upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security/acme-client: version 1.18

Browse source
This commit is contained in:
Franco Fichtner 2018-12-11 07:29:21 +01:00
parent 04011a17e7
commit f63a0d5daf
6 changed files with 102 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
security/acme-client/Makefile
View file

@ -1,6 +1,5 @@
PLUGIN_NAME= acme-client
PLUGIN_VERSION= 1.17
PLUGIN_REVISION= 1
PLUGIN_VERSION= 1.18
PLUGIN_COMMENT= Let's Encrypt client
PLUGIN_MAINTAINER= opnsense@moov.de
PLUGIN_DEPENDS= acme.sh bind912

2
security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php
View file

@ -309,7 +309,7 @@ class SettingsController extends ApiMutableModelControllerBase
}
// Ensure HAProxy frontend additions have been applied.
foreach ($mdlAcme->getNodeByReference('validations.validation')->__items as $validation) {
foreach ($mdlAcme->getNodeByReference('validations.validation')->iterateItems() as $validation) {
// Find all (enabled) validation methods with HAProxy integration.
if ((string)$validation->enabled == "1" and
(string)$validation->method == "http01" and

41
security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
View file

@ -750,4 +750,45 @@
<label>API Key</label>
<type>text</type>
</field>
<field>
<label>GratisDNS.dk</label>
<type>header</type>
<style>table_dns table_dns_gdnsdk</style>
</field>
<field>
<id>validation.dns_gdnsdk_user</id>
<label>User</label>
<type>text</type>
</field>
<field>
<id>validation.dns_gdnsdk_password</id>
<label>Password</label>
<type>password</type>
</field>
<field>
<label>ACME DNS</label>
<type>header</type>
<style>table_dns table_dns_acmedns</style>
</field>
<field>
<id>validation.dns_acmedns_user</id>
<label>User</label>
<type>text</type>
</field>
<field>
<id>validation.dns_acmedns_password</id>
<label>Password</label>
<type>password</type>
</field>
<field>
<id>validation.dns_acmedns_subdomain</id>
<label>Subdomain</label>
<type>text</type>
</field>
<field>
<id>validation.dns_acmedns_updateurl</id>
<label>Update URL</label>
<type>text</type>
<help>Specify the custom ACME DNS Update URL, i.e. https://auth.acme-dns.io/update (optional)</help>
</field>
</form>

6
security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.php
View file

@ -45,7 +45,7 @@ class AcmeClient extends BaseModel
*/
public function getByCertificateID($certificateid)
{
foreach ($this->certificates->certificate->__items as $certificate) {
foreach ($this->certificates->certificate->iterateItems() as $certificate) {
if ((string)$certificateid === (string)$certificate->certificateid) {
return $certificate;
}
@ -62,7 +62,7 @@ class AcmeClient extends BaseModel
{
if ((string)$this->settings->enabled === "1") {
if ($checkCertificates === true) {
foreach ($this->certificates->certificate->__items as $certificate) {
foreach ($this->certificates->certificate->iterateItems() as $certificate) {
if ((string)$certificate->enabled == "1") {
return true; // Found a active certificate
}
@ -81,7 +81,7 @@ class AcmeClient extends BaseModel
*/
public function getByActionID($uuid)
{
foreach ($this->actions->action->__items as $action) {
foreach ($this->actions->action->iterateItems() as $action) {
if ((string)$uuid === (string)$action->getAttributes()["uuid"]) {
return $action;
}

