[webinterface] Add event log messages for cert changes

2 files changed, 41 insertions, 8 deletions

diff --git a/modules-available/webinterface/inc/acme.inc.php b/modules-available/webinterface/inc/acme.inc.php
index c23578cc..f12ceb2e 100644
--- a/modules-available/webinterface/inc/acme.inc.php
+++ b/modules-available/webinterface/inc/acme.inc.php
@@ -81,21 +81,26 @@ class Acme
 		if (!is_array($task) || !Taskmanager::isTask($task))
 			return;
 		$task = Taskmanager::waitComplete($task, 250);
+		$args = ['user' => User::getLogin()];
 		if (Taskmanager::isFinished($task)) {
-			self::callbackErrorCheck($task);
+			self::callbackErrorCheck($task, $args);
 		} else {
 			Property::set(self::PROP_ERROR, false);
-			TaskmanagerCallback::addCallback($task, 'acmeErrors');
+			TaskmanagerCallback::addCallback($task, 'acmeErrors', $args);
 		}
 	}
 
-	public static function callbackErrorCheck(array $task): void
+	public static function callbackErrorCheck(array $task, $args): void
 	{
 		if (!Taskmanager::isFinished($task))
 			return;
 		if (Taskmanager::isFailed($task)) {
+			if (($args['user'] ?? null) === null) {
+				EventLog::warning('Automatic ACME renewal of HTTPS certificate failed', json_encode($task, JSON_PRETTY_PRINT));
+			}
 			Property::set(self::PROP_ERROR, $task['data']['error'] ?? 'Unknown error');
 		} else {
+			EventLog::info('ACME issue/renewal of HTTPS certificate by ' . ($args['user'] ?? 'automatic cronjob'));
 			Property::set(self::PROP_ERROR, false);
 		}
 	}
diff --git a/modules-available/webinterface/inc/webinterface.inc.php b/modules-available/webinterface/inc/webinterface.inc.php
index 20be6545..035b94e6 100644
--- a/modules-available/webinterface/inc/webinterface.inc.php
+++ b/modules-available/webinterface/inc/webinterface.inc.php
@@ -69,33 +69,61 @@ class WebInterface
 		return Property::get(self::PROP_REDIRECT) === 'True';
 	}
 
+	private static function registerCallback($task, string $newState, string $logMessage): void
+	{
+		if (!Taskmanager::isTask($task))
+			return;
+		TaskmanagerCallback::addCallback($task, 'webifCert', [
+			'state' => $newState,
+			'message' => $logMessage . ' by ' . (User::getLogin() ?? 'system'),
+		]);
+	}
+
+	public static function certTaskFinishedCallback(array $task, $data): void
+	{
+		if (!Taskmanager::isFinished($task))
+			return;
+		if (!isset($data['state']) || !isset($data['message'])) {
+			error_log('Invalid certTaskFinishedCallback: Missing fields');
+			return;
+		}
+		if (Taskmanager::isFailed($task)) {
+			EventLog::failure($data['message'], json_encode($task, JSON_PRETTY_PRINT));
+			return;
+		}
+		EventLog::info($data['message']);
+		Property::set(self::PROP_TYPE, $data['state']);
+	}
+
 	public static function tmDisableHttps(): ?string
 	{
-		Property::set(WebInterface::PROP_TYPE, 'off');
 		Property::set(WebInterface::PROP_HSTS, 'off');
 		$task = Taskmanager::submit('LighttpdHttps', []);
+		self::registerCallback($task, 'off', 'HTTPS disabled');
 		return $task['id'] ?? null;
 	}
 
 	public static function tmGenerateRandomCert(): ?string
 	{
-		Property::set(WebInterface::PROP_TYPE, 'generated');
 		$task = Taskmanager::submit('LighttpdHttps', [
 			'proxyip' => Property::getServerIp(),
 			'redirect' => self::isHttpsRedirectEnabled(),
 		]);
+		self::registerCallback($task, 'generated', 'Self-signed HTTPS certificate generated');
 		return $task['id'] ?? null;
 	}
 
-	public static function tmImportCustomCert(string $key, string $cert, ?string $chain = null): ?string
+	public static function tmImportCustomCert(string $key, string $cert, string $type, string $logMessage): ?string
 	{
-		Property::set(WebInterface::PROP_TYPE, 'supplied');
+		$key = preg_replace('/[\r\n]+/', "\n", $key);
+		$cert = preg_replace('/[\r\n]+/', "\n", $cert);
+		Property::set(WebInterface::PROP_TYPE, $type);
 		$task = Taskmanager::submit('LighttpdHttps', [
 			'importcert' => $cert,
 			'importkey' => $key,
-			'importchain' => $chain,
 			'redirect' => self::isHttpsRedirectEnabled(),
 		]);
+		self::registerCallback($task, $type, $logMessage);
 		return $task['id'] ?? null;
 	}