Commit f52de04d authored by Michael Fürmann's avatar Michael Fürmann

Handle host-specific ssl certificates

parent 029167ad
......@@ -33,6 +33,16 @@ stop()
$METRONOME stop >> /dev/null
}
reload()
{
&METRONOME reload >> /dev/null
}
restart()
{
&METRONOME restart >> /dev/null
}
case "$1" in
start)
echo -n "Starting Metronome..."
......@@ -42,13 +52,16 @@ case "$1" in
echo -n "Stopping Metronome..."
stop &
;;
reload)
echo -n "Reloading Metronome config..."
reload &
;;
restart)
echo -n "Restarting Metronome..."
stop &
start &
restart &
;;
*)
echo "Usage: $0 {start|stop|restart}" >&2
echo "Usage: $0 {start|stop|reload|restart}" >&2
exit 1
;;
esac
......
......@@ -48,6 +48,18 @@ CREATE TABLE `xmpp_domain` (
`http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
`use_status_host` enum('n','y') NOT NULL DEFAULT 'n',
`ssl_state` varchar(255) NULL,
`ssl_locality` varchar(255) NULL,
`ssl_organisation` varchar(255) NULL,
`ssl_organisation_unit` varchar(255) NULL,
`ssl_country` varchar(255) NULL,
`ssl_email` varchar(255) NULL,
`ssl_request` mediumtext NULL,
`ssl_cert` mediumtext NULL,
`ssl_bundle` mediumtext NULL,
`ssl_key` mediumtext NULL,
`ssl_action` varchar(16) NULL,
`active` enum('n','y') NOT NULL DEFAULT 'n',
PRIMARY KEY (`domain_id`),
KEY `server_id` (`server_id`,`domain`),
......
......@@ -2002,6 +2002,18 @@ CREATE TABLE `xmpp_domain` (
`http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
`use_status_host` enum('n','y') NOT NULL DEFAULT 'n',
`ssl_state` varchar(255) NULL,
`ssl_locality` varchar(255) NULL,
`ssl_organisation` varchar(255) NULL,
`ssl_organisation_unit` varchar(255) NULL,
`ssl_country` varchar(255) NULL,
`ssl_email` varchar(255) NULL,
`ssl_request` mediumtext NULL,
`ssl_cert` mediumtext NULL,
`ssl_bundle` mediumtext NULL,
`ssl_key` mediumtext NULL,
`ssl_action` varchar(16) NULL,
`active` enum('n','y') NOT NULL DEFAULT 'n',
PRIMARY KEY (`domain_id`),
KEY `server_id` (`server_id`,`domain`),
......
......@@ -280,5 +280,128 @@ $form["tabs"]['muc'] = array (
)
);
$form["tabs"]['ssl'] = array (
'title' => "SSL",
'width' => 100,
'template' => "templates/xmpp_domain_edit_ssl.htm",
'readonly' => false,
'fields' => array (
//#################################
// Begin Datatable fields
//#################################
'ssl_state' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
'errmsg'=> 'ssl_state_error_regex'),
),
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'ssl_locality' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
'errmsg'=> 'ssl_locality_error_regex'),
),
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'ssl_organisation' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
'errmsg'=> 'ssl_organisation_error_regex'),
),
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'ssl_organisation_unit' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
'errmsg'=> 'ssl_organistaion_unit_error_regex'),
),
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255'
),
'ssl_country' => array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
'default' => '',
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT iso,printable_name FROM country ORDER BY printable_name',
'keyfield'=> 'iso',
'valuefield'=> 'printable_name'
),
'value' => ''
),
'ssl_email' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'default' => '',
'value' => '',
'width' => '30',
'maxlength' => '255',
'validators' => array ( 0 => array ( 'type' => 'ISEMAIL',
'errmsg'=> 'ssl_error_isemail')
),
),
'ssl_key' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
'default' => '',
'value' => '',
'cols' => '30',
'rows' => '10'
),
'ssl_request' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
'default' => '',
'value' => '',
'cols' => '30',
'rows' => '10'
),
'ssl_cert' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
'default' => '',
'value' => '',
'cols' => '30',
'rows' => '10'
),
'ssl_bundle' => array (
'datatype' => 'TEXT',
'formtype' => 'TEXTAREA',
'default' => '',
'value' => '',
'cols' => '30',
'rows' => '10'
),
'ssl_action' => array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
'default' => '',
'value' => array('' => 'none_txt', 'save' => 'save_certificate_txt', 'create' => 'create_certificate_txt', 'del' => 'delete_certificate_txt')
),
//#################################
// ENDE Datatable fields
//#################################
)
);
?>
......@@ -30,4 +30,32 @@ $wb["cant_change_domainname_txt"] = 'The Domain name of existing XMPP domain can