20
security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
View file

@ -339,6 +339,7 @@
<Required>Y</Required>
<default>dns_nsupdate</default>
<OptionValues>
<dns_acmedns>ACME DNS API</dns_acmedns>
<dns_ad>Alwaysdata.com API</dns_ad>
<dns_ali>aliyun.com API</dns_ali>
<dns_autodns>autoDNS (InternetX) API</dns_autodns>
@ -361,6 +362,7 @@
<dns_freedns>FreeDNS API</dns_freedns>
<dns_gandi_livedns>Gandi LiveDNS API</dns_gandi_livedns>
<dns_gd>GoDaddy.com API</dns_gd>
<dns_gdnsdk>GratisDNS.dk</dns_gdnsdk>
<dns_he>Hurricane Electric</dns_he>
<dns_infoblox>Infoblox API</dns_infoblox>
<dns_inwx>INWX XMLRPC API</dns_inwx>
@ -655,6 +657,24 @@
<dns_zm_key type="TextField">
<Required>N</Required>
</dns_zm_key>
<dns_gdnsdk_user type="TextField">
<Required>N</Required>
</dns_gdnsdk_user>
<dns_gdnsdk_password type="TextField">
<Required>N</Required>
</dns_gdnsdk_password>
<dns_acmedns_user type="TextField">
<Required>N</Required>
</dns_acmedns_user>
<dns_acmedns_password type="TextField">
<Required>N</Required>
</dns_acmedns_password>
<dns_acmedns_subdomain type="TextField">
<Required>N</Required>
</dns_acmedns_subdomain>
<dns_acmedns_updateurl type="TextField">
<Required>N</Required>
</dns_acmedns_updateurl>
</validation>
</validations>
<actions>

67
security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
View file

@ -1,37 +1,33 @@
#!/usr/local/bin/php
<?php
/**
* Based in parts on certs.inc and system_camanager.php (thus the extended copyright notice).
/*
* Copyright (C) 2017-2018 Frank Wall
* Copyright (C) 2015 Deciso B.V.
* Copyright (C) 2010 Jim Pingle <jimp@pfsense.org>
* Copyright (C) 2008 Shrew Soft Inc. <mgrooms@shrew.net>
* All rights reserved.
*
* Copyright (C) 2017-2018 Frank Wall
* Copyright (C) 2015 Deciso B.V.
* Copyright (C) 2010 Jim Pingle <jimp@pfsense.org>
* Copyright (C) 2008 Shrew Soft Inc. <mgrooms@shrew.net>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* All rights reserved.
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
// Hello. I am the spaghetti monster. Yummy.
@ -42,14 +38,13 @@ require_once("certs.inc");
require_once("legacy_bindings.inc");
require_once("interfaces.inc");
require_once("util.inc");
// Some stuff requires the almighty MVC framework.
use OPNsense\Core\Backend;
use OPNsense\Core\Config;
use OPNsense\Base;
use OPNsense\AcmeClient\AcmeClient;
global $config;
global $postponed_updates;
$postponed_updates = array();
/* CLI arguments:
@ -145,7 +140,7 @@ function cert_action_validator($opt_cert_id)
$acctRef = (string)$certObj->account;
$acctObj = null;
$acctref_found = false;
foreach ($modelObj->getNodeByReference('accounts.account')->__items as $node) {
foreach ($modelObj->getNodeByReference('accounts.account')->iterateItems() as $node) {
if ((string)$node->getAttributes()["uuid"] == $acctRef) {
$acctref_found = true;
$acctObj = $node;
@ -182,7 +177,7 @@ function cert_action_validator($opt_cert_id)
$valRef = (string)$certObj->validationMethod;
$valObj = null;
$ref_found = false;
foreach ($modelObj->getNodeByReference('validations.validation')->__items as $node) {
foreach ($modelObj->getNodeByReference('validations.validation')->iterateItems() as $node) {
if ((string)$node->getAttributes()["uuid"] == $valRef) {
$ref_found = true;
$valObj = $node;
@ -782,6 +777,16 @@ function run_acme_validation($certObj, $valObj, $acctObj)
case 'dns_zonomi':
$proc_env['ZM_Key'] = (string)$valObj->dns_zm_key;
break;
case 'dns_gdnsdk':
$proc_env['GDNSDK_Username'] = (string)$valObj->dns_gdnsdk_user;
$proc_env['GDNSDK_Password'] = (string)$valObj->dns_gdnsdk_password;
break;
case 'dns_acmedns':
$proc_env['ACMEDNS_USERNAME'] = (string)$valObj->dns_acmedns_user;
$proc_env['ACMEDNS_PASSWORD'] = (string)$valObj->dns_acmedns_password;
$proc_env['ACMEDNS_SUBDOMAIN'] = (string)$valObj->dns_acmedns_subdomain;
$proc_env['ACMEDNS_UPDATE_URL'] = (string)$valObj->dns_acmedns_updateurl;
break;
default:
log_error("AcmeClient: invalid DNS-01 service specified: " . (string)$valObj->dns_service);
return(1);