utilities
2 days ago
ehssl-config.php
1 year ago
ehssl-cronjob.php
1 year ago
ehssl-custom-post-types.php
1 year ago
ehssl-debug-logger.php
1 year ago
ehssl-email-handler.php
1 year ago
ehssl-init-time-tasks.php
2 days ago
ehssl-installation.php
2 days ago
ehssl-non-https-resources-scan-result-table.php
2 days ago
ehssl-non-https-resources-scan-update.php
2 days ago
ehssl-rules-helper.php
2 days ago
ehssl-ssl-certificate.php
1 year ago
index.php
1 year ago
ehssl-ssl-certificate.php
168 lines
| 1 | <?php |
| 2 | class EHSSL_SSL_Certificate |
| 3 | { |
| 4 | |
| 5 | public function __construct() |
| 6 | { |
| 7 | |
| 8 | } |
| 9 | |
| 10 | public function handle_ssl_installation($email, $live_mode = false) |
| 11 | { |
| 12 | global $httpsrdrctn_options; |
| 13 | |
| 14 | EHSSL_Logger::log("Starting SSL certificate generation process..."); |
| 15 | $well_known_dir_path = ABSPATH . ".well-known"; |
| 16 | $acme_challenge_dir_path = $well_known_dir_path . "/acme-challenge"; |
| 17 | $certificate_dir_path = $well_known_dir_path . "/certificate"; |
| 18 | $upload_dir = wp_upload_dir(); |
| 19 | |
| 20 | EHSSL_Logger::log("Creating directories for acme-challenge & certificate files"); |
| 21 | EHSSL_Logger::log("Certificate Directory: " . $certificate_dir_path); |
| 22 | EHSSL_Logger::log("Acme-Challenge Directory: " . $acme_challenge_dir_path); |
| 23 | $certificate_directories = $this->create_directories($acme_challenge_dir_path, $certificate_dir_path); |
| 24 | if (is_wp_error($certificate_directories)) { |
| 25 | return $certificate_directories; |
| 26 | } |
| 27 | |
| 28 | // Instantiate the YAAC client. |
| 29 | // Save account keys in .well-kown/account. |
| 30 | $adapter = new League\Flysystem\Local\LocalFilesystemAdapter($well_known_dir_path . "/account"); |
| 31 | $filesystem = new League\Flysystem\Filesystem($adapter); |
| 32 | |
| 33 | $mode = $live_mode ? Afosto\Acme\Client::MODE_LIVE : Afosto\Acme\Client::MODE_STAGING; |
| 34 | EHSSL_Logger::log("Initiating Certificate Request for " . strtoupper($mode) . " Mode."); |
| 35 | |
| 36 | $client = new Afosto\Acme\Client([ |
| 37 | 'username' => $email, |
| 38 | 'fs' => $filesystem, |
| 39 | 'mode' => $mode, |
| 40 | ]); |
| 41 | |
| 42 | try { |
| 43 | $domains = array(); |
| 44 | $domain = EHSSL_Utils::get_domain(); |
| 45 | $domain_variant = EHSSL_Utils::get_domain_variant($domain); |
| 46 | |
| 47 | $domains[] = $domain; |
| 48 | |
| 49 | // Check if domain variant is accessible. |
| 50 | if (EHSSL_Utils::is_domain_accessible($domain_variant)) { |
| 51 | $domains[] = $domain_variant; |
| 52 | } |
| 53 | |
| 54 | EHSSL_Logger::log("Domains to get certificate for: " . implode(",", $domains)); |
| 55 | |
| 56 | $order = $client->createOrder($domains); |
| 57 | EHSSL_Logger::log("Creating order for Lets Encrypt"); |
| 58 | |
| 59 | // Prove ownership (HTTP or DNS validation). |
| 60 | $authorizations = $client->authorize($order); |
| 61 | EHSSL_Logger::log("Prove ownership (HTTP or DNS validation)"); |
| 62 | |
| 63 | // Saving authorizations & performing Self tests. |
| 64 | EHSSL_Logger::log("Saving authorizations & performing Self tests"); |
| 65 | foreach ($authorizations as $authorization) { |
| 66 | $file = $authorization->getFile(); |
| 67 | file_put_contents($acme_challenge_dir_path . "/" . $file->getFilename(), $file->getContents()); |
| 68 | |
| 69 | // Self-test. |
| 70 | // After exposing the challenges (made accessible through HTTP or DNS) we should perform a self test just to be sure it works before asking Let's Encrypt to validate ownership. |
| 71 | if (!$client->selfTest($authorization, Afosto\Acme\Client::VALIDATION_HTTP)) { |
| 72 | EHSSL_Logger::log("Could not verify ownership via HTTP"); |
| 73 | throw new \Exception(__('Could not verify ownership via HTTP', 'https-redirection')); |
| 74 | } |
| 75 | } |
| 76 | |
| 77 | // Request validation. |
| 78 | EHSSL_Logger::log("Request validation"); |
| 79 | foreach ($authorizations as $authorization) { |
| 80 | $client->validate($authorization->getHttpChallenge(), 15); |
| 81 | } |
| 82 | |
| 83 | if ($client->isReady($order)) { |
| 84 | // The validation was successful. |