$wb["about_registration_url_txt"] = 'Link to your registration form.';
$wb["about_registration_message_txt"] = 'Description about your account registration process.';
$wb["no_corresponding_maildomain_txt"] = 'Corresponding mail domain for user management not found. Please create the mail domain first.';
$wb['ssl_state_txt'] = 'State';
$wb['ssl_locality_txt'] = 'Locality';
$wb['ssl_organisation_txt'] = 'Organisation';
$wb['ssl_organisation_unit_txt'] = 'Organisation Unit';
$wb['ssl_country_txt'] = 'Country';
$wb['ssl_key_txt'] = 'SSL Key';
$wb['ssl_request_txt'] = 'SSL Request';
$wb['ssl_cert_txt'] = 'SSL Certificate';
$wb['ssl_bundle_txt'] = 'SSL Bundle';
$wb['ssl_action_txt'] = 'SSL Action';
$wb['ssl_email_txt'] = 'Email Address';
$wb['ssl_txt'] = 'SSL';
$wb['error_ssl_state_empty'] = 'SSL State is empty.';
$wb['error_ssl_locality_empty'] = 'SSL Locality is empty.';
$wb['error_ssl_organisation_empty'] = 'SSL Organisation is empty.';
$wb['error_ssl_organisation_unit_empty'] = 'SSL Organisation Unit is empty.';
$wb['error_ssl_country_empty'] = 'SSL Country is empty.';
$wb['error_ssl_cert_empty'] = 'SSL Certificate field is empty';
$wb['ssl_state_error_regex'] = 'Invalid SSL State. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
$wb['ssl_locality_error_regex'] = 'Invalid SSL Locality. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
$wb['ssl_organisation_error_regex'] = 'Invalid SSL Organisation. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
$wb['ssl_organistaion_unit_error_regex'] = 'Invalid SSL Organisation Unit. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
$wb['ssl_country_error_regex'] = 'Invalid SSL Country. Valid characters are: A-Z';
$wb['none_txt'] = 'None';
$wb['save_certificate_txt'] = 'Save certificate';
$wb['create_certificate_txt'] = 'Create certificate';
$wb['delete_certificate_txt'] = 'Delete certificate';
$wb['ssl_error_isemail'] = 'Please enter a valid email adress for generation of the SSL certificate';
?>
<div class='page-header'>
<h1><tmpl_var name="list_head_txt"></h1>
</div>
<p><tmpl_var name="list_desc_txt"></p>
<tmpl_if name="config_error_msg">
<div style="background: #ffdfdf; border: 1px solid #df7d7d; border-width: 1px 0; margin: 1.5em 0 1.5em 0; padding: 7px;">
<p style="font-face:bold">{tmpl_var name='configuration_error_txt'}</p>
<div>
<div style="float:left;width:150px;">{tmpl_var name='config_error_tstamp'} :&nbsp;</div><div style="padding-left:150px;">{tmpl_var name='config_error_msg'}</div>
</div>
</div>
</tmpl_if>
<tmpl_if name='show_helper_links'>
<div id="show_helper_links" style="display:none;">
<label></label>
<div class="col-sm-9">
<a href="javascript:void(0);" id="load_data"><tmpl_if name='is_admin'>{tmpl_var name='load_client_data_txt'}</tmpl_else>{tmpl_var name='load_my_data_txt'}</tmpl_if></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="javascript:void(0);" id="reset_data">{tmpl_var name='reset_client_data_txt'}</a>
</div>
</div>
</tmpl_if>
<div class="form-group">
<label for="ssl_state" class="col-sm-3 control-label">{tmpl_var name='ssl_state_txt'}</label>
<div class="col-sm-9"><input type="text" name="ssl_state" id="ssl_state" value="{tmpl_var name='ssl_state'}" class="form-control" /></div></div>
<div class="form-group">
<label for="ssl_locality" class="col-sm-3 control-label">{tmpl_var name='ssl_locality_txt'}</label>
<div class="col-sm-9"><input type="text" name="ssl_locality" id="ssl_locality" value="{tmpl_var name='ssl_locality'}" class="form-control" /></div></div>
<div class="form-group">
<label for="ssl_organisation" class="col-sm-3 control-label">{tmpl_var name='ssl_organisation_txt'}</label>
<div class="col-sm-9"><input type="text" name="ssl_organisation" id="ssl_organisation" value="{tmpl_var name='ssl_organisation'}" class="form-control" /></div></div>
<div class="form-group">
<label for="ssl_organisation_unit" class="col-sm-3 control-label">{tmpl_var name='ssl_organisation_unit_txt'}</label>
<div class="col-sm-9"><input type="text" name="ssl_organisation_unit" id="ssl_organisation_unit" value="{tmpl_var name='ssl_organisation_unit'}" class="form-control" /></div></div>
<div class="form-group">
<label for="ssl_country" class="col-sm-3 control-label">{tmpl_var name='ssl_country_txt'}</label>
<div class="col-sm-9"><select name="ssl_country" id="ssl_country" class="form-control flags">
{tmpl_var name='ssl_country'}
