add unit testing fix some bugs

.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[composer.json]
+indent_style = space
+indent_size = 4

.travis.yml

@@ -0,0 +1,47 @@
+language: php
+
+php:
+  - 5.6
+  - 7.0
+  - nightly
+
+sudo: false
+
+env:
+  global:
+    - PATH="$HOME/.composer/vendor/bin:$PATH"
+
+cache:
+  directories:
+    - $HOME/.composer/cache
+
+matrix:
+  fast_finish: true
+  include:
+    - php: 5.6
+      env: COMPOSER_FLAGS="--prefer-lowest"
+  allow_failures:
+    - php: nightly
+
+before_install:
+  - phpenv global 5.6
+
+install:
+  - mkdir -p ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d && echo "memory_limit=-1" >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini
+  - mkdir -p build/logs
+  - composer global require satooshi/php-coveralls:@stable --no-update
+  - composer global update --prefer-dist --no-interaction
+  - composer update --prefer-dist --no-interaction $COMPOSER_FLAGS
+
+before_script:
+  - composer require phpunit/phpunit
+  - travis_wait php generate_fake.php 0
+  - travis_wait php generate_fake.php 1
+  - travis_wait php generate_fake.php 2
+  - travis_wait php generate_fake.php 3
+
+script:
+  - vendor/bin/phpunit
+
+after_script:
+  - coveralls -v

composer.json

@@ -12,13 +12,14 @@
     "require": {
         "php": "^5.6 || ^7.0",
         "ext-openssl": "*",
-        "guzzlehttp/guzzle": "^6.1",
+        "guzzlehttp/guzzle": "^6.2",
         "spomky-labs/base64url": "^1.0",
         "doctrine/collections": "^1.3"
     },
     "require-dev": {
         "analogic/lescript": "^0.1.3",
-        "symfony/var-dumper": "^2.7 || ^3.0"
+        "symfony/var-dumper": "^2.7 || ^3.0",
+        "sllh/php-cs-fixer-styleci-bridge": "^2.1"
     },
     "autoload": {
         "psr-4": { "Nexy\\NexyCrypt\\": "src" }

example_dns01.php

@@ -32,10 +32,17 @@
 $client = new NexyCrypt(null, 'https://acme-staging.api.letsencrypt.org/');
 
 try {
-    $client->register();
-    $client->agreeTerms();
+    if (0 === $step) {
+        //create the required account private key
+        $client->create();
+    }
 
     if (1 === $step) {
+        $client->register();
+        $client->agreeTerms();
+    }
+
+    if (2 === $step) {
         @mkdir('public');
 
         foreach ($domains as $domain) {
@@ -52,7 +59,7 @@
         }
     }
 
-    if (2 === $step) {
+    if (3 === $step) {
         foreach ($domains as $domain) {
             /** @var Http01Challenge $challenge */
             $challenge = unserialize(file_get_contents('public/'.$domain.'/challenge'));

example_http01.php

@@ -32,10 +32,21 @@
 $client = new NexyCrypt(null, 'https://acme-staging.api.letsencrypt.org/');
 
 try {
-    $client->register();
-    $client->agreeTerms();
+
+    if (0 === $step) {
+        //create the required account private key
+        $client->create();
+    }
 
     if (1 === $step) {
+        $client->register();
+        $client->agreeTerms();
+    }
+
+    if (2 === $step) {
+        $client->register();
+        $client->agreeTerms();
+
         @mkdir('public');
 
         foreach ($domains as $domain) {
@@ -49,7 +60,7 @@
         }
     }
 
-    if (2 === $step) {
+    if (3 === $step) {
         foreach ($domains as $domain) {
             /** @var Http01Challenge $challenge */
             $challenge = unserialize(file_get_contents('public/'.$domain.'/challenge'));
@@ -70,7 +81,7 @@
         }
     }
 } catch (AcmeApiException $e) {
-    dump($e->getDetails());
+    echo $e->getDetails();
 