| 85 | EHSSL_Logger::log("The validation was successful."); |
| 86 | $certificate = $client->getCertificate($order); |
| 87 | |
| 88 | EHSSL_Logger::log("Saving certificates in certificate directory."); |
| 89 | file_put_contents($certificate_dir_path . '/certificate.crt', $certificate->getCertificate()); |
| 90 | file_put_contents($certificate_dir_path . '/cabundle.crt', $certificate->getIntermediate()); |
| 91 | file_put_contents($certificate_dir_path . '/private.pem', $certificate->getPrivateKey()); |
| 92 | file_put_contents($certificate_dir_path . '/certificate_expiry.txt', $certificate->getExpiryDate()->format('Y-m-d H:i:s')); |
| 93 | |
| 94 | // Updating certificate expiry date. |
| 95 | EHSSL_Logger::log("Updating certificate expirty date in db."); |
| 96 | |
| 97 | $httpsrdrctn_options['ehssl_expiry_ssl_certificate'] = $certificate->getExpiryDate()->format('Y-m-d H:i:s'); |
| 98 | update_option('httpsrdrctn_options', $httpsrdrctn_options); |
| 99 | |
| 100 | EHSSL_Logger::log("Certificate saved successfully"); |
| 101 | return 'SSL Certificate generated successfully! Download certificate now. Certificate will expire on: ' . $certificate->getExpiryDate()->format('Y-m-d H:i:s'); |
| 102 | } |
| 103 | EHSSL_Logger::log("SSL Certificate installation failed."); |
| 104 | return new WP_Error("1003", __("SSL Certificate installation failed. Check the logs for details.", 'https-redirection')); |
| 105 | } catch (Exception $ex) { |
| 106 | EHSSL_Logger::log("Exception Raised:" . $ex->getMessage()); |
| 107 | return new WP_Error("1004", $ex->getMessage()); |
| 108 | } |
| 109 | } |
| 110 | |
| 111 | |
| 112 | public static function get_certificate_urls() |
| 113 | { |
| 114 | $well_known_dir_path = ABSPATH . '.well-known'; |
| 115 | $certificate_dir_path = $well_known_dir_path . "/certificate"; |
| 116 | |
| 117 | $certificate_file = $certificate_dir_path . '/certificate.crt'; |
| 118 | $ca_bundle = $certificate_dir_path . '/cabundle.crt'; |
| 119 | $private_key_file = $certificate_dir_path . '/private.pem'; |
| 120 | $certificate_expiry_file = $certificate_dir_path . '/certificate_expiry.txt'; |
| 121 | |
| 122 | // Check if the certificate and private key files exist. |
| 123 | if (!file_exists($certificate_file) || !file_exists($private_key_file) || !file_exists($ca_bundle) || !file_exists($certificate_expiry_file)) { |
| 124 | return new WP_Error('file_not_found', __('Certificate or private key file not found. Please generate a certificate first!', 'https-redirection')); |
| 125 | } |
| 126 | |
| 127 | // Convert file system paths to URLs. |
| 128 | // $well_known_dir_path = realpath('.well-known'); |
| 129 | $well_known_dir_url = site_url('.well-known'); |
| 130 | $certificate_dir_url = $well_known_dir_url . '/certificate'; |
| 131 | |
| 132 | return array( |
| 133 | "certificate.crt" => array( |
| 134 | 'path' => realpath($certificate_file), |
| 135 | 'url' => $certificate_dir_url . '/certificate.crt', |
| 136 | ), |
| 137 | "cabundle.crt" => array( |
| 138 | 'path' => realpath($ca_bundle), |
| 139 | 'url' => $certificate_dir_url . '/cabundle.crt', |
| 140 | ), |
| 141 | "private.pem" => array( |
| 142 | 'path' => realpath($private_key_file), |
| 143 | 'url' => $certificate_dir_url . '/private.pem', |
| 144 | ) |
| 145 | ); |
| 146 | } |
| 147 | |
| 148 | |
| 149 | private function create_directories($acme_challenge_dir_path, $certificate_dir_path) |
| 150 | { |
| 151 | // Check and create the acme-challenge directory if it doesn't exist. |
| 152 | if (!is_dir($acme_challenge_dir_path)) { |
| 153 | if (!mkdir($acme_challenge_dir_path, 0755, true)) { |
| 154 | EHSSL_Logger::log("Failed to create the acme-challenge directory"); |
| 155 | return new WP_Error("1001", __("Failed to create the acme-challenge directory", 'https-redirection')); |
| 156 | } |
| 157 | } |
| 158 | |
| 159 | if (!is_dir($certificate_dir_path)) { |
| 160 | if (!mkdir($certificate_dir_path, 0755, true)) { |
| 161 | EHSSL_Logger::log("Failed to create the certificate directory"); |
| 162 | return new WP_Error("1002", __("Failed to create the certificate directory", 'https-redirection')); |
| 163 | } |
| 164 | } |
| 165 | |
| 166 | return true; |
| 167 | } |
| 168 | } |