</select></div>
</div>
<div class="form-group">
<label for="ssl_email" class="col-sm-3 control-label">{tmpl_var name='ssl_email_txt'}</label>
<div class="col-sm-9"><input type="email" name="ssl_email" id="ssl_email" value="{tmpl_var name='ssl_email'}" class="form-control" /></div></div>
<div class="form-group">
<label for="ssl_request" class="col-sm-3 control-label">{tmpl_var name='ssl_key_txt'}</label>
<div class="col-sm-9"><textarea class="form-control" name="ssl_key" id="ssl_key" rows='10' cols='30'>{tmpl_var name='ssl_key'}</textarea></div>
</div>
<div class="form-group">
<label for="ssl_request" class="col-sm-3 control-label">{tmpl_var name='ssl_request_txt'}</label>
<div class="col-sm-9"><textarea class="form-control" name="ssl_request" id="ssl_request" rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea></div>
</div>
<div class="form-group">
<label for="ssl_cert" class="col-sm-3 control-label">{tmpl_var name='ssl_cert_txt'}</label>
<div class="col-sm-9"><textarea class="form-control" name="ssl_cert" id="ssl_cert" rows='10' cols='30'>{tmpl_var name='ssl_cert'}</textarea></div>
</div>
<div class="form-group">
<label for="ssl_action" class="col-sm-3 control-label">{tmpl_var name='ssl_action_txt'}</label>
<div class="col-sm-9"><select name="ssl_action" id="ssl_action" class="form-control">
{tmpl_var name='ssl_action'}
</select></div>
</div>
<input type="hidden" name="id" value="{tmpl_var name='id'}">
<input type="hidden" name="type" value="ssl">
<div class="clear"><div class="right">
<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="mail/xmpp_domain_edit.php">{tmpl_var name='btn_save_txt'}</button>
<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="mail/xmpp_domain_list.php">{tmpl_var name='btn_cancel_txt'}</button>
</div></div>
<script>
<!--
<tmpl_if name='show_helper_links'>
if($("input[name=id]").val() > 0) $('#show_helper_links:hidden').show();
$('#reset_data').click(function(){
$('#ssl_organisation').add('#ssl_locality').add('#ssl_state').add('#ssl_organisation_unit').val('');
$('#ssl_country').val($("#ssl_country option:first").val());
});
$('#load_data').click(function(){
loadClientData();
});
function loadClientData() {
var web_id = $("input[name=id]").val();
jQuery.getJSON('sites/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {'web_id': web_id, 'type': "getclientssldata"}, function(data) {
$('#ssl_organisation').val(data['company_name']);
$('#ssl_locality').val(data['city']);
$('#ssl_country').val(data['country']);
$('#ssl_state').val(data['state']);
$('#ssl_organisation_unit').val('IT');
});
}
</tmpl_if>
//-->
</script>
\ No newline at end of file
......@@ -49,14 +49,16 @@ $app->uses('tpl,tform,tform_actions,tools_sites');
$app->load('tform_actions');
class page_action extends tform_actions {
var $_xmpp_type = 'domain';
var $_xmpp_type = 'server';
function onLoad() {
$show_type = 'server';
if(isset($_GET['type']) && $_GET['type'] == 'modules') {
if(isset($_REQUEST['type']) && $_REQUEST['type'] == 'modules') {
$show_type = 'modules';
} elseif(isset($_GET['type']) && $_GET['type'] == 'muc') {
} elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'muc') {
$show_type = 'muc';
}elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'ssl') {
$show_type = 'ssl';
}
$_SESSION['s']['var']['xmpp_type'] = $show_type;
......@@ -363,6 +365,21 @@ class page_action extends tform_actions {
}
}
if($this->_xmpp_type == 'ssl'){
//* Check that all fields for the SSL cert creation are filled
if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'create') {
if($this->dataRecord['ssl_state'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_state_empty').'<br />';
if($this->dataRecord['ssl_locality'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_locality_empty').'<br />';
if($this->dataRecord['ssl_organisation'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_empty').'<br />';
if($this->dataRecord['ssl_organisation_unit'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_unit_empty').'<br />';
if($this->dataRecord['ssl_country'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_country_empty').'<br />';
}
if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'save') {
if(trim($this->dataRecord['ssl_cert']) == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_cert_empty').'<br />';
}
}
//* make sure that the xmpp domain is lowercase
if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
......
