Merge pull request #11 from mikemunger/master

Add support to get certificate chain as separate certificates

README.md

@@ -195,6 +195,12 @@ file_put_contents('certificate.cert', $certificate->getCertificate());
 file_put_contents('private.key', $certificate->getPrivateKey());
 ```
 
+>To get a seperate intermediate certificate and domain certificate:
+>```php
+>$domainCertificate = $certificate->getCertificate(false);
+>$intermediateCertificate = $certificate->getIntermediate();
+>```
+
 ### Who is using it?
 
 Are you using this package, would love to know. Please send a PR to enlist your project or company. 

src/Client.php

@@ -331,8 +331,8 @@ class Client
             $data['certificate'],
             $this->signPayloadKid(null, $data['certificate'])
         );
-        $certificate = $str = preg_replace('/^[ \t]*[\r\n]+/m', '', (string)$certificateResponse->getBody());
-        return new Certificate($privateKey, $csr, $certificate);
+        $chain = $str = preg_replace('/^[ \t]*[\r\n]+/m', '', (string)$certificateResponse->getBody());
+        return new Certificate($privateKey, $csr, $chain);
     }
 
 

src/Data/Certificate.php

@@ -12,11 +12,21 @@ class Certificate
      */
     protected $privateKey;
 
+    /**
+     * @var string
+     */
+    protected $chain;
+
     /**
      * @var string
      */
     protected $certificate;
 
+    /**
+     * @var string
+     */
+    protected $intermediateCertificate;
+
     /**
      * @var string
      */
@@ -31,15 +41,16 @@ class Certificate
      * Certificate constructor.
      * @param $privateKey
      * @param $csr
-     * @param $certificate
+     * @param $chain
      * @throws \Exception
      */
-    public function __construct($privateKey, $csr, $certificate)
+    public function __construct($privateKey, $csr, $chain)
     {
         $this->privateKey = $privateKey;
         $this->csr = $csr;
-        $this->certificate = $certificate;
-        $this->expiryDate = Helper::getCertExpiryDate($certificate);
+        $this->chain = $chain;
+        list($this->certificate, $this->intermediateCertificate) = Helper::splitCertificate($chain);
+        $this->expiryDate = Helper::getCertExpiryDate($chain);
     }
 
     /**
@@ -61,12 +72,23 @@ class Certificate
     }
 
     /**
-     * Return the certificate as a multi line string
+     * Return the certificate as a multi line string, by default it includes the intermediate certificate as well
+     *
+     * @param bool $asChain
      * @return string
      */
-    public function getCertificate(): string
+    public function getCertificate($asChain = true): string
     {
-        return $this->certificate;
+        return $asChain ? $this->chain : $this->certificate;
+    }
+
+    /**
+     * Return the intermediate certificate as a multi line string
+     * @return string
+     */
+    public function getIntermediate(): string
+    {
+        return $this->intermediateCertificate;
     }
 
     /**

src/Helper.php

@@ -2,8 +2,6 @@
 
 namespace Afosto\Acme;
 
-use Afosto\Acme\Data\Authorization;
-use GuzzleHttp\Client as HttpClient;
 use GuzzleHttp\Exception\ClientException;
 
 /**
@@ -140,4 +138,29 @@ class Helper
 
         return $accountDetails;
     }
+
+    /**
+     * Split a two certificate bundle into separate multi line string certificates
+     * @param string $chain
+     * @return array
+     * @throws \Exception
+     */
+    public static function splitCertificate(string $chain): array
+    {
+        preg_match(
+            '/^(?<domain>-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----)\n'
+            . '(?<intermediate>-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----)$/s',
+            $chain,
+            $certificates
+        );
+
+        $domain = $certificates['domain'] ?? null;
+        $intermediate = $certificates['intermediate'] ?? null;
+
+        if (!$domain || !$intermediate) {
+            throw new \Exception('Could not parse certificate string');
+        }
+
+        return [$domain, $intermediate];
+    }
 }