uacme: Add support custom CAs and TLS-ALPN-01 challenge

Signed-off-by: Peter Putzer <openwrt@mundschenk.at>

diff --git a/net/uacme/files/run.sh b/net/uacme/files/run.sh
index 98871d4ba71701fa3aff10598012a1fc2554b5cf..ce82af6b9b318389e60f5148c06367debbbf8e33 100755 (executable)
--- a/net/uacme/files/run.sh
+++ b/net/uacme/files/run.sh
@@ -8,6 +8,7 @@
 #
 # Initial Author: Toke Høiland-Jørgensen <toke@toke.dk>
 # Adapted for uacme: Lucian Cristian <lucian.cristian@gmail.com>
+# Adapted for custom CA and TLS-ALPN-01: Peter Putzer <openwrt@mundschenk.at>
 
 CHECK_CRON=$1
 
@@ -39,6 +40,8 @@ UPDATE_UHTTPD=0
 UPDATE_HAPROXY=0
 FW_RULE=
 USER_CLEANUP=
+ACME_URL=
+ACME_STAGING_URL=
 
 . /lib/functions.sh
 
@@ -220,6 +223,7 @@ issue_cert()
     local failed_dir
     local webroot
     local dns
+    local tls
     local user_setup
     local user_cleanup
     local ret
@@ -237,6 +241,7 @@ issue_cert()
     config_get keylength "$section" keylength
     config_get webroot "$section" webroot
     config_get dns "$section" dns
+    config_get tls "$section" tls
     config_get user_setup "$section" user_setup
     config_get user_cleanup "$section" user_cleanup
 
@@ -249,15 +254,26 @@ issue_cert()
 
     if [ "$APP" = "uacme" ]; then
        [ "$DEBUG" -eq "1" ] && debug="--verbose --verbose"
+       [ "$tls" -eq "1" ] && HPROGRAM=/usr/share/uacme/ualpn.sh
     elif [ "$APP" = "acme" ]; then
        [ "$DEBUG" -eq "1" ] && acme_args="$acme_args --debug"
     fi
     if [ "$use_staging" -eq "1" ]; then
        STATE_DIR="$STAGING_STATE_DIR";
-       staging="--staging";
+
+       # Check if we should use a custom stagin URL
+        if [ "$APP" = "uacme" -a -n "$ACME_STAGING_URL" ]; then
+               ACME="$ACME --acme-url $ACME_STAGING_URL"
+       else
+               staging="--staging";
+       fi
     else
        STATE_DIR="$PRODUCTION_STATE_DIR";
        staging="";
+
+       if [ "$APP" = "uacme" -a -n "$ACME_URL" ]; then
+               ACME="$ACME --acme-url $ACME_URL"
+       fi
     fi
 
     set -- $domains
@@ -267,7 +283,7 @@ issue_cert()
        log "Running user-provided setup script from $user_setup."
        "$user_setup" "$main_domain" || return 2
     else
-       [ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 2
+       [ -n "$webroot" ] || [ -n "$dns" ] || [ -n "$tls" ] || pre_checks "$main_domain" || return 2
     fi
 
     log "Running $APP for $main_domain"
@@ -322,6 +338,13 @@ issue_cert()
            return 2
 #          uacme_args="$uacme_args --dns $dns"
        fi
+    elif [ -n "$tls" ]; then
+       if [ "$APP" = "uacme" ]; then
+            log "Using TLS mode"
+       else
+            log "TLS not supported by $APP"
+            return 2
+       fi
     elif [ -z "$webroot" ]; then
        if [ "$APP" = "acme" ]; then
            log "Using standalone mode"
@@ -486,6 +509,8 @@ load_vars()
     STAGING_STATE_DIR=$PRODUCTION_STATE_DIR/staging
     ACCOUNT_EMAIL=$(config_get "$section" account_email)
     DEBUG=$(config_get "$section" debug)
+    ACME_URL=$(config_get "$section" acme_url)
+    ACME_STAGING_URL=$(config_get "$section" acme_staging_url)
 }
 
 if [ -z "$INCLUDE_ONLY" ]; then