Domain server ACME client with custom Web UI.

.github/workflows/master_build.yml

@@ -106,6 +106,8 @@ jobs:
       with:
         submodules: false
         fetch-depth: 1
+    - name: Checkout ACME submodule
+      run: git submodule update --init libraries/networking/src/acme
 
     - name: Install dependencies
       shell: bash

.github/workflows/pr_build.yml

@@ -140,6 +140,8 @@ jobs:
       with:
         submodules: false
         fetch-depth: 1
+    - name: Checkout ACME submodule
+      run: git submodule update --init libraries/networking/src/acme
 
     - name: Install dependencies
       shell: bash

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "libraries/networking/src/acme"]
+	path = libraries/networking/src/acme
+	url = https://github.com/vircadia/acme-lw

domain-server/resources/describe-settings.json

@@ -128,6 +128,118 @@
         }
       ]
     },
+    {
+      "name": "acme",
+      "label": "SSL ACME Client",
+      "settings": [
+        {
+            "name": "enable_client",
+            "label": "Enable ACME client",
+            "help": "Enables ACME client that will manage the SSL certificates.",
+            "default": false,
+            "type": "checkbox",
+            "advanced": true
+        },
+        {
+            "name": "directory_endpoint",
+            "label": "ACME Directory Endpoint",
+            "help": "URL of the certificate issuer ACME directory endpoint.",
+            "default": "https://acme-v02.api.letsencrypt.org/directory",
+            "advanced": true
+        },
+        {
+            "name": "zerossl_rest_api",
+            "label": "ZeroSSL REST API",
+            "help": "Use ZeroSSL Rest API Instead of ACME protocol.",
+            "default": false,
+            "type": "checkbox",
+            "advanced": true
+        },
+        {
+            "name": "account_key_path",
+            "label": "Account Key",
+            "help": "Path to private key used to communicate with certificate issuer.",
+            "default": "",
+            "placeholder": "<Application Data Path>/acme_account_key.pem",
+            "advanced": true
+        },
+        {
+            "name": "zerossl_api_key",
+            "label": "ZeroSSL API Key",
+            "help": "API key to use for ZeroSSL REST API requests",
+            "advanced": true
+        },
+        {
+            "name": "eab_kid",
+            "label": "External Account Binding KID",
+            "advanced": true
+        },
+        {
+            "name": "eab_mac",
+            "label": "External Account Binding MAC",
+            "advanced": true
+        },
+        {
+            "name": "certificate_directory",
+            "label": "Certificate Directory",
+            "help": "Certificate files will be stored in this directory.",
+            "default": "",
+            "placeholder": "Application Data Path",
+            "advanced": true
+        },
+        {
+            "name": "certificate_filename",
+            "label": "Certificate Filename",
+            "help": "Certificate will be stored with this filename in Certificate Directory.",
+            "default": "vircadia-cert.crt",
+            "advanced": true
+        },
+        {
+            "name": "certificate_key_filename",
+            "label": "Certificate Key Filename",
+            "help": "Certificate private key will be stored with this filename in Certificate Directory.",
+            "default": "vircadia-cert.key",
+            "advanced": true
+        },
+        {
+            "name": "certificate_authority_filename",
+            "label": "Certificate Authority Filename",
+            "help": "Trusted certificate authority list will be stored with this filename in Certificate Directory. If unspecified system default CAs will be used.",
+            "default": "",
+            "placeholder": "System Default",
+            "advanced": true
+        },
+        {
+            "name": "challenge_handler_type",
+            "label": "Type of HTTP challenge handler.",
+            "help": "This settings determines how the client will attempt to complete the server's HTTP challenges. Possible Values are: server - client will attempt to host the challenges on port 80, files - client will attempt to save challenges as files in the directories associated with specified domains, manual - client will wait for a few minutes for the challenges to be completed.",
+            "default": "server",
+            "advanced": true
+        },
+        {
+          "name": "certificate_domains",
+          "label": "Domains Names",
+          "type": "table",
+          "can_add_new_rows": true,
+          "help": "The domains names or IP addresses to generate the certificate for.",
+          "numbered": false,
+          "advanced": true,
+          "columns": [
+            {
+              "name": "domain",
+              "label": "Domain name or IP address",
+              "can_set": true
+            },
+            {
+              "name": "directory",
+              "label": "Domain root directory",
+              "placeholder": "Current directory",
+              "can_set": true
+            }
+          ]
+        }
+      ]
+    },
     {
       "label": "Monitoring",
       "name": "monitoring",

domain-server/resources/web/header.html

@@ -37,6 +37,7 @@
           <ul class="nav navbar-nav">
             <li><a href="/">Nodes</a></li>
             <li><a href="/assignment">Assignment</a></li>
+            <li><a href="/ssl-acme-client">SSL/ACME Configuration</a></li>
 