......@@ -52,12 +52,12 @@ VirtualHost "{tmpl_var name='domain'}"
admins = {
{tmpl_var name='domain_admins'}
};
-- TODO: SSL Certs for Hosts
-- ssl = {
-- key = "/var/lib/metronome/iplay-esports.de.key",
-- certificate = "/var/lib/metronome/iplay-esports.de.crt",
-- };
<tmpl_if name='ssl_cert' op='==' value='true'>
ssl = {
key = "/etc/metronome/certs/{tmpl_var name='domain'}.key",
certificate = "/etc/metronome/certs/{tmpl_var name='domain'}.cert",
};
</tmpl_if>
<tmpl_if name='use_proxy' op='==' value='true'>
VirtualHost "anon.{tmpl_var name='domain'}"
......
oid_section = new_oids
[ new_oids ]
# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5
# RFC 4985 defines this OID
SRVName = 1.3.6.1.5.5.7.8.7
[ req ]
default_bits = 4096
default_keyfile = {tmpl_var name='domain'}.key
distinguished_name = distinguished_name
req_extensions = v3_extensions
x509_extensions = v3_extensions
# ask about the DN?
prompt = no
[ distinguished_name ]
commonName = {tmpl_var name='domain'}
countryName = {tmpl_var name='ssl_country'}
localityName = {tmpl_var name='ssl_locality'}
organizationName = {tmpl_var name='ssl_organisation'}
organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
emailAddress = {tmpl_var name='ssl_email'}
[ v3_extensions ]
# for certificate requests (req_extensions)
# and self-signed certificates (x509_extensions)
basicConstraints = CA:FALSE
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @subject_alternative_name
[ subject_alternative_name ]
# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
DNS.0 = {tmpl_var name='domain'}
otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}
DNS.1 = muc.{tmpl_var name='domain'}
otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:muc.{tmpl_var name='domain'}
otherName.4 = SRVName;IA5STRING:_xmpp-server.muc.{tmpl_var name='domain'}
DNS.2 = pubsub.{tmpl_var name='domain'}
otherName.5 = xmppAddr;FORMAT:UTF8,UTF8:pubsub.{tmpl_var name='domain'}
otherName.6 = SRVName;IA5STRING:_xmpp-server.pubsub.{tmpl_var name='domain'}
DNS.3 = anon.{tmpl_var name='domain'}
otherName.7 = xmppAddr;FORMAT:UTF8,UTF8:anon.{tmpl_var name='domain'}
otherName.8 = SRVName;IA5STRING:_xmpp-server.anon.{tmpl_var name='domain'}
DNS.4 = xmpp.{tmpl_var name='domain'}
otherName.9 = xmppAddr;FORMAT:UTF8,UTF8:xmpp.{tmpl_var name='domain'}
otherName.10= SRVName;IA5STRING:_xmpp-server.xmpp.{tmpl_var name='domain'}
DNS.5 = proxy.{tmpl_var name='domain'}
otherName.11= xmppAddr;FORMAT:UTF8,UTF8:proxy.{tmpl_var name='domain'}
otherName.12= SRVName;IA5STRING:_xmpp-server.proxy.{tmpl_var name='domain'}
DNS.6 = vjud.{tmpl_var name='domain'}
otherName.13= xmppAddr;FORMAT:UTF8,UTF8:vjud.{tmpl_var name='domain'}
otherName.14= SRVName;IA5STRING:_xmpp-server.vjud.{tmpl_var name='domain'}
\ No newline at end of file
......@@ -79,6 +79,8 @@ class xmpp_module {
*/
$app->modules->registerTableHook('xmpp_domain', 'xmpp_module', 'process');
$app->services->registerService('metronome', 'xmpp_module', 'reloadXMPP');
$app->services->registerService('metronome', 'xmpp_module', 'restartXMPP');
}
......@@ -104,6 +106,26 @@ class xmpp_module {
} // end switch
} // end function
function restartXMPP($action = 'restart') {
global $app, $conf;
// load the server configuration options
$app->uses('getconf,system');
$xmpp_config = $app->getconf->get_server_config($conf['server_id'], 'xmpp');
$daemon = 'metronome';
$retval = array('output' => '', 'retval' => 0);
if($action == 'restart') {
$cmd = $app->system->getinitcommand($daemon, 'restart');
} else {
$cmd = $app->system->getinitcommand($daemon, 'reload');
}
exec($cmd.' 2>&1', $retval['output'], $retval['retval']);
$app->log("Restarting xmpp: $cmd", LOGLEVEL_DEBUG);
return $retval;
}
} // end class
?>
......@@ -38,6 +38,10 @@ class xmpp_plugin {
