From 6886b5f88b11e6de9eaaba7e64867c150328f98d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20F=C3=BCrmann?= <michael@spicyweb.de>
Date: Tue, 3 Mar 2015 19:24:24 +0100
Subject: [PATCH] closes #4 certificate creation during installation

---
 install/lib/installer_base.lib.php    | 43 +++++++++++++++++++++++-
 install/tpl/metronome_conf_ssl.master | 48 +++++++++++++++++++++++++++
 2 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100644 install/tpl/metronome_conf_ssl.master

diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index acaaf3bfd6..8fd18627ad 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1349,6 +1349,30 @@ class installer_base {
         $content = str_replace('{server_id}', $conf['server_id'], $content);
         wf($full_file_name, $content);
 
+        // Create SSL Certificate for localhost
+        echo "writing new private key to 'localhost.key'\n-----\n";
+        $ssl_country = $this->free_query('Country Name (2 letter code)', 'AU');
+        $ssl_locality = $this->free_query('Locality Name (eg, city)', '');
+        $ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd');
+        $ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', '');
+        $ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname']);
+        $ssl_email = $this->free_query('Email Address', '');
+
+        $tpl = new tpl('metronome_conf_ssl.master');
+        $tpl->setVar('ssl_country',$ssl_country);
+        $tpl->setVar('ssl_locality',$ssl_locality);
+        $tpl->setVar('ssl_organisation',$ssl_organisation);
+        $tpl->setVar('ssl_organisation_unit',$ssl_organisation_unit);
+        $tpl->setVar('domain',$ssl_domain);
+        $tpl->setVar('ssl_email',$ssl_email);
+        wf('/etc/metronome/certs/localhost.cnf', $tpl->grab());
+        unset($tpl);
+        // Generate new key, csr and cert
+        exec("(cd /etc/metronome/certs && make localhost.key)");
+        exec("(cd /etc/metronome/certs && make localhost.csr)");
+        exec("(cd /etc/metronome/certs && make localhost.cert)");
+        exec('chmod 0400 /etc/metronome/certs/localhost.key');
+        exec('chown metronome /etc/metronome/certs/localhost.key');
 
         // Copy init script
         caselog('cp -f apps/metronome-init /etc/init.d/metronome', __FILE__, __LINE__);
@@ -1356,7 +1380,24 @@ class installer_base {
 
         exec($this->getinitcommand('xmpp', 'restart'));
 
-
+/*
+writing new private key to 'smtpd.key'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:
+State or Province Name (full name) [Some-State]:
+Locality Name (eg, city) []:
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:
+Organizational Unit Name (eg, section) []:
+Common Name (e.g. server FQDN or YOUR name) []:
+Email Address []:
+ * */
 
         /*// Dont just copy over the virtualhost template but add some custom settings
         $tpl = new tpl('apache_apps.vhost.master');
diff --git a/install/tpl/metronome_conf_ssl.master b/install/tpl/metronome_conf_ssl.master
new file mode 100644
index 0000000000..922dfd22a1
--- /dev/null
+++ b/install/tpl/metronome_conf_ssl.master
@@ -0,0 +1,48 @@
+oid_section = new_oids
+
+[ new_oids ]
+
+# RFC 3920 section 5.1.1 defines this OID
+xmppAddr = 1.3.6.1.5.5.7.8.5
+
+# RFC 4985 defines this OID
+SRVName  = 1.3.6.1.5.5.7.8.7
+
+[ req ]
+
+default_bits       = 4096
+default_keyfile    = {tmpl_var name='domain'}.key
+distinguished_name = distinguished_name
+req_extensions     = v3_extensions
+x509_extensions    = v3_extensions
+
+# ask about the DN?
+prompt = no
+
+[ distinguished_name ]
+
+commonName             = {tmpl_var name='domain'}
+countryName            = {tmpl_var name='ssl_country'}
+localityName           = {tmpl_var name='ssl_locality'}
+organizationName       = {tmpl_var name='ssl_organisation'}
+organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
+emailAddress           = {tmpl_var name='ssl_email'}
+
+[ v3_extensions ]
+
+# for certificate requests (req_extensions)
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:FALSE
+keyUsage         = digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth,clientAuth
+subjectAltName   = @subject_alternative_name
+
+[ subject_alternative_name ]
+
+# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
+
+DNS.0       =                                           {tmpl_var name='domain'}
+otherName.0 =                 xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
+otherName.1 =            SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
+otherName.2 =            SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}
\ No newline at end of file
-- 
GitLab