add support for DNS validation

- new constant Client::VALIDATION_DNS - added Authorization::getDnsChallenge to get the challenge - added Authorization::getTxtRecord to get the TXT record value - added Helper::waitForDNS to provide an easy way to wait for changes - updated documentation to illustrate DNS validation
2026-03-14 22:26:11 +00:00 · 2020-03-17 18:27:27 +00:00
parent 4c7b6b8e60
commit c2532e0dab
4 changed files with 111 additions and 0 deletions
--- a/src/Client.php
+++ b/src/Client.php
@@ -55,6 +55,11 @@ class Client
     */
    const VALIDATION_HTTP = 'http-01';

+    /**
+     * DNS validation
+     */
+    const VALIDATION_DNS = 'dns-01';
+
    /**
     * @var string
     */
--- a/src/Data/Authorization.php
+++ b/src/Data/Authorization.php
@@ -3,6 +3,7 @@
 namespace Afosto\Acme\Data;

 use Afosto\Acme\Client;
+use Afosto\Acme\Helper;

 class Authorization
 {
@@ -78,6 +79,20 @@ class Authorization
        return false;
    }

+    /**
+     * @return Challenge|bool
+     */
+    public function getDnsChallenge()
+    {
+        foreach ($this->getChallenges() as $challenge) {
+            if ($challenge->getType() == Client::VALIDATION_DNS) {
+                return $challenge;
+            }
+        }
+
+        return false;
+    }
+
    /**
     * @param Challenge $challenge
     * @return File|bool
@@ -90,4 +105,15 @@ class Authorization
        }
        return false;
    }
+
+    /**
+     * @param Challenge $challenge
+     * @return string containing TXT record for DNS challenge
+     */
+    public function getTxtRecord(Challenge $challenge)
+    {
+        $raw=$challenge->getToken() . '.' . $this->digest;
+        $hash=hash('sha256', $raw, true);
+        return Helper::toSafeString($hash);
+    }
 }
--- a/src/Helper.php
+++ b/src/Helper.php
@@ -135,4 +135,37 @@ class Helper

        return $accountDetails;
    }
+
+    /**
+     * Wait until a set of DNS records return specific TXT record values
+     *
+     * @param array mapping domain to desired TXT record value
+     * @param $txtRecord
+     * @param int $maxSeconds to wait
+     * @return bool true if record found, false otherwise
+     */
+    public static function waitForDNS(array $records, $maxSeconds=60)
+    {
+        $waitUntil = time() + $maxSeconds;
+
+        do {
+            //validate all remaining records..
+            foreach($records as $domain=>$txtRecord) {
+                $record=dns_get_record($domain, DNS_TXT);
+                if (isset($record[0]['txt']) && ($record[0]['txt']===$txtRecord)) {
+                    unset($records[$domain]);
+                }
+            }
+
+            //did we find them all?
+            if (empty($records)) {
+                return true;
+            }
+
+            //otherwise still domains to check...have a short sleep
+            sleep(1);
+        } while(time() < $waitUntil);
+
+        return false;
+    }
 }