

AcmeCore is designed as a straight forward implementation of the Let's Encrypt/ACME protocol following best practices for libraries. There are no file system dependencies, integrated schedulers or anything like that. You can integrate it in your own project and take care of scheduling and persistence yourself.

Differences with Acme PHP Core

Acme PHP Core is a great library, but assumes that the "happy path" always works. I.e. the CA never returns an error, performs all tasks quickly, and always returns the expected data. With Let's Encrypt this is generally true, but other CAs might be less stable.

The key differences between this library and Acme PHP Core are the following:

  • Every function on AcmeClient maps to a single step in the ACME process. This way, you're free to call and retry the steps at your own pace (e.g. retrying receiving a certificate without calling finalize again).
  • No more sleep loops. Schedule tasks the way you want, and don't hog a PHP process if you don't want to.
  • CertificateOrders now contain the status of the order. Load the order with the reloadOrder function, see the current status of the order and choose the next step to apply.

Documentation

The official Acme PHP documentation still applies for the most part. But the certificate issuance process has been changed a bit.

$secureHttpClientFactory = new SecureHttpClientFactory(
    new GuzzleHttpClient(),
    new Base64SafeEncoder(),
    new KeyParser(),
    new DataSigner(),
    new ServerErrorHandler()
);

// $accountKeyPair instance of KeyPair
$secureHttpClient = $secureHttpClientFactory->createSecureHttpClient($accountKeyPair);

// Important, change to production LE directory for real certs!
$acmeClient = new AcmeClient($secureHttpClient, 'https://acme-staging-v02.api.letsencrypt.org/directory');

// Request a certificate for mydomain.com.
$certificateOrder = $acmeClient->requestOrder('mydomain.com');

// Retrieve the challenges to complete for mydomain.com.
$challenges = $certificateOrder->getAuthorizationChallenges('mydomain.com');

// Now complete the challenge for the domain.
// Find the challenge object for the verification type you want to do, e.g. http-01, dns-01.
$challenge = $challenges[0];

// Ask the CA to confirm the authorization.
$challenge = $acmeClient->challengeAuthorization($dnsChallenge);

// Wait for the CA to complete the authorization.
// This example uses a sleep loop, but you can schedule your own.
while ($challenge->getStatus() != 'ready') {
    sleep(1);

    $challenge = $acmeClient->reloadAuthorization($challenge);
}

// Prepare the CSR
$dn = new DistinguishedName('mydomain.com');
$keyPairGenerator = new KeyPairGenerator();
// Make a new key pair. We'll keep the private key as our cert key
$domainKeyPair = $keyPairGenerator->generateKeyPair();

// This is the private key
echo $domainKeyPair->getPrivateKey()->getPem());

// Generate CSR
$csr = new CertificateRequest($dn, $domainKeyPair);

// Tell the CA to generate the certificate.
$certificateOrder = $acmeClient->finalizeOrder($certificateOrder, $csr);

// Wait for the CA to complete the issuance.
// This example uses a sleep loop, but you can schedule your own.
while ($certificateOrder->getStatus() != 'issued') {
    sleep(1);

    $certificateOrder = $acmeClient->reloadOrder($certificateOrder->getOrderEndpoint());
}

// Retrieve the generated certificate.
$certificate = $acmeClient->retrieveCertificate($certificateOrder);

// This is the generated certificate.
echo $certificate->getPem();

Launch the Test suite

The Acme PHP test suite is located in the main repository: https://github.com/acmephp/acmephp#launch-the-test-suite.

infinityfree/acmecore 适用场景与选型建议

infinityfree/acmecore 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 838 次下载、GitHub Stars 达 5, 最近一次更新时间为 2022 年 02 月 09 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「https」 「encryption」 「x509」 「openssl」 「ssl」 「certificate」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 infinityfree/acmecore 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 infinityfree/acmecore 我们能提供哪些服务?
定制开发 / 二次开发

基于 infinityfree/acmecore 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 838
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 5
  • 点击次数: 28
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 5
  • Watchers: 0
  • Forks: 25
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2022-02-09