diff --git a/lib/classes/ssl/class.lescript.php b/lib/classes/ssl/class.lescript.php index edfdd670..0ae0e1f8 100644 --- a/lib/classes/ssl/class.lescript.php +++ b/lib/classes/ssl/class.lescript.php @@ -63,15 +63,12 @@ class lescript $keys = $this->generateKey(); // Only store the accountkey in production, in staging always generate a new key if (Settings::Get('system.letsencryptca') == 'production') { - $upd_stmt = Database::prepare( - "UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " . - "WHERE `customerid` = :customerid;"); - Database::pexecute($upd_stmt, - array( - 'public' => $keys['public'], - 'private' => $keys['private'], - 'customerid' => $certrow['customerid'] - )); + $upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " . "WHERE `customerid` = :customerid;"); + Database::pexecute($upd_stmt, array( + 'public' => $keys['public'], + 'private' => $keys['private'], + 'customerid' => $certrow['customerid'] + )); } $this->accountKey = $keys['private']; @@ -88,6 +85,16 @@ class lescript } } + /** + * + * @param array $domains + * @param string $domainkey + * @param string $csr + * optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already + * + * @throws \RuntimeException + * @return string[] + */ public function signDomains(array $domains, $domainkey = null, $csr = null) { if (! $this->accountKey) { @@ -109,14 +116,13 @@ class lescript $this->log("Requesting challenge for $domain"); - $response = $this->signedRequest("/acme/new-authz", - array( - "resource" => "new-authz", - "identifier" => array( - "type" => "dns", - "value" => $domain - ) - )); + $response = $this->signedRequest("/acme/new-authz", array( + "resource" => "new-authz", + "identifier" => array( + "type" => "dns", + "value" => $domain + ) + )); // if response is not an array but a string, it's most likely a server-error, e.g. // ErrorAn error occurred while processing your request. @@ -130,12 +136,13 @@ class lescript } // choose http-01 challenge only - $challenge = array_reduce($response['challenges'], - function ($v, $w) { - return $v ? $v : ($w['type'] == 'http-01' ? $w : false); - }); - if (! $challenge) + $challenge = array_reduce($response['challenges'], function ($v, $w) { + return $v ? $v : ($w['type'] == 'http-01' ? $w : false); + }); + + if (! $challenge) { throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response)); + } $this->log("Got challenge token for $domain"); $location = $this->client->getLastLocation(); @@ -183,13 +190,12 @@ class lescript $this->log("Sending request to challenge"); // send request to challenge - $result = $this->signedRequest($challenge['uri'], - array( - "resource" => "challenge", - "type" => "http-01", - "keyAuthorization" => $payload, - "token" => $challenge['token'] - )); + $result = $this->signedRequest($challenge['uri'], array( + "resource" => "challenge", + "type" => "http-01", + "keyAuthorization" => $payload, + "token" => $challenge['token'] + )); // waiting loop // we wait for a maximum of 30 seconds to avoid endless loops @@ -228,7 +234,9 @@ class lescript $this->client->getLastLinks(); - $csr = $this->generateCSR($privateDomainKey, $domains); + if (empty($csr)) { + $csr = $this->generateCSR($privateDomainKey, $domains); + } // request certificates creation $result = $this->signedRequest("/acme/new-cert", array( @@ -314,8 +322,7 @@ class lescript $tmpConfPath = $tmpConfMeta["uri"]; // workaround to get SAN working - fwrite($tmpConf, - 'HOME = . + fwrite($tmpConf, 'HOME = . RANDFILE = $ENV::HOME/.rnd [ req ] default_bits = ' . Settings::Get('system.letsencryptkeysize') . ' @@ -329,16 +336,15 @@ basicConstraints = CA:FALSE subjectAltName = ' . $san . ' keyUsage = nonRepudiation, digitalSignature, keyEncipherment'); - $csr = openssl_csr_new( - array( - "CN" => $domain, - "ST" => Settings::Get('system.letsencryptstate'), - "C" => Settings::Get('system.letsencryptcountrycode'), - "O" => "Unknown" - ), $privateKey, array( - "config" => $tmpConfPath, - "digest_alg" => "sha256" - )); + $csr = openssl_csr_new(array( + "CN" => $domain, + "ST" => Settings::Get('system.letsencryptstate'), + "C" => Settings::Get('system.letsencryptcountrycode'), + "O" => "Unknown" + ), $privateKey, array( + "config" => $tmpConfPath, + "digest_alg" => "sha256" + )); if (! $csr) throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string()); @@ -353,11 +359,10 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment'); private function generateKey() { - $res = openssl_pkey_new( - array( - "private_key_type" => OPENSSL_KEYTYPE_RSA, - "private_key_bits" => (int) Settings::Get('system.letsencryptkeysize') - )); + $res = openssl_pkey_new(array( + "private_key_type" => OPENSSL_KEYTYPE_RSA, + "private_key_bits" => (int) Settings::Get('system.letsencryptkeysize') + )); if (! openssl_pkey_export($res, $privateKey)) { throw new \RuntimeException("Key export failed!");