LE: PSR-2 formatting
This commit is contained in:
Daniel Reichelt
@@ -62,10 +62,11 @@ class lescript
|
|||||||
$keys = $this->generateKey();
|
$keys = $this->generateKey();
|
||||||
// Only store the accountkey in production, in staging always generate a new key
|
// Only store the accountkey in production, in staging always generate a new key
|
||||||
if (Settings::Get('system.letsencryptca') == 'production') {
|
if (Settings::Get('system.letsencryptca') == 'production') {
|
||||||
$upd_stmt = Database::prepare("
|
$upd_stmt = Database::prepare(
|
||||||
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private WHERE `customerid` = :customerid;
|
"UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " .
|
||||||
");
|
"WHERE `customerid` = :customerid;");
|
||||||
Database::pexecute($upd_stmt, array(
|
Database::pexecute($upd_stmt,
|
||||||
|
array(
|
||||||
'public' => $keys['public'],
|
'public' => $keys['public'],
|
||||||
'private' => $keys['private'],
|
'private' => $keys['private'],
|
||||||
'customerid' => $certrow['customerid']
|
'customerid' => $certrow['customerid']
|
||||||
@@ -101,7 +102,8 @@ class lescript
|
|||||||
|
|
||||||
$this->log("Requesting challenge for $domain");
|
$this->log("Requesting challenge for $domain");
|
||||||
|
|
||||||
$response = $this->signedRequest("/acme/new-authz", array(
|
$response = $this->signedRequest("/acme/new-authz",
|
||||||
|
array(
|
||||||
"resource" => "new-authz",
|
"resource" => "new-authz",
|
||||||
"identifier" => array(
|
"identifier" => array(
|
||||||
"type" => "dns",
|
"type" => "dns",
|
||||||
@@ -121,7 +123,8 @@ class lescript
|
|||||||
}
|
}
|
||||||
|
|
||||||
// choose http-01 challenge only
|
// choose http-01 challenge only
|
||||||
$challenge = array_reduce($response['challenges'], function ($v, $w) {
|
$challenge = array_reduce($response['challenges'],
|
||||||
|
function ($v, $w) {
|
||||||
return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
|
return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
|
||||||
});
|
});
|
||||||
if (! $challenge)
|
if (! $challenge)
|
||||||
@@ -145,8 +148,7 @@ class lescript
|
|||||||
"e" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["e"]),
|
"e" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["e"]),
|
||||||
"kty" => "RSA",
|
"kty" => "RSA",
|
||||||
"n" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["n"])
|
"n" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["n"])
|
||||||
)
|
);
|
||||||
;
|
|
||||||
$payload = $challenge['token'] . '.' . Base64UrlSafeEncoder::encode(hash('sha256', json_encode($header), true));
|
$payload = $challenge['token'] . '.' . Base64UrlSafeEncoder::encode(hash('sha256', json_encode($header), true));
|
||||||
|
|
||||||
file_put_contents($tokenPath, $payload);
|
file_put_contents($tokenPath, $payload);
|
||||||
@@ -174,7 +176,8 @@ class lescript
|
|||||||
$this->log("Sending request to challenge");
|
$this->log("Sending request to challenge");
|
||||||
|
|
||||||
// send request to challenge
|
// send request to challenge
|
||||||
$result = $this->signedRequest($challenge['uri'], array(
|
$result = $this->signedRequest($challenge['uri'],
|
||||||
|
array(
|
||||||
"resource" => "challenge",
|
"resource" => "challenge",
|
||||||
"type" => "http-01",
|
"type" => "http-01",
|
||||||
"keyAuthorization" => $payload,
|
"keyAuthorization" => $payload,
|
||||||
@@ -306,7 +309,8 @@ class lescript
|
|||||||
$tmpConfPath = $tmpConfMeta["uri"];
|
$tmpConfPath = $tmpConfMeta["uri"];
|
||||||
|
|
||||||
// workaround to get SAN working
|
// workaround to get SAN working
|
||||||
fwrite($tmpConf, 'HOME = .
|
fwrite($tmpConf,
|
||||||
|
'HOME = .