     exit(1);
 }

generate_fake.php

@@ -0,0 +1,100 @@
+<?php
+
+// generate the fake .well-known folder and upload the folder to the testing web hosting.
+
+use Nexy\NexyCrypt\Authorization\Challenge\Http01Challenge;
+use Nexy\NexyCrypt\Exception\AcmeApiException;
+use Nexy\NexyCrypt\NexyCrypt;
+
+require_once __DIR__.'/vendor/autoload.php';
+
+if ($argc !== 2) {
+    echo 'You have to pass too many arguments.'.PHP_EOL;
+    exit(1);
+}
+
+$step = intval($argv[1]);
+
+$accounts = json_decode(file_get_contents('tests/ftpserver.json'), true);
+$domain = $accounts['ftpserver'];
+
+// First commented line is for production.
+//$client = new NexyCrypt();
+$client = new NexyCrypt(null, 'https://acme-staging.api.letsencrypt.org/');
+
+try {
+    if (0 === $step) {
+        // create the required account private key
+        $client->create();
+    }
+
+    if (1 === $step) {
+        $client->register();
+        $client->agreeTerms();
+    }
+
+    if (2 === $step) {
+        $client->register();
+        $client->agreeTerms();
+
+        @mkdir('tests/public');
+
+        $authorization = $client->authorize($domain);
+
+        $challenge = $authorization->getChallenges()->getHttp01();
+
+        @mkdir('tests/public/acme-challenge');
+        file_put_contents('tests/public/'.'acme-challenge'.'/'.$challenge->getFileName(), $challenge->getFileContent());
+        file_put_contents('tests/public/'.'acme-challenge'.'/challenge', serialize($challenge));
+    }
+
+    if (3 === $step) {
+        // upload file to the remote server
+        $accounts = json_decode(file_get_contents('tests/ftpserver.json'), true);
+        $user = $accounts['username'];
+
+        // the ftp server password is temporarily created and DO NOT use this value to do other things.
+        // the free web hosting will be closed or reset at the irregular time.
+        $password = $accounts['password'];
+        $ftpServer = $accounts['ftpserver'];
+
+        // set up basic ftp connection
+        $connectId = ftp_connect($ftpServer);
+
+        // login with username and password
+        $loginResult = ftp_login($connectId, $user, $password);
+
+        ftp_pasv($connectId, true);
+
+        if (!$loginResult) {
+            // PHP will already have raised an E_WARNING level message in this case
+            echo "can't login";
+            exit(1);
+        }
+
+        @ftp_mkdir($connectId, '.well-known');
+        @ftp_mkdir($connectId, '.well-known/acme-challenge');
+
+        ftp_chdir($connectId, '.well-known/acme-challenge');
+
+        // upload the files from the folders
+        $filePath = 'tests/public/acme-challenge';
+        $filesArr = scandir($filePath);
+        $fileCount = count($filesArr);
+        for($index=2;$index<$fileCount;$index++) {
+            $result = ftp_put($connectId, $filesArr[$index], $filePath.'/'.$filesArr[$index], FTP_ASCII);
+            if ($result === false) {
+                echo 'cannot upload file: '.$filesArr[$index];
+                exit(1);
+            }
+        }
+
+        ftp_close($connectId);
+    }
+
+    exit(0);
+} catch (AcmeApiException $e) {
+    var_dump($e->getDetails());
+
+    exit(1);
+}

phpunit.xml.dist

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<phpunit
+    colors="true"
+    bootstrap="./vendor/autoload.php"
+    charset="UTF-8">
+
+    <testsuites>
+        <testsuite name="Testing Suite">
+      	    <directory suffix=".php">./tests/</directory>
+        </testsuite>
+    </testsuites>
+
+    <filter>
+        <whitelist>
+            <directory suffix=".php">./src/</directory>
+        </whitelist>
+    </filter>
+
+    <logging>
+        <log type="coverage-clover" target="build/logs/clover.xml"/>
+        <log type="coverage-html" target="result/" />
+    </logging>
+
+</phpunit>

src/NexyCrypt.php

@@ -79,13 +79,21 @@ public function __construct($privateKeyPath = null, $endpoint = null)
     }
 