             <li class="dropdown dropdown-on-hover">
               <a href="/content/" class="hidden-xs">Content <span class="content-settings-badge badge"></span> <span class="caret"></span></a>

domain-server/resources/web/ssl-acme-client/index.html

@@ -0,0 +1,114 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>SSL/ACME Configuration</title>
+        <meta charset="utf-8">
+    </head>
+    <body>
+        <a id="back-link" href="/"> Back to settings panel </a>
+
+        <h4>Automatic Management</h4>
+
+        <div id="enable-container">
+            <label>Enable</label>
+            <input id="enable" type="checkbox"/>
+        </div>
+
+        <div id="enable-content">
+
+        <div id="directory-container">
+            <label>CA directory</label>
+            <select id="directory-url-select">
+                <option value="https://acme-v02.api.letsencrypt.org/directory">Let's Encrypt v2 Production</option>
+                <option value="https://acme-staging-v02.api.letsencrypt.org/directory">Let's Encrypt v2 Staging</option>
+                <option value="https://acme.zerossl.com/v2/DV90">ZeroSSL ACME v2</option>
+                <option value="zerossl-rest-api">ZeroSSL REST</option>
+                <option value="custom">Custom URL</option>
+            </select>
+            <a href="" id="terms-of-service">Terms of Service</a>
+            <input id="directory-url" type="text"/>
+        </div>
+
+        <div id="auth-container">
+            <label>Authentication method</label>
+            <select id="auth-select">
+                <option value="account-key-only">Account Key</option>
+                <option class="eab-option zero-ssl-auth-option zero-ssl-auth-option-default" value="zero-ssl-email">ZeroSLL Email</option>
+                <option class="eab-option zero-ssl-auth-option" value="zero-ssl-api-key">ZeroSSL API Key</option>
+                <option class="eab-option" value="id-mac">ID and MAC key</option>
+            </select>
+            <input id="zero-ssl-auth-input" placeholder="ZeroSSL Email" type="text" />
+            <input id="eab-kid-input" placeholder="KID" type="text" />
+            <input id="eab-mac-input" placeholder="MAC" type="text" />
+        </div>
+
+        <div id="other-settings-container">
+            <label>Challenge completion method</label>
+            <select id="challenge-select">
+                <option value="server">HTTP Server</option>
+                <option value="files">Files</option>
+                <option value="manual">Manual</option>
+            </select>
+            <br />
+            <label>Account Key</label>
+            <input id="account-key-path" type="text" placeholder="<Application Data Path>/acme_account_key.pem" />
+            <input id="account-key-upload" type="file" />
+            <br />
+            <input id="account-key-reset" type="button" value="Reset Account Key" />
+        </div>
+        <br />
+
+        <div id="domains-container">
+            <label>Domains</label>
+            <div id="domain-inputs">
+                <div class="domain-input-container">
+                    <input type="text" class="domain-name-input" placeholder="Domain Name" />
+                    <input type="text" class="domain-dir-input" placeholder="Domain Directory" />
+                    <input type="button" class="remove-domain-button"  value="Remove" />
+                </div>
+            </div>
+            <input id="add-domain-button" type="button" value="Add Domain" />
+        </div>
+
+        </div>
+
+        <h4>Certificate Paths</h4>
+
+        <div id="paths-container">
+            <label>Certificate Directory</label>
+            <input id="cert-dir" type="text" placeholder="Application Data Path" />
+            <br />
+            <label>Certificate</label>
+            <input id="cert-name" type="text"/>
+            <input id="cert-upload" type="file" />
+            <br />
+            <label>Key</label>
+            <input id="cert-key-name" type="text" />
+            <input id="cert-key-upload" type="file" />
+            <br />
+            <label>CA list</label>
+            <input id="cert-ca-name" type="text" placeholder="System Default" />
+            <input id="cert-authorities-upload" type="file" />
+            <br />
+            <input id="cert-reset" type="button" value="Reset Certificate" />
+        </div>
+
+
+        <hr />
+        <div id="control-button-container">
+            <input id="save-button" type="button" value="Save Settings" />
+            <input id="restart-button" type="button" value="Restart Client" />
+        </div>
+
+        <hr />
+
+        <div>
+            <label>Status<label>
+            <input id="status-view-enable" type="checkbox"/>
+            <br />
+            <textarea hidden=true disabled=true id="status-view" style="width:100%; height:250px;"></textarea>
+        </div>
+
+        <script type='module' src='js/acme-settings.js'></script>
+    </body>
+</html>