/** * Generates a certificate with Let's Encrypt. * * This method is called through one of the action callbacks. * * In a Multinetwork setup, a certificate can either be generated for only the current * network or for all networks. * * @since 1.0.0 * @access protected * * @param array $data The request data for the action. * @param bool $network_wide Whether this action should be performed network-wide. * @return string|WP_Error The success message or an error object. */ protected function generate_certificate($data = array(), $network_wide = false) { if (!Util::can_generate_certificate()) { return new WP_Error('domain_cannot_sign', __('Domain cannot be signed. Either the account is not registered yet or the settings are not valid.', 'wp-encrypt')); } $filesystem_check = $this->maybe_request_filesystem_credentials($network_wide); if (false === $filesystem_check) { return new WP_Error('invalid_filesystem_credentials', __('Invalid or missing filesystem credentials.', 'wp-encrypt'), 'error'); } $domain = $network_wide ? Util::get_network_domain() : Util::get_site_domain(); $addon_domains = $network_wide ? Util::get_network_addon_domains(null, Util::get_option('include_all_networks')) : array(); /** * Filters the addon domains to create the certificate for. * * Using this filter basically allows to generate the certificate for any URLs, * even those outside of the WordPress installation. * * @since 1.0.0 * * @param array $addon_domains The addon domains. * @param string $domain The root domain for the certificate. * @param bool $network_wide Whether this certificate is created for an entire network. */ $addon_domains = apply_filters('wpenc_addon_domains', $addon_domains, $domain, $network_wide); $manager = CertificateManager::get(); $response = $manager->generate_certificate($domain, $addon_domains, array('ST' => Util::get_option('country_name'), 'C' => Util::get_option('country_code'), 'O' => Util::get_option('organization'))); if (is_wp_error($response)) { return $response; } Util::set_registration_info('certificate', $response); if (Util::get_option('autogenerate_certificate')) { Util::schedule_autogenerate_event(current_time('timestamp'), true); } /** * Fires after the SSL certificate has been generated. * * The hook is invoked after both initial and subsequent certificate generation processes. * * @since 1.0.0 * * @param array $response Response from the certificate generation call. * @param string $domain Primary domain of the generated certificate. * @param array $addon_domains Additional domains of the generated certificate. */ do_action('wpenc_certificate_generated', $response, $domain, $addon_domains); return sprintf(__('Certificate generated for %s.', 'wp-encrypt'), implode(', ', $response['domains'])); }
/** * Renders the settings page. * * The settings page contains all UI for the plugin. The user can specify the settings for * his or her organization, then register the account with Let's Encrypt and then generate * a certificate. * * The settings page furthermore provides some additional settings to specify how the plugin * should behave. * * @since 1.0.0 * @access public */ public function render_page() { if (CoreUtil::needs_filesystem_credentials()) { ?> <div class="notice notice-warning"> <p><?php printf(__('The directories %1$s and %2$s that WP Encrypt needs access to are not automatically writable by the site. Unless you change this, it is not possible to auto-renew certificates.', 'wp-encrypt'), '<code>' . CoreUtil::get_letsencrypt_certificates_dir_path() . '</code>', '<code>' . CoreUtil::get_letsencrypt_challenges_dir_path() . '</code>'); ?> </p> <p><?php _e('Note that you can still manually renew certificates by providing valid filesystem credentials each time.', 'wp-encrypt'); ?> </p> </div> <?php } $account_registration_info = Util::get_registration_info('account'); $certificate_registration_info = Util::get_registration_info('certificate'); $account_registration_timestamp = false; $certificate_generation_timestamp = false; $site_domains = array(); if (isset($account_registration_info['createdAt'])) { $account_registration_timestamp = strtotime($account_registration_info['createdAt']) + HOUR_IN_SECONDS * get_option('gmt_offset'); } elseif (isset($account_registration_info['_wp_time'])) { $account_registration_timestamp = strtotime($account_registration_info['_wp_time']); } if (isset($certificate_registration_info['_wp_time'])) { $certificate_generation_timestamp = strtotime($certificate_registration_info['_wp_time']); if (isset($certificate_registration_info['domains'])) { $site_domains = $certificate_registration_info['domains']; } } $has_certificate = 0 < count($site_domains); $form_action = App::get_admin_action_file($this->context); $primary = 'save'; if (Util::get_option('valid')) { $primary = 'register'; if (Util::can_generate_certificate()) { $primary = 'generate'; } } ?