PluginProbe ʕ •ᴥ•ʔ
Easy HTTPS Redirection (SSL) / 2.0.1
Easy HTTPS Redirection (SSL) v2.0.1
trunk 1.5 1.6 1.8 1.9.1 1.9.2 2.0.0 2.0.1
https-redirection / classes / ehssl-ssl-certificate.php
https-redirection / classes Last commit date
utilities 2 days ago ehssl-config.php 1 year ago ehssl-cronjob.php 1 year ago ehssl-custom-post-types.php 1 year ago ehssl-debug-logger.php 1 year ago ehssl-email-handler.php 1 year ago ehssl-init-time-tasks.php 2 days ago ehssl-installation.php 2 days ago ehssl-non-https-resources-scan-result-table.php 2 days ago ehssl-non-https-resources-scan-update.php 2 days ago ehssl-rules-helper.php 2 days ago ehssl-ssl-certificate.php 1 year ago index.php 1 year ago
ehssl-ssl-certificate.php
168 lines
1 <?php
2 class EHSSL_SSL_Certificate
3 {
4
5 public function __construct()
6 {
7
8 }
9
10 public function handle_ssl_installation($email, $live_mode = false)
11 {
12 global $httpsrdrctn_options;
13
14 EHSSL_Logger::log("Starting SSL certificate generation process...");
15 $well_known_dir_path = ABSPATH . ".well-known";
16 $acme_challenge_dir_path = $well_known_dir_path . "/acme-challenge";
17 $certificate_dir_path = $well_known_dir_path . "/certificate";
18 $upload_dir = wp_upload_dir();
19
20 EHSSL_Logger::log("Creating directories for acme-challenge & certificate files");
21 EHSSL_Logger::log("Certificate Directory: " . $certificate_dir_path);
22 EHSSL_Logger::log("Acme-Challenge Directory: " . $acme_challenge_dir_path);
23 $certificate_directories = $this->create_directories($acme_challenge_dir_path, $certificate_dir_path);
24 if (is_wp_error($certificate_directories)) {
25 return $certificate_directories;
26 }
27
28 // Instantiate the YAAC client.
29 // Save account keys in .well-kown/account.
30 $adapter = new League\Flysystem\Local\LocalFilesystemAdapter($well_known_dir_path . "/account");
31 $filesystem = new League\Flysystem\Filesystem($adapter);
32
33 $mode = $live_mode ? Afosto\Acme\Client::MODE_LIVE : Afosto\Acme\Client::MODE_STAGING;
34 EHSSL_Logger::log("Initiating Certificate Request for " . strtoupper($mode) . " Mode.");
35
36 $client = new Afosto\Acme\Client([
37 'username' => $email,
38 'fs' => $filesystem,
39 'mode' => $mode,
40 ]);
41
42 try {
43 $domains = array();
44 $domain = EHSSL_Utils::get_domain();
45 $domain_variant = EHSSL_Utils::get_domain_variant($domain);
46
47 $domains[] = $domain;
48
49 // Check if domain variant is accessible.
50 if (EHSSL_Utils::is_domain_accessible($domain_variant)) {
51 $domains[] = $domain_variant;
52 }
53
54 EHSSL_Logger::log("Domains to get certificate for: " . implode(",", $domains));
55
56 $order = $client->createOrder($domains);
57 EHSSL_Logger::log("Creating order for Lets Encrypt");
58
59 // Prove ownership (HTTP or DNS validation).
60 $authorizations = $client->authorize($order);
61 EHSSL_Logger::log("Prove ownership (HTTP or DNS validation)");
62
63 // Saving authorizations & performing Self tests.
64 EHSSL_Logger::log("Saving authorizations & performing Self tests");
65 foreach ($authorizations as $authorization) {
66 $file = $authorization->getFile();
67 file_put_contents($acme_challenge_dir_path . "/" . $file->getFilename(), $file->getContents());
68
69 // Self-test.
70 // After exposing the challenges (made accessible through HTTP or DNS) we should perform a self test just to be sure it works before asking Let's Encrypt to validate ownership.
71 if (!$client->selfTest($authorization, Afosto\Acme\Client::VALIDATION_HTTP)) {
72 EHSSL_Logger::log("Could not verify ownership via HTTP");
73 throw new \Exception(__('Could not verify ownership via HTTP', 'https-redirection'));
74 }
75 }
76
77 // Request validation.
