dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(ssl): ability to create .pem certs and add clientAuth to extendedKeyUsage

Browse Source
This commit is contained in:
peaklabs-dev
2025-02-07 18:07:55 +01:00
parent 1a4c2c3dc9
commit f92c170db1
1 changed files with 34 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
app/Helpers/SslHelper.php
View File

@@ -25,7 +25,8 @@ class SslHelper
?string $caKey = null, ?string $caKey = null,
bool $isCaCertificate = false, bool $isCaCertificate = false,
?string $configurationDir = null, ?string $configurationDir = null,
?string $mountPath = null ?string $mountPath = null,
bool $isPemKeyFileRequired = false,
): SslCertificate { ): SslCertificate {
$organizationName = self::DEFAULT_ORGANIZATION_NAME; $organizationName = self::DEFAULT_ORGANIZATION_NAME;
$countryName = self::DEFAULT_COUNTRY_NAME; $countryName = self::DEFAULT_COUNTRY_NAME;
@@ -67,7 +68,7 @@ class SslHelper
$extendedKeyUsageSection = ''; $extendedKeyUsageSection = '';
if (! $isCaCertificate) { if (! $isCaCertificate) {
$extendedKeyUsageSection = "\nextendedKeyUsage = serverAuth"; $extendedKeyUsageSection = "\nextendedKeyUsage = serverAuth, clientAuth";
$subjectAlternativeNames = array_values( $subjectAlternativeNames = array_values(
array_unique( array_unique(
@@ -181,31 +182,44 @@ class SslHelper
return in_array($storage->mount_path, [ return in_array($storage->mount_path, [
$mountPath.'/server.crt', $mountPath.'/server.crt',
$mountPath.'/server.key', $mountPath.'/server.key',
$mountPath.'/server.pem',
]); ]);
}) })
->each(function ($storage) { ->each(function ($storage) {
$storage->delete(); $storage->delete();
}); });
$model->fileStorages()->create([ if ($isPemKeyFileRequired) {
'fs_path' => $configurationDir.'/ssl/server.crt', $model->fileStorages()->create([
'mount_path' => $mountPath.'/server.crt', 'fs_path' => $configurationDir.'/ssl/server.pem',
'content' => $certificateStr, 'mount_path' => $mountPath.'/server.pem',
'is_directory' => false, 'content' => $certificateStr."\n".$privateKeyStr,
'chmod' => '644', 'is_directory' => false,
'resource_type' => $resourceType, 'chmod' => '600',
'resource_id' => $resourceId, 'resource_type' => $resourceType,
]); 'resource_id' => $resourceId,
]);
} else {
$model->fileStorages()->create([
'fs_path' => $configurationDir.'/ssl/server.crt',
'mount_path' => $mountPath.'/server.crt',
'content' => $certificateStr,
'is_directory' => false,
'chmod' => '644',
'resource_type' => $resourceType,
'resource_id' => $resourceId,
]);
$model->fileStorages()->create([ $model->fileStorages()->create([
'fs_path' => $configurationDir.'/ssl/server.key', 'fs_path' => $configurationDir.'/ssl/server.key',
'mount_path' => $mountPath.'/server.key', 'mount_path' => $mountPath.'/server.key',
'content' => $privateKeyStr, 'content' => $privateKeyStr,
'is_directory' => false, 'is_directory' => false,
'chmod' => '600', 'chmod' => '600',
'resource_type' => $resourceType, 'resource_type' => $resourceType,
'resource_id' => $resourceId, 'resource_id' => $resourceId,
]); ]);
}
} }
return $sslCertificate; return $sslCertificate;