> <style type="text/css"> .wp-encrypt-form { margin-bottom: 40px; } .remove, .reset { color: #aa0000; text-decoration: none; } .remove:hover, .reset:hover { color: #ff0000; text-decoration: none; border: none; } .remove { margin-left: 6px; line-height: 28px; } .danger-headline { color: #aa0000; } </style> <div class="wrap"> <h1><?php _e('WP Encrypt', 'wp-encrypt'); ?> </h1> <form class="wp-encrypt-form" method="post" action="<?php echo $form_action; ?> "> <?php settings_fields('wp_encrypt_settings'); ?> <?php do_settings_sections(self::PAGE_SLUG); ?> <?php submit_button('', ('save' === $primary ? 'primary' : 'secondary') . ' large', 'submit', false); ?> </form> <?php if (Util::get_option('valid')) { ?> <h2><?php _e('Let’s Encrypt Account', 'wp-encrypt'); ?> </h2> <form class="wp-encrypt-form" method="post" action="<?php echo $form_action; ?> "> <p class="description"> <?php _e('By clicking on this button, you will register an account for the above organization with Let’s Encrypt.', 'wp-encrypt'); ?> <?php printf(__('By registering, you verify that you have read and accepted the <a href="%s" target="_blank">Let’s Encrypt Subscriber Agreement</a>.', 'wp-encrypt'), Client::get()->get_license_url()); ?> <?php if ($account_registration_timestamp) { ?> <br /> <?php printf(__('Your account was registered on %1$s at %2$s.', 'wp-encrypt'), date_i18n(get_option('date_format'), $account_registration_timestamp), date_i18n(get_option('time_format'), $account_registration_timestamp)); ?> <?php } ?> </p> <?php $this->action_post_fields('wpenc_register_account'); ?> <?php submit_button(__('Register Account', 'wp-encrypt'), 'register' === $primary ? 'primary' : 'secondary', 'submit', false, array('id' => 'register-account-button')); ?> </form> <?php if (Util::can_generate_certificate()) { ?> <h2><?php _e('Let’s Encrypt Certificate', 'wp-encrypt'); ?> </h2> <form class="wp-encrypt-form" method="post" action="<?php echo $form_action; ?> "> <p class="description"> <?php _e('Here you can manage the actual certificate.', 'wp-encrypt'); ?> <?php if ('network' === $this->context) { ?> <?php _e('The certificate will be valid for all the sites in your network by default.', 'wp-encrypt'); ?> <?php } ?> <?php if ($certificate_generation_timestamp) { ?> <br /> <?php if ('network' === $this->context && 0 < count($site_domains)) { ?> <?php printf(__('Your certificate was last generated on %1$s at %2$s for the following domains: %3$s', 'wp-encrypt'), date_i18n(get_option('date_format'), $certificate_generation_timestamp), date_i18n(get_option('time_format'), $certificate_generation_timestamp), implode(', ', $site_domains)); ?> <?php } else { ?> <?php printf(__('Your certificate was last generated on %1$s at %2$s.', 'wp-encrypt'), date_i18n(get_option('date_format'), $certificate_generation_timestamp), date_i18n(get_option('time_format'), $certificate_generation_timestamp)); ?> <?php } ?> <?php } ?> </p> <?php $this->action_post_fields('wpenc_generate_certificate'); ?> <?php submit_button(__('Generate Certificate', 'wp-encrypt'), 'generate' === $primary ? 'primary' : 'secondary', 'submit', false, array('id' => 'generate-certificate-button')); ?> <?php if ($has_certificate) { ?> <a id="revoke-certificate-button" class="remove" href="<?php echo App::get_admin_action_url($this->context, 'wpenc_revoke_certificate'); ?> "><?php _e('Revoke Certificate', 'wp-encrypt'); ?> </a> <?php } ?> </form> <?php if ($has_certificate) { ?> <?php $site_domain = 'network' === $this->context ? Util::get_network_domain() : Util::get_site_domain(); $certificate_dirs = $this->get_certificate_dirs($site_domain); ?> <h3><?php _e('Certificate & Key Locations', 'wp-encrypt'); ?> </h4> <ul> <li><?php printf(__('Certificate: %s', 'wp-encrypt'), '<code>' . $certificate_dirs['cert'] . '</code>'); ?> </li> <li><?php printf(__('Certificate Chain: %s', 'wp-encrypt'), '<code>' . $certificate_dirs['chain'] . '</code>'); ?> </li> <li><?php printf(__('Certificate Full Chain: %s', 'wp-encrypt'), '<code>' . $certificate_dirs['fullchain'] . '</code>'); ?> </li> <li><?php printf(__('Private Key: %s', 'wp-encrypt'), '<code>' . $certificate_dirs['key'] . '</code>'); ?> </li> </ul> <p><?php _e('Please check the Help tabs at the top of this page to learn how to set up the SSL certificate.', 'wp-encrypt'); ?> </p> <?php } ?> <?php } ?> <?php } ?> <?php if (defined('WP_ENCRYPT_ENABLE_DANGER_ZONE') && WP_ENCRYPT_ENABLE_DANGER_ZONE && ($account_registration_timestamp || $certificate_generation_timestamp)) { ?> <h2 class="danger-headline"><?php _e('Danger Zone', 'wp-encrypt'); ?> </h2> <p> <?php _e('By clicking the button below, you will remove all existing certificate and key files permanently. Use this with extreme caution.', 'wp-encrypt'); ?> <br /> <strong><?php _e('Do not hit this button while your server is using any of those files.', 'wp-encrypt'); ?> </strong> </p> <a id="reset-button" class="reset" href="<?php echo App::get_admin_action_url($this->context, 'wpenc_reset'); ?> "><?php _e('Reset', 'wp-encrypt'); ?> </a> <?php } ?> </div> <?php // for AJAX /*if ( CoreUtil::needs_filesystem_credentials() ) { wp_print_request_filesystem_credentials_modal(); }*/ }