Certificate Authority work

Author: jc21

backend/embed/api_docs/components/CertificateAuthorityObject.json

@@ -7,7 +7,11 @@
 		"created_on",
 		"modified_on",
 		"name",
-		"acme2_url"
+		"acmesh_server",
+		"ca_bundle",
+		"max_domains",
+		"is_wildcard_supported",
+		"is_setup"
 	],
 	"properties": {
 		"id": {
@@ -27,10 +31,25 @@
 			"minLength": 1,
 			"maxLength": 100
 		},
-		"acme2_url": {
+		"acmesh_server": {
 			"type": "string",
-			"minLength": 8,
+			"minLength": 2,
 			"maxLength": 255
+		},
+		"ca_bundle": {
+			"type": "string",
+			"minLength": 0,
+			"maxLength": 255
+		},
+		"max_domains": {
+			"type": "integer",
+			"minimum": 1
+		},
+		"is_wildcard_supported": {
+			"type": "boolean"
+		},
+		"is_setup": {
+			"type": "boolean"
 		}
 	}
 }

backend/embed/api_docs/components/CertificateObject.json

@@ -49,6 +49,9 @@
 			"type": "integer",
 			"minimum": 0
 		},
+		"certificate_authority": {
+			"$ref": "#/components/schemas/CertificateAuthorityObject"
+		},
 		"dns_provider_id": {
 			"type": "integer",
 			"minimum": 0

backend/embed/api_docs/paths/certificates-authorities/caID/get.json

@@ -37,10 +37,14 @@
 							"value": {
 								"result": {
 									"id": 1,
-									"created_on": 1602588511,
-									"modified_on": 1602588511,
-									"name": "Let's Encrypt",
-									"acme2_url": "https://acme-v02.api.letsencrypt.org/directory"
+									"created_on": 1627531400,
+									"modified_on": 1627531400,
+									"name": "ZeroSSL",
+									"acmesh_server": "zerossl",
+									"ca_bundle": "",
+									"max_domains": 10,
+									"is_wildcard_supported": true,
+									"is_setup": false
 								}
 							}
 						}

backend/embed/api_docs/paths/certificates-authorities/caID/put.json

@@ -46,10 +46,14 @@
 							"value": {
 								"result": {
 									"id": 1,
-									"created_on": 1602588511,
-									"modified_on": 1602588511,
-									"name": "Let's Encrypt",
-									"acme2_url": "https://acme-v02.api.letsencrypt.org/directory"
+									"created_on": 1627531400,
+									"modified_on": 1627531400,
+									"name": "ZeroSSL",
+									"acmesh_server": "zerossl",
+									"ca_bundle": "",
+									"max_domains": 10,
+									"is_wildcard_supported": true,
+									"is_setup": false
 								}
 							}
 						}

backend/embed/api_docs/paths/certificates-authorities/get.json

@@ -64,17 +64,25 @@
 									"items": [
 										{
 											"id": 1,
-											"created_on": 1602588511,
-											"modified_on": 1602588511,
-											"name": "Let's Encrypt",
-											"acme2_url": "https://acme-v02.api.letsencrypt.org/directory"
+											"created_on": 1627531400,
+											"modified_on": 1627531400,
+											"name": "ZeroSSL",
+											"acmesh_server": "zerossl",
+											"ca_bundle": "",
+											"max_domains": 10,
+											"is_wildcard_supported": true,
+											"is_setup": false
 										},
 										{
 											"id": 2,
-											"created_on": 1602588511,
-											"modified_on": 1602588511,
-											"name": "Let's Encrypt (Staging)",
-											"acme2_url": "https://acme-staging-v02.api.letsencrypt.org/directory"
+											"created_on": 1627531400,
+											"modified_on": 1627531400,
+											"name": "Let's Encrypt",
+											"acmesh_server": "https://acme-v02.api.letsencrypt.org/directory",
+											"ca_bundle": "",
+											"max_domains": 10,
+											"is_wildcard_supported": true,
+											"is_setup": false
 										}
 									]
 								}

backend/embed/api_docs/paths/certificates-authorities/post.json

@@ -32,11 +32,15 @@
 						"default": {
 							"value": {
 								"result": {
-									"id": 3,
-									"created_on": 1602588900,
-									"modified_on": 1602588900,
-									"name": "Boulder",
-									"acme2_url": "https://boulder.local/directory"
+									"id": 1,
+									"created_on": 1627531400,
+									"modified_on": 1627531400,
+									"name": "ZeroSSL",
+									"acmesh_server": "zerossl",
+									"ca_bundle": "",
+									"max_domains": 10,
+									"is_wildcard_supported": true,
+									"is_setup": false
 								}
 							}
 						}

