From fba529ef91fa5621a3fe0f6e61479b0e1a39803f Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Sun, 8 Jan 2023 17:12:27 +0000
Subject: [PATCH] Add easy config for letsencrypt

---
 Rocksolid_Light/rslight/letsencrypt.inc.php   | 12 +++++
 Rocksolid_Light/rslight/scripts/cron.php      | 14 ++----
 Rocksolid_Light/rslight/scripts/nntp-ssl.php  |  7 ++-
 .../rslight/scripts/rslight-lib.php           | 46 +++++++++++++++++++
 4 files changed, 64 insertions(+), 15 deletions(-)
 create mode 100644 Rocksolid_Light/rslight/letsencrypt.inc.php

diff --git a/Rocksolid_Light/rslight/letsencrypt.inc.php b/Rocksolid_Light/rslight/letsencrypt.inc.php
new file mode 100644
index 0000000..2a3d9ad
--- /dev/null
+++ b/Rocksolid_Light/rslight/letsencrypt.inc.php
@@ -0,0 +1,12 @@
+<?php 
+
+/* Set paths for fullchain.pem abnd privkey.pem */
+$letsencrypt['fullchain'] = file_get_contents("/etc/letsencrypt/live/<domain>/fullchain.pem");
+$letsencrypt['privkey'] = file_get_contents("/etc/letsencrypt/live/<domain>/privkey.pem");
+
+/* Please do not change anything below */
+$letsencrypt['pem_private_key'] = openssl_pkey_get_private($letsencrypt['privkey']);
+$pem_public_key = openssl_pkey_get_details($letsencrypt['pem_private_key'])['key'];
+
+$letsencrypt['server.pem'] = $letsencrypt['fullchain'];
+$letsencrypt['pubkey.pem'] = $pem_public_key;
diff --git a/Rocksolid_Light/rslight/scripts/cron.php b/Rocksolid_Light/rslight/scripts/cron.php
index 973453c..ccb03a4 100755
--- a/Rocksolid_Light/rslight/scripts/cron.php
+++ b/Rocksolid_Light/rslight/scripts/cron.php
@@ -46,7 +46,9 @@
   @chown($ssldir, $uinfo["uid"]);
   @chgrp($ssldir, $uinfo["gid"]);
 
-# Fix this. It shouldn't be necessary
+  $pemfile = $ssldir.'/server.pem';
+  create_node_ssl_cert($pemfile);
+
   $overview = $spooldir.'/articles-overview.db3';
   touch($overview);
   @chown($overview, $uinfo["uid"]);
@@ -59,16 +61,6 @@
   @mkdir($logdir,0755,'recursive');
   @mkdir($lockdir,0755,'recursive');
   
-  $pemfile = $ssldir.'/server.pem';
-  $pubkeyfile = $ssldir.'/pubkey.pem';
-  if((!is_file($pemfile)) || (!is_file($pubkeyfile))) {
-      create_certificate($pemfile, $pubkeyfile);
-  }
-  if(!is_file($webtmp.'/pubkey.txt') && is_file($config_dir.'/ssl/pubkey.pem')) {
-      echo 'Writing pubkey.txt to: '.$webtmp."/pubkey.txt\n";
-      copy($config_dir.'/ssl/pubkey.pem', $webtmp.'/pubkey.txt');
-  }
-
 if(isset($CONFIG['enable_nocem']) && $CONFIG['enable_nocem'] == true) {
   @mkdir($spooldir."nocem",0755,'recursive');
   exec($CONFIG['php_exec']." ".$config_dir."/scripts/nocem.php");
diff --git a/Rocksolid_Light/rslight/scripts/nntp-ssl.php b/Rocksolid_Light/rslight/scripts/nntp-ssl.php
index 4cda3f7..e679cbe 100755
--- a/Rocksolid_Light/rslight/scripts/nntp-ssl.php
+++ b/Rocksolid_Light/rslight/scripts/nntp-ssl.php
@@ -73,11 +73,10 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
 	$auth_ok = 0;
 	$user = "";
 	$pass = "";
+	
 	$pemfile = $ssldir.'/server.pem';
-	$pubkeyfile = $ssldir.'/pubkey.pem';
-	if((!is_file($pemfile)) || (!is_file($pubkeyfile))) {
-	    create_certificate($pemfile, $pubkeyfile);
-	}	
+	create_node_ssl_cert($pemfile);
+
 	$context = stream_context_create();
 	stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
 	stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
diff --git a/Rocksolid_Light/rslight/scripts/rslight-lib.php b/Rocksolid_Light/rslight/scripts/rslight-lib.php
index 06ebf3d..27fb131 100755
--- a/Rocksolid_Light/rslight/scripts/rslight-lib.php
+++ b/Rocksolid_Light/rslight/scripts/rslight-lib.php
@@ -1212,6 +1212,52 @@ function get_article_list($thisgroup) {
   return(array_unique($ok_article));
 }
 
+function create_node_ssl_cert($pemfile) {
+    global $CONFIG, $ssldir, $webtmp, $config_dir;
+    include $config_dir.'/letsencrypt.inc.php';
+    $pubkeyfile = $ssldir.'/pubkey.pem';
+    
+    if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($webtmp.'/pubkey.txt'))) {
+      return;
+    }
+/* Use letsencrypt */    
+    if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) {
+        file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']);
+        file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']);
+        copy($pubkeyfile, $webtmp.'/pubkey.txt');
+        return;
+    }
+/* Create self signed cert */
+    $certificateData = array(
+        "countryName" => "US",
+        "stateOrProvinceName" => "New York",
+        "localityName" => "New York City",
+        "organizationName" => "Rocksolid",
+        "organizationalUnitName" => "Rocksolid Light",
+        "commonName" => $CONFIG['organization'],
+        "emailAddress" => "rocksolid@example.com"
+    );
+    
+    // Generate certificate
+    $privateKey = openssl_pkey_new();
+    $certificate = openssl_csr_new($certificateData, $privateKey);
+    $certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
+    
+    // Generate PEM file
+    $pem_passphrase = null; // empty for no passphrase
+    $pem = array();
+    openssl_x509_export($certificate, $pem[0]);
+    openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
+    $pem = implode($pem);
+    
+    $pubkey=openssl_pkey_get_details($privateKey);
+    
+    // Save PEM file
+    file_put_contents($pemfile, $pem);
+    file_put_contents($pubkeyfile, $pubkey['key']);
+    copy($pubkeyfile, $webtmp.'/pubkey.txt');
+}
+
 function create_certificate($pemfile, $pubkeyfile) {
     global $CONFIG;
     $certificateData = array(