Use custom CSR

[Manawyrm]

Hi,

I'm currently trying to use acmephp in some self-written software.
AcmeClient->finalizeOrder unfortunatly only accepts CSRs in the form of CertificateRequest-objects, not directly as a CSR, because the requestCertificate-Method then calls signCertificateRequest to generate a CSR.

I'd like to provide a custom CSR as a string. Any ideas on how to nicely implement this?
One method I could imagine would be to have a string-variable in CertificateRequest that you could populate with a custom CSR, another would be a second method that accepts CSRs directly.

Any suggestions on how to implement this? Would you accept a pull request implementing this functionality?

so long,
Tobi

[jderusse]

I like the idea!

To keep BC, I think the best way to do it to:

• Update CertificateRequest to add methods isSigned, setSignature, getSignature
• Create a CertificateRequestFactory with methods createFromString, and createFromDistinguishedName (don't forget to parse the string and provide a DistinguishedName. Beware some methods like requestCertificate uses the $csr->getDistinguishedName()->getSubjectAlternativeNames() which rely on subject alternatives name inside the CSR, but methods like openssl_csr_get_subject may not return those informations)
• Update the signCertificateRequest method to skip signature if the certificate is alreadySigned
• You could also use the new getSignature method in finalizeOrder

Would be happy to accept such PR :-)

[xiaohuilam]

But i think it might be conflicting with install feature (If subscriber does not use this, ignore then).

Reason:

• Install feature need to read privateKey.
• Provide csr means privateKey is not readable for ACME PHP (or other clients, whatever)

So, i think we'd to figure it out before trying to make it.