backend/embed/migrations/20201013035318_initial_schema.sql

@@ -56,7 +56,11 @@ CREATE TABLE IF NOT EXISTS `certificate_authority`
 	created_on INTEGER NOT NULL DEFAULT 0,
 	modified_on INTEGER NOT NULL DEFAULT 0,
 	name TEXT NOT NULL,
-	acme2_url TEXT NOT NULL,
+	acmesh_server TEXT NOT NULL DEFAULT "",
+	is_setup INTEGER NOT NULL DEFAULT 0,
+	ca_bundle TEXT NOT NULL DEFAULT "",
+	is_wildcard_supported INTEGER NOT NULL DEFAULT 0, -- specific to each CA, acme v1 doesn't usually have wildcards
+	max_domains INTEGER NOT NULL DEFAULT 5, -- per request
 	is_deleted INTEGER NOT NULL DEFAULT 0
 );
 

backend/embed/migrations/20201013035839_initial_data.sql

@@ -36,20 +36,51 @@ INSERT INTO `certificate_authority` (
 	created_on,
 	modified_on,
 	name,
-	acme2_url
+	acmesh_server,
+	is_wildcard_supported,
+	max_domains
 ) VALUES (
+	strftime('%s', 'now'),
+	strftime('%s', 'now'),
+	"ZeroSSL",
+	"zerossl",
+	1,
+	10
+), (
 	strftime('%s', 'now'),
 	strftime('%s', 'now'),
 	"Let's Encrypt",
-	"https://acme-v02.api.letsencrypt.org/directory"
+	"https://acme-v02.api.letsencrypt.org/directory",
+	1,
+	10
+), (
+	strftime('%s', 'now'),
+	strftime('%s', 'now'),
+	"Buypass Go SSL",
+	"https://api.buypass.com/acme/directory",
+	0,
+	5
+), (
+	strftime('%s', 'now'),
+	strftime('%s', 'now'),
+	"Let's Encrypt (Testing)",
+	"https://acme-staging-v02.api.letsencrypt.org/directory",
+	1,
+	10
 ), (
 	strftime('%s', 'now'),
 	strftime('%s', 'now'),
-	"Let's Encrypt (Staging)",
-	"https://acme-staging-v02.api.letsencrypt.org/directory"
+	"Buypass Go SSL (Testing)",
+	"https://api.test4.buypass.no/acme/directory",
+	0,
+	5
+), (
+	strftime('%s', 'now'),
+	strftime('%s', 'now'),
+	"SSL.com",
+	"ssl.com",
+	0,
+	10
 );
 
-
 -- migrate:down
-
--- Not allowed to go down from initial

backend/internal/acme/acmesh.go

@@ -17,7 +17,7 @@ var acmeShFile string
 
 // GetAcmeShVersion will return the acme.sh script version
 func GetAcmeShVersion() string {
-	if r, err := acmeShExec("--version"); err == nil {
+	if r, err := shExec("--version"); err == nil {
 		// modify the output
 		r = strings.Trim(r, "\n")
 		v := strings.Split(r, "\n")
@@ -26,13 +26,15 @@ func GetAcmeShVersion() string {
 	return ""
 }
 
-func acmeShExec(args ...string) (string, error) {
+// shExec executes the acme.sh with arguments
+func shExec(args ...string) (string, error) {
 	if _, err := os.Stat(acmeShFile); os.IsNotExist(err) {
 		e := fmt.Errorf("%s does not exist", acmeShFile)
 		logger.Error("AcmeShError", e)
 		return "", e
 	}
 
+	logger.Debug("CMD: %s %v", acmeShFile, args)
 	// nolint: gosec
 	c := exec.Command(acmeShFile, args...)
 	b, e := c.Output()
@@ -61,3 +63,33 @@ func WriteAcmeSh() {
 		logger.Info("Wrote %s", acmeShFile)
 	}
 }
+
+// RequestCert does all the heavy lifting
+func RequestCert(domains []string, method string) error {
+	args := []string{"--issue"}
+
+	webroot := "/home/wwwroot/example.com"
+
+	// Add domains to args
+	for _, ___domain := range domains {
+		args = append(args, "-d", ___domain)
+	}
+
+	switch method {
+	// case "dns":
+	case "http":
+		args = append(args, "-w", webroot)
+
+	default:
+		return fmt.Errorf("RequestCert method not supported: %s", method)
+	}
+
+	ret, err := shExec(args...)
+	if err != nil {
+		return err
+	}
+
+	logger.Debug("ret: %+v", ret)
+
+	return nil
+}

backend/internal/api/schema/create_certificate_authority.go

@@ -10,12 +10,14 @@ func CreateCertificateAuthority() string {
 			"additionalProperties": false,
 			"required": [
 				"name",
-				"acme2_url"
+				"acmesh_server",
+				"max_domains"
 			],
 			"properties": {
 				"name": %s,
-				"acme2_url": %s
+				"acmesh_server": %s,
+				"max_domains": %s
 			}
 		}
-	`, stringMinMax(1, 100), stringMinMax(8, 255))
+	`, stringMinMax(1, 100), stringMinMax(2, 255), intMinOne)
 }