var $xmpp_config_dir = '/etc/metronome';
var $ssl_certificate_changed = false;
var $ssl_certificate_deleted = false;
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall() {
......@@ -64,6 +68,11 @@ class xmpp_plugin {
$app->plugins->registerEvent('server_insert', 'xmpp_plugin', 'insert');
$app->plugins->registerEvent('server_update', 'xmpp_plugin', 'update');
$app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'ssl');
$app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'ssl');
$app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'ssl');
$app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'domainInsert');
$app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'domainUpdate');
$app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'domainDelete');
......@@ -193,6 +202,10 @@ class xmpp_plugin {
}
// Check for SSL
if(strlen($data['new']['ssl_cert']) && strlen($data['new']['ssl_key']) && !$this->ssl_certificate_deleted || $this->ssl_certificate_changed)
$tpl->setVar('ssl_cert', true);
$app->system->file_put_contents($this->xmpp_config_dir.'/hosts/'.$data['new']['domain'].'.cfg.lua', $tpl->grab());
unset($tpl);
......@@ -207,7 +220,7 @@ class xmpp_plugin {
unset($tpl);
}
$app->services->restartServiceDelayed('metronome', 'restart');
$app->services->restartServiceDelayed('metronome', 'reload');
}
function domainDelete($event_name, $data){
......@@ -253,6 +266,131 @@ class xmpp_plugin {
exec('metronomectl deluser '.$data['old']['jid']);
}
// Handle the creation of SSL certificates
function ssl($event_name, $data) {
global $app, $conf;
$app->uses('system,tpl');
// load the server configuration options
$app->uses('getconf');
$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
$ssl_dir = '/etc/metronome/certs';
$domain = $data['new']['domain'];
$cnf_file = $ssl_dir.'/'.$domain.'.cnf';
$key_file = $ssl_dir.'/'.$domain.'.key';
$csr_file = $ssl_dir.'/'.$domain.'.csr';
$crt_file = $ssl_dir.'/'.$domain.'.cert';
//* Create a SSL Certificate, but only if this is not a mirror server.
if($data['new']['ssl_action'] == 'create' && $conf['mirror_server_id'] == 0) {
$this->ssl_certificate_changed = true;
//* Rename files if they exist
if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
if(file_exists($key_file)){
$app->system->rename($key_file, $key_file.'.bak');
$app->system->chmod($key_file.'.bak', 0400);
$app->system->chown($key_file.'.bak', 'metronome');
}
if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');
// Write new CNF file
$tpl = new tpl();
$tpl->newTemplate('metronome_conf_ssl.master');
$tpl->setVar('domain', $domain);
$tpl->setVar('ssl_country', $data['new']['ssl_country']);
$tpl->setVar('ssl_locality', $data['new']['ssl_locality']);
$tpl->setVar('ssl_organisation', $data['new']['ssl_organisation']);
$tpl->setVar('ssl_organisation_unit', $data['new']['ssl_organisation_unit']);
$tpl->setVar('ssl_email', $data['new']['ssl_email']);
$app->system->file_put_contents($cnf_file, $tpl->grab());
// Generate new key, csr and cert
exec("(cd /etc/metronome/certs && make $domain.key)");
exec("(cd /etc/metronome/certs && make $domain.csr)");
exec("(cd /etc/metronome/certs && make $domain.cert)");
$ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
$app->system->chmod($key_file, 0400);
$app->system->chown($key_file, 'metronome');
$ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
$ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
/* Update the DB of the (local) Server */
$app->db->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
$app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
$app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
$app->log('Creating XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
<