Experiment with accountkeys per customer

Signed-off-by: Florian Aders <eleras@froxlor.org>
2016-01-30 13:06:42 +01:00
parent 2e7dd6f212
commit 67df9dbf6b
4 changed files with 16 additions and 8 deletions
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -194,6 +194,8 @@ CREATE TABLE `panel_customers` (
  `theme` varchar(255) NOT NULL default 'Sparkle',
  `custom_notes` text,
  `custom_notes_show` tinyint(1) NOT NULL default '0',
+  `lepublickey` text DEFAULT NULL,
+  `leprivatekey` text DEFAULT NULL,
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -825,7 +827,7 @@ CREATE TABLE IF NOT EXISTS `domain_ssl_settings` (
  `ssl_ca_file` mediumtext,
  `ssl_cert_chainfile` mediumtext,
  `letsencrypt` int(11) NOT NULL DEFAULT '0',
-  `expirationdate` datetime DEFAULT NULL
+  `expirationdate` datetime DEFAULT NULL,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -3028,6 +3028,8 @@ if (isFroxlorVersion('0.9.34.2')) {
    showUpdateStep("Adding Let's encrypt - certificate fields");
    Database::query("ALTER TABLE `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` ADD `letsencrypt` INT NOT NULL DEFAULT '0' AFTER `ssl_cert_chainfile`");
    Database::query("ALTER TABLE `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` ADD `expirationdate` DATETIME NULL AFTER `letsencrypt`;");
+    Database::query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` ADD `lepublickey` TEXT DEFAULT NULL AFTER `custom_notes_show`");
+    Database::query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` ADD `leprivatekey` TEXT DEFAULT NULL AFTER `lepublickey`;");
    Settings::AddNew("system.leprivatekey", 'unset');
    Settings::AddNew("system.lepublickey", 'unset');
    lastStepStatus(0);
--- a/lib/classes/ssl/class.lescript.php
+++ b/lib/classes/ssl/class.lescript.php
@@ -47,10 +47,10 @@ class lescript
        $this->client = new Client($this->ca);
    }

-    public function initAccount()
+    public function initAccount($certrow)
    {
        // Let's see if we have the private accountkey
-        $this->accountKey = Settings::Get('system.leprivatekey');
+        $this->accountKey = $certrow['leprivatekey'];
        if (!$this->accountKey || $this->accountKey == 'unset') {

            // generate and save new private key for account
@@ -58,8 +58,10 @@ class lescript

            $this->log('Starting new account registration');
            $keys = $this->generateKey();
-            Settings::Set('system.leprivatekey', $keys['private']);
-            Settings::Set('system.lepublickey', $keys['public']);
+            $upd_stmt = Database::prepare("
+                UPDATE `".TABLE_PANEL_CUSTOMERS."` SET `lepublickey` = :public AND `leprivatekey` = :private WHERE `customerid` = :customerid;
+            ");
+            Database::pexecute($upd_stmt, array('public' => $keys['public'], 'private' => $keys['private'], 'customerid' => $certrow['customerid']));
            $this->accountKey = $keys['private'];
            $this->postNewReg();
            $this->log('New account certificate registered');
--- a/scripts/jobs/cron_letsencrypt.php
+++ b/scripts/jobs/cron_letsencrypt.php
@@ -21,8 +21,10 @@
 fwrite($debugHandler, "updating let's encrypt certificates\n");

 $certificates_stmt = Database::query("
-	SELECT domssl.`id`, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, dom.`domain`, dom.`iswildcarddomain`, dom.`wwwserveralias`, dom.`documentroot`
-	FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` as domssl, `" . TABLE_PANEL_DOMAINS . "` as dom WHERE domssl.domainid = dom.id AND domssl.letsencrypt = 1
+	SELECT domssl.`id`, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, dom.`domain`, dom.`iswildcarddomain`, dom.`wwwserveralias`, dom.`documentroot`,
+		cust.`leprivatekey`, cust.`lepublickey`, cust.customerid
+	FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` as domssl, `" . TABLE_PANEL_DOMAINS . "` as dom, `" . TABLE_PANEL_CUSTOMERS . "` as cust
+	WHERE domssl.domainid = dom.id AND dom.customerid = cust.customerid AND domssl.letsencrypt = 1
 ");

 $upd_stmt = Database::prepare("
@@ -52,7 +54,7 @@ while ($certrow = $certificates_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$le = new lescript($certrow['documentroot'], $debugHandler);
 			
 			// Initialize Lescript
-			$le->initAccount();
+			$le->initAccount($certrow);
 			
 			// Request the new certificate (old key may be used)
 			$return = $le->signDomains($domains, $certrow['ssl_key_file']);