78 EHSSL_Logger::log("Request validation");
79 foreach ($authorizations as $authorization) {
80 $client->validate($authorization->getHttpChallenge(), 15);
81 }
82
83 if ($client->isReady($order)) {
84 // The validation was successful.
85 EHSSL_Logger::log("The validation was successful.");
86 $certificate = $client->getCertificate($order);
87
88 EHSSL_Logger::log("Saving certificates in certificate directory.");
89 file_put_contents($certificate_dir_path . '/certificate.crt', $certificate->getCertificate());
90 file_put_contents($certificate_dir_path . '/cabundle.crt', $certificate->getIntermediate());
91 file_put_contents($certificate_dir_path . '/private.pem', $certificate->getPrivateKey());
92 file_put_contents($certificate_dir_path . '/certificate_expiry.txt', $certificate->getExpiryDate()->format('Y-m-d H:i:s'));
93
94 // Updating certificate expiry date.
95 EHSSL_Logger::log("Updating certificate expirty date in db.");
96
97 $httpsrdrctn_options['ehssl_expiry_ssl_certificate'] = $certificate->getExpiryDate()->format('Y-m-d H:i:s');
98 update_option('httpsrdrctn_options', $httpsrdrctn_options);
99
100 EHSSL_Logger::log("Certificate saved successfully");
101 return 'SSL Certificate generated successfully! Download certificate now. Certificate will expire on: ' . $certificate->getExpiryDate()->format('Y-m-d H:i:s');
102 }
103 EHSSL_Logger::log("SSL Certificate installation failed.");
104 return new WP_Error("1003", __("SSL Certificate installation failed. Check the logs for details.", 'https-redirection'));
105 } catch (Exception $ex) {
106 EHSSL_Logger::log("Exception Raised:" . $ex->getMessage());
107 return new WP_Error("1004", $ex->getMessage());
108 }
109 }
110
111
112 public static function get_certificate_urls()
113 {
114 $well_known_dir_path = ABSPATH . '.well-known';
115 $certificate_dir_path = $well_known_dir_path . "/certificate";
116
117 $certificate_file = $certificate_dir_path . '/certificate.crt';
118 $ca_bundle = $certificate_dir_path . '/cabundle.crt';
119 $private_key_file = $certificate_dir_path . '/private.pem';
120 $certificate_expiry_file = $certificate_dir_path . '/certificate_expiry.txt';
121
122 // Check if the certificate and private key files exist.
123 if (!file_exists($certificate_file) || !file_exists($private_key_file) || !file_exists($ca_bundle) || !file_exists($certificate_expiry_file)) {
124 return new WP_Error('file_not_found', __('Certificate or private key file not found. Please generate a certificate first!', 'https-redirection'));
125 }
126
127 // Convert file system paths to URLs.
128 // $well_known_dir_path = realpath('.well-known');
129 $well_known_dir_url = site_url('.well-known');
130 $certificate_dir_url = $well_known_dir_url . '/certificate';
131
132 return array(
133 "certificate.crt" => array(
134 'path' => realpath($certificate_file),
135 'url' => $certificate_dir_url . '/certificate.crt',
136 ),
137 "cabundle.crt" => array(
138 'path' => realpath($ca_bundle),
139 'url' => $certificate_dir_url . '/cabundle.crt',
140 ),
141 "private.pem" => array(
142 'path' => realpath($private_key_file),
143 'url' => $certificate_dir_url . '/private.pem',
144 )
145 );
146 }
147
148
149 private function create_directories($acme_challenge_dir_path, $certificate_dir_path)
150 {
151 // Check and create the acme-challenge directory if it doesn't exist.
152 if (!is_dir($acme_challenge_dir_path)) {
153 if (!mkdir($acme_challenge_dir_path, 0755, true)) {
154 EHSSL_Logger::log("Failed to create the acme-challenge directory");
155 return new WP_Error("1001", __("Failed to create the acme-challenge directory", 'https-redirection'));
156 }
157 }
158
159 if (!is_dir($certificate_dir_path)) {
160 if (!mkdir($certificate_dir_path, 0755, true)) {
161 EHSSL_Logger::log("Failed to create the certificate directory");
162 return new WP_Error("1002", __("Failed to create the certificate directory", 'https-redirection'));
163 }
164 }
165
166 return true;
167 }
168 }