Experiment with accountkeys per customer

Signed-off-by: Florian Aders <eleras@froxlor.org>

install/froxlor.sql

@@ -194,6 +194,8 @@ CREATE TABLE `panel_customers` (
   `theme` varchar(255) NOT NULL default 'Sparkle',
   `custom_notes` text,
   `custom_notes_show` tinyint(1) NOT NULL default '0',
+  `lepublickey` text DEFAULT NULL,
+  `leprivatekey` text DEFAULT NULL,
    PRIMARY KEY  (`customerid`),
    UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -825,7 +827,7 @@ CREATE TABLE IF NOT EXISTS `domain_ssl_settings` (
   `ssl_ca_file` mediumtext,
   `ssl_cert_chainfile` mediumtext,
   `letsencrypt` int(11) NOT NULL DEFAULT '0',
-  `expirationdate` datetime DEFAULT NULL
+  `expirationdate` datetime DEFAULT NULL,
   PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
 

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -3028,6 +3028,8 @@ if (isFroxlorVersion('0.9.34.2')) {
     showUpdateStep("Adding Let's encrypt - certificate fields");
     Database::query("ALTER TABLE `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` ADD `letsencrypt` INT NOT NULL DEFAULT '0' AFTER `ssl_cert_chainfile`");
     Database::query("ALTER TABLE `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` ADD `expirationdate` DATETIME NULL AFTER `letsencrypt`;");
+    Database::query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` ADD `lepublickey` TEXT DEFAULT NULL AFTER `custom_notes_show`");
+    Database::query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` ADD `leprivatekey` TEXT DEFAULT NULL AFTER `lepublickey`;");
     Settings::AddNew("system.leprivatekey", 'unset');
     Settings::AddNew("system.lepublickey", 'unset');
     lastStepStatus(0);

lib/classes/ssl/class.lescript.php

@@ -47,10 +47,10 @@ class lescript
         $this->client = new Client($this->ca);
     }
 
-    public function initAccount()
+    public function initAccount($certrow)
     {
         // Let's see if we have the private accountkey
-        $this->accountKey = Settings::Get('system.leprivatekey');
+        $this->accountKey = $certrow['leprivatekey'];
         if (!$this->accountKey || $this->accountKey == 'unset') {
 
             // generate and save new private key for account
@@ -58,8 +58,10 @@ class lescript
 
             $this->log('Starting new account registration');
             $keys = $this->generateKey();
-            Settings::Set('system.leprivatekey', $keys['private']);
+            $upd_stmt = Database::prepare("
-            Settings::Set('system.lepublickey', $keys['public']);
+                UPDATE `".TABLE_PANEL_CUSTOMERS."` SET `lepublickey` = :public AND `leprivatekey` = :private WHERE `customerid` = :customerid;
+            ");
+            Database::pexecute($upd_stmt, array('public' => $keys['public'], 'private' => $keys['private'], 'customerid' => $certrow['customerid']));
             $this->accountKey = $keys['private'];
             $this->postNewReg();
             $this->log('New account certificate registered');

scripts/jobs/cron_letsencrypt.php

@@ -21,8 +21,10 @@
 fwrite($debugHandler, "updating let's encrypt certificates\n");
 
 $certificates_stmt = Database::query("
-	SELECT domssl.`id`, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, dom.`domain`, dom.`iswildcarddomain`, dom.`wwwserveralias`, dom.`documentroot`
+	SELECT domssl.`id`, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, dom.`domain`, dom.`iswildcarddomain`, dom.`wwwserveralias`, dom.`documentroot`,
-	FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` as domssl, `" . TABLE_PANEL_DOMAINS . "` as dom WHERE domssl.domainid = dom.id AND domssl.letsencrypt = 1
+		cust.`leprivatekey`, cust.`lepublickey`, cust.customerid
+	FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` as domssl, `" . TABLE_PANEL_DOMAINS . "` as dom, `" . TABLE_PANEL_CUSTOMERS . "` as cust
+	WHERE domssl.domainid = dom.id AND dom.customerid = cust.customerid AND domssl.letsencrypt = 1
 ");
 
 $upd_stmt = Database::prepare("
@@ -52,7 +54,7 @@ while ($certrow = $certificates_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$le = new lescript($certrow['documentroot'], $debugHandler);
 			
 			// Initialize Lescript
-			$le->initAccount();
+			$le->initAccount($certrow);
 			
 			// Request the new certificate (old key may be used)
 			$return = $le->signDomains($domains, $certrow['ssl_key_file']);