     /**
-     * Generates or read privates key and starts registration.
+     * Generates private key.
      */
-    public function register()
+    public function create()
     {
         if (null === $this->privateKey) {
             $this->privateKey = new PrivateKey($this->privateKeyPath);
         }
+    }
+
+    /**
+     * Read private key and starts registration.
+     */
+    public function register()
+    {
+        $this->privateKey = $this->getPrivateKey();
 
         try {
             $this->signedPostRequest(null === $this->regLocation ? 'acme/new-reg' : $this->regLocation, [
@@ -120,6 +128,8 @@ public function agreeTerms()
      */
     public function authorize($domain)
     {
+        $this->privateKey = $this->getPrivateKey();
+
         $response = $this->signedPostRequest('acme/new-authz', [
             'resource' => 'new-authz',
             'identifier' => [
@@ -138,6 +148,8 @@ public function authorize($domain)
      */
     public function verifyChallenge(ChallengeInterface $challenge)
     {
+        $this->privateKey = $this->getPrivateKey();
+
         $this->signedPostRequest($challenge->getUri(), [
             'resource' => 'challenge',
             'type' => $challenge->getType(),
@@ -169,7 +181,11 @@ public function verifyChallenge(ChallengeInterface $challenge)
     public function generateCertificate(array $domains)
     {
         $certificate = new Certificate();
-        $privateKey = openssl_pkey_new();
+        $config = array(
+            'digest_alg' => 'SHA256',
+            'private_key_bits' => 4096,
+        );
+        $privateKey = openssl_pkey_new($config);
         $privateKeyDetails = openssl_pkey_get_details($privateKey);
         openssl_pkey_export($privateKey, $privateKeyOutput);
 
@@ -201,7 +217,8 @@ public function generateCertificate(array $domains)
             'O' => 'Unknown',
         ], $privateKey, [
             'config' => $csrConfPath,
-            'digest_alg' => 'sha256',
+            'digest_alg' => 'SHA256',
+            'private_key_bits' => 4096,
         ]);
         openssl_csr_export($csr, $csrOut);
         $certificate->setCsr($csrOut);
@@ -222,6 +239,8 @@ public function generateCertificate(array $domains)
      */
     public function signCertificate(Certificate $certificate)
     {
+        $this->privateKey = $this->getPrivateKey();
+
         $this->signedPostRequest('acme/new-cert', [
             'resource' => 'new-cert',
             'csr' => Base64Url::encode($certificate->getRawCsr()),
@@ -252,6 +271,7 @@ public function signCertificate(Certificate $certificate)
      */
     public function getPrivateKey()
     {
+        $this->privateKey = new PrivateKey($this->privateKeyPath);
         return $this->privateKey;
     }
 
@@ -281,6 +301,7 @@ private function signedPostRequest($uri, array $payload)
         $signed64 = Base64Url::encode($this->privateKey->sign($protected64.'.'.$payload64));
 
         return $this->request('POST', $uri, [
+            'verify' => __DIR__.'/cacert.pem',
             'json' => [
                 'header' => $header,
                 'protected' => $protected64,
@@ -299,7 +320,7 @@ private function signedPostRequest($uri, array $payload)
      *
      * @return ResponseInterface
      */
-    private function request($method, $uri, array $options = [])
+    private function request($method, $uri, array $options = ['verify' =>  __DIR__.'/cacert.pem'])
     {
         try {
             $response = $this->httpClient->request($method, $uri, $options);

src/PrivateKey.php

@@ -32,9 +32,14 @@ public function __construct($path)
         if (is_file($this->path)) {
             $this->key = openssl_pkey_get_private('file://'.$this->path);
         } else {
-            $this->key = openssl_pkey_new();
+            $config = array(
+                'digest_alg' => 'SHA256',
+                'private_key_bits' => 2048,
+            );
+            $this->key = openssl_pkey_new($config);
             file_put_contents($this->path, $this->getOutput());
         }
+
         $this->details = openssl_pkey_get_details($this->key);
     }