-
Notifications
You must be signed in to change notification settings - Fork 647
/
caddy_certs.php
executable file
·87 lines (75 loc) · 3.42 KB
/
caddy_certs.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/usr/local/bin/php
<?php
/*
* Copyright (C) 2024 Cedrik Pischem
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
require_once "config.inc";
use OPNsense\Core\Config;
$configObj = Config::getInstance()->object();
$temp_dir = '/var/db/caddy/data/caddy/certificates/temp/';
// Traverse through certificates
foreach ($configObj->cert as $cert) {
$cert_refid = (string)$cert->refid;
$cert_content = base64_decode((string)$cert->crt);
$key_content = base64_decode((string)$cert->prv);
$cert_chain = $cert_content;
// Handle CA and possible intermediate CA to create a certificate bundle
if (!empty($cert->caref)) {
foreach ($configObj->ca as $ca) {
if ((string)$cert->caref === (string)$ca->refid) {
$ca_content = base64_decode((string)$ca->crt);
$cert_chain .= "\n" . $ca_content;
if (!empty($ca->caref)) {
foreach ($configObj->ca as $parent_ca) {
if ((string)$ca->caref === (string)$parent_ca->refid) {
$parent_ca_content = base64_decode((string)$parent_ca->crt);
$cert_chain .= "\n" . $parent_ca_content;
break;
}
}
}
}
}
}
// Save the certificate chain and private key
file_put_contents($temp_dir . $cert_refid . '.pem', $cert_chain);
file_put_contents($temp_dir . $cert_refid . '.key', $key_content);
}
// Traverse through CA certificates and save them
foreach ($configObj->ca as $ca) {
$ca_refid = (string)$ca->refid;
$ca_content = base64_decode((string)$ca->crt);
// Save the CA certificate
file_put_contents($temp_dir . $ca_refid . '.pem', $ca_content);
}
// Traverse through layer4 OpenVPN static keys and save them as files
if (isset($configObj->Pischem->caddy->reverseproxy->layer4openvpn)) {
foreach ($configObj->Pischem->caddy->reverseproxy->layer4openvpn as $openvpn) {
$uuid = (string) $openvpn['uuid'];
$static_key = (string) $openvpn->StaticKey;
// Save the static key
file_put_contents($temp_dir . $uuid . '.key', $static_key);
}
}