security/acme-client: make HAProxy integration optional

security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php

@@ -34,7 +34,6 @@ use \OPNsense\Core\Backend;
 use \OPNsense\Cron\Cron;
 use \OPNsense\Core\Config;
 use \OPNsense\Base\UIModelGrid;
-use \OPNsense\HAProxy\HAProxy;
 use \OPNsense\AcmeClient\AcmeClient;
 
 /**
@@ -125,12 +124,18 @@ class SettingsController extends ApiMutableModelControllerBase
         if ($this->request->isPost()) {
             $mdlAcme = $this->getModel();
 
+            // Check if the required plugin is installed
+            if ((string)$mdlAcme->isPluginInstalled('os-haproxy') != "1") {
+                $this->getLogger()->error("LE check: HAProxy plugin is NOT installed, skipping integration");
+                return($result);
+            }
+
             // Setup only if AcmeClient and HAProxy integration is enabled.
             // NOTE: We provide HAProxy integration no matter if the HAProxy plugin
             //       is actually enabled or not. This should avoid confusion.
             if ((string)$mdlAcme->settings->haproxyIntegration == "1" and
                 (string)$mdlAcme->settings->enabled == "1") {
-                $mdlHAProxy = new HAProxy();
+                $mdlHAProxy = new \OPNsense\HAProxy\HAProxy();
                 $backend = new Backend();
 
                 // Get current status of HAProxy integration by running various checks.

security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/settings.xml

@@ -21,7 +21,7 @@
         <id>acmeclient.settings.haproxyIntegration</id>
         <label>HAProxy Integration</label>
         <type>checkbox</type>
-        <help><![CDATA[Enable automatic integration with the OPNsense HAProxy plugin. This will automatically add the required backend, server, action and ACL for you. You just need to select your HAProxy frontend when configuration the certificate or validation method. <div class="text-info"><b>NOTE:</b>This will only work for HTTP-01 validation and HAProxy frontends running in <i>http</i> mode; TCP frontends are not supported.</div>]]></help>
+        <help><![CDATA[Enable automatic integration with the OPNsense HAProxy plugin. <b>Requires that the OPNsense HAProxy plugin is installed.</b> This will automatically add the required backend, server, action and ACL for you. You just need to select your HAProxy frontend when configuration the certificate or validation method. <div class="text-info"><b>NOTE:</b>This will only work for HTTP-01 validation and HAProxy frontends running in <i>http</i> mode; TCP frontends are not supported.</div>]]></help>
     </field>
     <field>
         <id>acmeclient.settings.challengePort</id>

security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.php

@@ -30,6 +30,7 @@
 namespace OPNsense\AcmeClient;
 
 use OPNsense\Base\BaseModel;
+use OPNsense\Core\Backend;
 
 /**
  * Class AcmeClient
@@ -88,4 +89,52 @@ class AcmeClient extends BaseModel
         return null;
     }
 
+    /**
+     * check if the specfied plugin is installed
+     * @param $name plugin/package name
+     * @return bool is the plugin installed
+     */
+    public function isPluginInstalled($name)
+    {
+        // NOTE: Based on infoAction() from Core/Api/FirmwareController.php
+        // FIXME: Should be replaced by a Core function sooner or later.
+
+        $backend = new Backend();
+        $keys = array('name', 'version', 'comment', 'flatsize', 'locked', 'license');
+        $plugins = array();
+
+        // Only check local package data for performance reasons
+        $current = $backend->configdRun("firmware local");
+        $current = explode("\n", trim($current));
+
+        foreach ($current as $line) {
+            /* package infos are flat lists with 3 pipes as delimiter */
+            $expanded = explode('|||', $line);
+            $translated = array();
+            $index = 0;
+            if (count($expanded) != count($keys)) {
+                continue;
+            }
+            foreach ($keys as $key) {
+                $translated[$key] = $expanded[$index++];
+            }
+
+            /* mark local packages as "installed" */
+            $translated['installed'] = "1";
+
+            /* figure out local and remote plugins */
+            $plugin = explode('-', $translated['name']);
+            if (count($plugin)) {
+                if ($plugin[0] == 'os' || $plugin[0] == 'ospriv') {
+                    $plugins[$translated['name']] = $translated;
+                }
+            }
+        }
+
+        if (isset($plugins[$name]) and $plugins[$name]['installed'] == "1") {
+            return 1; // TRUE, is installed
+        } else {
+            return 0; // FALSE, is not installed
+        }
+    }
 }

security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml

@@ -44,7 +44,7 @@
                 <Required>Y</Required>
             </challengePort>
             <haproxyIntegration type="BooleanField">
-                <default>1</default>
+                <default>0</default>
                 <Required>N</Required>
             </haproxyIntegration>
             <haproxyAclRef type="ModelRelationField">