|
||||||
RANDFILE = $ENV::HOME/.rnd
|
RANDFILE = $ENV::HOME/.rnd
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
|
default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
|
||||||
@@ -320,7 +324,8 @@ basicConstraints = CA:FALSE
|
|||||||
subjectAltName = ' . $san . '
|
subjectAltName = ' . $san . '
|
||||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
|
||||||
|
|
||||||
$csr = openssl_csr_new(array(
|
$csr = openssl_csr_new(
|
||||||
|
array(
|
||||||
"CN" => $domain,
|
"CN" => $domain,
|
||||||
"ST" => Settings::Get('system.letsencryptstate'),
|
"ST" => Settings::Get('system.letsencryptstate'),
|
||||||
"C" => Settings::Get('system.letsencryptcountrycode'),
|
"C" => Settings::Get('system.letsencryptcountrycode'),
|
||||||
@@ -343,7 +348,8 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
|
|||||||
|
|
||||||
private function generateKey()
|
private function generateKey()
|
||||||
{
|
{
|
||||||
$res = openssl_pkey_new(array(
|
$res = openssl_pkey_new(
|
||||||
|
array(
|
||||||
"private_key_type" => OPENSSL_KEYTYPE_RSA,
|
"private_key_type" => OPENSSL_KEYTYPE_RSA,
|
||||||
"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
|
"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
|
||||||
));
|
));
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
if (! defined('MASTER_CRONJOB'))
|
if (! defined('MASTER_CRONJOB'))
|
||||||
die('You cannot access this file directly!');
|
die('You cannot access this file directly!');
|
||||||
|
|
||||||
@@ -25,17 +24,19 @@ $cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating Let's Encrypt certificates"
|
|||||||
|
|
||||||
if (! extension_loaded('curl')) {
|
if (! extension_loaded('curl')) {
|
||||||
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Let's Encrypt requires the php cURL extension to be installed.");
|
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Let's Encrypt requires the php cURL extension to be installed.");
|
||||||
exit;
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
$certificates_stmt = Database::query("
|
$certificates_stmt = Database::query(
|
||||||
|
"
|
||||||
SELECT domssl.`id`, domssl.`domainid`, domssl.expirationdate, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, domssl.`ssl_csr_file`, dom.`domain`, dom.`iswildcarddomain`, dom.`wwwserveralias`,
|
SELECT domssl.`id`, domssl.`domainid`, domssl.expirationdate, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, domssl.`ssl_csr_file`, dom.`domain`, dom.`iswildcarddomain`, dom.`wwwserveralias`,
|
||||||
dom.`documentroot`, dom.`id` as 'domainid', dom.`ssl_redirect`, cust.`leprivatekey`, cust.`lepublickey`, cust.customerid, cust.loginname
|
dom.`documentroot`, dom.`id` as 'domainid', dom.`ssl_redirect`, cust.`leprivatekey`, cust.`lepublickey`, cust.customerid, cust.loginname
|
||||||
FROM `" . TABLE_PANEL_CUSTOMERS . "` as cust, `" . TABLE_PANEL_DOMAINS . "` dom LEFT JOIN `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` domssl ON (dom.id = domssl.domainid)
|
FROM `" . TABLE_PANEL_CUSTOMERS . "` as cust, `" . TABLE_PANEL_DOMAINS . "` dom LEFT JOIN `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` domssl ON (dom.id = domssl.domainid)
|
||||||
WHERE dom.customerid = cust.customerid AND dom.letsencrypt = 1 AND (domssl.expirationdate < DATE_ADD(NOW(), INTERVAL 30 DAY) OR domssl.expirationdate IS NULL)
|
WHERE dom.customerid = cust.customerid AND dom.letsencrypt = 1 AND (domssl.expirationdate < DATE_ADD(NOW(), INTERVAL 30 DAY) OR domssl.expirationdate IS NULL)
|
||||||
");
|
");
|
||||||
|
|
||||||
$updcert_stmt = Database::prepare("
|
$updcert_stmt = Database::prepare(
|
||||||
|
"
|
||||||
REPLACE INTO `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` SET `id` = :id, `domainid` = :domainid, `ssl_cert_file` = :crt, `ssl_key_file` = :key, `ssl_ca_file` = :ca, `ssl_cert_chainfile` = :chain, `ssl_csr_file` = :csr, expirationdate = :expirationdate
|
REPLACE INTO `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` SET `id` = :id, `domainid` = :domainid, `ssl_cert_file` = :crt, `ssl_key_file` = :key, `ssl_ca_file` = :ca, `ssl_cert_chainfile` = :chain, `ssl_csr_file` = :csr, expirationdate = :expirationdate
|
||||||
");
|
");
|
||||||
|
|
||||||
@@ -92,7 +93,8 @@ foreach ($certrows as $certrow) {
|
|||||||
$newcert = openssl_x509_parse($return['crt']);
|
$newcert = openssl_x509_parse($return['crt']);
|
||||||
|
|
||||||
// Store the new data
|
// Store the new data
|
||||||
Database::pexecute($updcert_stmt, array(
|
Database::pexecute($updcert_stmt,
|
||||||
|
array(
|
||||||
'id' => $certrow['id'],
|
'id' => $certrow['id'],
|
||||||
'domainid' => $certrow['domainid'],
|
'domainid' => $certrow['domainid'],
|
||||||
'crt' => $return['crt'],
|
'crt' => $return['crt'],
|
||||||
@@ -113,10 +115,12 @@ foreach ($certrows as $certrow) {
|
|||||||
|
|
||||||
$changedetected = 1;
|
$changedetected = 1;
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
$cronlog->logAction(CRON_ACTION, LOG_ERR,
|
||||||
|
"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
$cronlog->logAction(CRON_ACTION, LOG_WARNING,
|
||||||
|
"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user