From e12095b0b900c4c3d4119dc6c38b28b884e0202e Mon Sep 17 00:00:00 2001
From: Peter Putzer <openwrt@mundschenk.at>
Date: Sat, 24 Feb 2024 17:06:43 +0100
Subject: [PATCH] uacme: Add support custom CAs and TLS-ALPN-01 challenge

Signed-off-by: Peter Putzer <openwrt@mundschenk.at>
---
 net/uacme/files/run.sh | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/net/uacme/files/run.sh b/net/uacme/files/run.sh
index 98871d4ba7..ce82af6b9b 100755
--- a/net/uacme/files/run.sh
+++ b/net/uacme/files/run.sh
@@ -8,6 +8,7 @@
 #
 # Initial Author: Toke Høiland-Jørgensen <toke@toke.dk>
 # Adapted for uacme: Lucian Cristian <lucian.cristian@gmail.com>
+# Adapted for custom CA and TLS-ALPN-01: Peter Putzer <openwrt@mundschenk.at>
 
 CHECK_CRON=$1
 
@@ -39,6 +40,8 @@ UPDATE_UHTTPD=0
 UPDATE_HAPROXY=0
 FW_RULE=
 USER_CLEANUP=
+ACME_URL=
+ACME_STAGING_URL=
 
 . /lib/functions.sh
 
@@ -220,6 +223,7 @@ issue_cert()
     local failed_dir
     local webroot
     local dns
+    local tls
     local user_setup
     local user_cleanup
     local ret
@@ -237,6 +241,7 @@ issue_cert()
     config_get keylength "$section" keylength
     config_get webroot "$section" webroot
     config_get dns "$section" dns
+    config_get tls "$section" tls
     config_get user_setup "$section" user_setup
     config_get user_cleanup "$section" user_cleanup
 
@@ -249,15 +254,26 @@ issue_cert()
 
     if [ "$APP" = "uacme" ]; then
 	[ "$DEBUG" -eq "1" ] && debug="--verbose --verbose"
+	[ "$tls" -eq "1" ] && HPROGRAM=/usr/share/uacme/ualpn.sh
     elif [ "$APP" = "acme" ]; then
 	[ "$DEBUG" -eq "1" ] && acme_args="$acme_args --debug"
     fi
     if [ "$use_staging" -eq "1" ]; then
 	STATE_DIR="$STAGING_STATE_DIR";
-	staging="--staging";
+
+	# Check if we should use a custom stagin URL
+        if [ "$APP" = "uacme" -a -n "$ACME_STAGING_URL" ]; then
+        	ACME="$ACME --acme-url $ACME_STAGING_URL"
+	else
+		staging="--staging";
+	fi
     else
 	STATE_DIR="$PRODUCTION_STATE_DIR";
 	staging="";
+
+	if [ "$APP" = "uacme" -a -n "$ACME_URL" ]; then
+		ACME="$ACME --acme-url $ACME_URL"
+	fi
     fi
 
     set -- $domains
@@ -267,7 +283,7 @@ issue_cert()
 	log "Running user-provided setup script from $user_setup."
 	"$user_setup" "$main_domain" || return 2
     else
-	[ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 2
+	[ -n "$webroot" ] || [ -n "$dns" ] || [ -n "$tls" ] || pre_checks "$main_domain" || return 2
     fi
 
     log "Running $APP for $main_domain"
@@ -322,6 +338,13 @@ issue_cert()
 	    return 2
 #	    uacme_args="$uacme_args --dns $dns"
 	fi
+    elif [ -n "$tls" ]; then
+	if [ "$APP" = "uacme" ]; then
+            log "Using TLS mode"
+	else
+            log "TLS not supported by $APP"
+            return 2
+	fi
     elif [ -z "$webroot" ]; then
 	if [ "$APP" = "acme" ]; then
 	    log "Using standalone mode"
@@ -486,6 +509,8 @@ load_vars()
     STAGING_STATE_DIR=$PRODUCTION_STATE_DIR/staging
     ACCOUNT_EMAIL=$(config_get "$section" account_email)
     DEBUG=$(config_get "$section" debug)
+    ACME_URL=$(config_get "$section" acme_url)
+    ACME_STAGING_URL=$(config_get "$section" acme_staging_url)
 }
 
 if [ -z "$INCLUDE_ONLY" ]; then