<?php

# Let's encrypt

$plugin_name='letsencrypt';

class letsencrypt
{

	public static $order=9;
	public static $filename_key="{host}.{domain}/privkey.pem";
	public static $filename_cert="{host}.{domain}/fullchain.pem";

	public static function generate($ssldir, $ssl_all, $ini)
	{

		$dehydrated_bin="/opt/dehydrated/dehydrated";
		$dehydrated_confdir="/etc/dehydrated/web";
		$dehydrated_conf=$dehydrated_confdir."/config.ini";
		$dehydrated_domlist=$dehydrated_confdir."/domains.txt";
		$dehydrated_log="/var/log/dehydrated/dehydrated.log";

		//sanity check
		if (!(file_exists($dehydrated_bin)))
		{
			logme('SSL error: dehydrated binary not found: '.$dehydrated_bin);
			return false;
		}
		if (!(file_exists($dehydrated_confdir)))
		{
			logme('SSL error: dehydrated config dir found: '.$dehydrated_confdir);
			return false;
		}
		if (!(file_exists($dehydrated_conf)))
		{
			logme('SSL error: dehydrated config not found: '.$dehydrated_conf);
			return false;
		}
		$dehydrated_logdir=dirname($dehydrated_log);
		if (!(file_exists($dehydrated_logdir)))
		{
			logme('SSL error: dehydrated log dir not found: '.$dehydrated_logdir);
			return false;
		}

		$ssl_new_names=array();
		$fp = fopen($dehydrated_domlist,'w');

		foreach($ssl_all as $ssl)
		{
			$names=array();
			$names[]=$ssl['host'].'.'.$ssl['domain'];
			if ($ssl['host']=='www')
			{
				$names[]=$ssl['domain'];
			}
#			else
#			{
#				$names[]='www'.$ssl['host'].'.'.$ssl['domain'];
#			}

			foreach ($ssl['aliases'] as $alias)
			{
				if(strpos($alias, '*') === false)
				{
					$names[]=$alias.'.'.$ssl['domain'];
					if ($alias=='www')
					{
						$names[]=$ssl['domain'];
					}
				}
			}

			foreach ($ssl['ext_aliases'] as $ext_alias)
			{
				if(strpos($ext_alias, '*') === false)
				{
					$names[]=$ext_alias;
					if (substr($ext_alias,1,4)=='www.')
					{
						$names[]=substr($ext_alias,5);
					}
					else
					{
						// add www only if it's not a subdomain
#						if (substr_count($ext_alias, '.')==1)
						if (check_format_domain($ext_alias))
						{
							$names[]='www.'.$ext_alias;
						}
					}
				}
			}

			fwrite($fp,implode(' ', $names).PHP_EOL);

			if ($ssl['ssl_new']==1)
			{
				$ssl_new_names[]=$names;
			}

		}
		fclose($fp);

		if (count($ssl_new_names)>0)
		{
			$datest='# [sys-admin] '.date(DATE_RFC2822).PHP_EOL;
			file_put_contents($dehydrated_log, $datest, FILE_APPEND);

			// Generate only new certs (cron will do the rest)
			foreach($ssl_new_names as $sslnn)
			{
				$newnames_list=implode(' ', $sslnn);
				exec_as_err($dehydrated_bin." -c --keep-going --config ".$dehydrated_conf." -d '".$newnames_list."' >>".$dehydrated_log." 2>&1", $ini['ssl']['user'], false);
			}
		}

	}

}