[webinterface] Add support for HARICA and custom URLs

1 files changed, 45 insertions, 3 deletions

diff --git a/modules-available/webinterface/inc/acme.inc.php b/modules-available/webinterface/inc/acme.inc.php
index 3f5e76a0..bc26b7b2 100644
--- a/modules-available/webinterface/inc/acme.inc.php
+++ b/modules-available/webinterface/inc/acme.inc.php
@@ -9,15 +9,19 @@ class Acme
 	const PROP_HMAC_KEY = 'acme.hmac-key';
 	const PROP_DOMAINS = 'acme.domains';
 	const PROP_MAIL = 'acme.mail';
+	const PROP_CUSTOM_ACME_URL = 'acme.server-url';
 	const VALID_PROVIDERS = [
 		'letsencrypt' => "Let's Encrypt",
 		'zerossl' => 'ZeroSSL.com',
 		'buypass' => 'BuyPass.com',
-		'geant/sectigo' => 'GEANT via Sectigo',
+		//'geant/sectigo' => 'GEANT via Sectigo',
+		'harica' => 'HARICA',
+		'custom' => '...',
 	];
 
 	const PROVIDER_ALIASES = [
 		'geant/sectigo' => 'https://acme.sectigo.com/v2/GEANTOV',
+		'harica' => 'https://acme.harica.gr/acme/directory',
 	];
 
 	public static function getLastError(): ?string
@@ -30,6 +34,11 @@ class Acme
 		return Property::get(self::PROP_PROVIDER, null);
 	}
 
+	public static function getServerUrl(): ?string
+	{
+		return Property::get(self::PROP_CUSTOM_ACME_URL, null);
+	}
+
 	public static function getKeyId(): ?string
 	{
 		return Property::get(self::PROP_KEY_ID, null);
@@ -58,9 +67,27 @@ class Acme
 		return explode(' ', Property::get(self::PROP_DOMAINS));
 	}
 
-	public static function setConfig(string $provider, string $mail, ?string $keyId = null, ?string $hmacKey = null): bool
+	/**
+	 * Sets the configuration to the specified provider with optional server URL and authentication keys.
+	 *
+	 * @param string $provider The provider identifier, either 'custom' or a key in the valid providers list.
+	 * @param string $mail The email address associated with the provider.
+	 * @param string|null $serverUrl The custom server URL for the provider, required for the 'custom' provider and must use HTTPS.
+	 * @param string|null $keyId The optional key ID used for authentication.
+	 * @param string|null $hmacKey The optional HMAC key for authentication.
+	 *
+	 * @return bool Returns true if the configuration is successfully set, false otherwise.
+	 */
+	public static function setConfig(string $provider, string $mail, ?string $serverUrl = null,
+												?string $keyId = null, ?string $hmacKey = null): bool
 	{
-		if (!isset(self::VALID_PROVIDERS[$provider])) {
+		if ($provider === 'custom') {
+			if (substr($serverUrl, 0, 6) !== 'https:') {
+				Message::addError('webinterface.acme-invalid-url', $serverUrl);
+				return false;
+			}
+			Property::set(self::PROP_CUSTOM_ACME_URL, $serverUrl); // Only update if custom is selected
+		} elseif (!isset(self::VALID_PROVIDERS[$provider])) {
 			Message::addError('webinterface.acme-invalid-provider', $provider);
 			return false;
 		}
@@ -116,9 +143,18 @@ class Acme
 		}
 	}
 
+	/**
+	 * Issues a new certificate using the configured ACME provider and other relevant details.
+	 *
+	 * @param bool $wipeAll Indicates whether all existing certificates and accounts should be wiped before issuing a new one.
+	 * @return ?string The task ID of the certificate issuance process, or null if an error occurred.
+	 */
 	public static function issueNewCertificate(bool $wipeAll = false): ?string
 	{
 		$provider = self::getProvider();
+		if ($provider === 'custom') {
+			$provider = Property::get(self::PROP_CUSTOM_ACME_URL, null);
+		}
 		if ($provider === null) {
 			Message::addError('webinterface.acme-no-provider');
 			return null;
@@ -148,6 +184,12 @@ class Acme
 		return $task['id'] ?? null;
 	}
 
+	/**
+	 * Renews certificates based on available domains.
+	 * This expects a valid configuration and existing account.
+	 *
+	 * @return ?string ID of the submitted task for the renewal process or null if no domains are available
+	 */
 	public static function renew(): ?string
 	{
 		error_log("Renew called");