diff --git a/install/apps/metronome-init b/install/apps/metronome-init
index e10ef3c32e276863f475c2b5d5f578e1ec04df67..78ba7ea14accccbc866cf1294c88f68f0821e8fc 100644
--- a/install/apps/metronome-init
+++ b/install/apps/metronome-init
@@ -33,6 +33,16 @@ stop()
$METRONOME stop >> /dev/null
}
+reload()
+{
+ &METRONOME reload >> /dev/null
+}
+
+restart()
+{
+ &METRONOME restart >> /dev/null
+}
+
case "$1" in
start)
echo -n "Starting Metronome..."
@@ -42,13 +52,16 @@ case "$1" in
echo -n "Stopping Metronome..."
stop &
;;
+ reload)
+ echo -n "Reloading Metronome config..."
+ reload &
+ ;;
restart)
echo -n "Restarting Metronome..."
- stop &
- start &
+ restart &
;;
*)
- echo "Usage: $0 {start|stop|restart}" >&2
+ echo "Usage: $0 {start|stop|reload|restart}" >&2
exit 1
;;
esac
diff --git a/install/sql/incremental/upd_0081.sql b/install/sql/incremental/upd_0081.sql
index ce16a5b1bd4625edfd00f4983caf2840bcee96d1..5e6b90ecd4bd847dea8c3d7bfa58c37fd8167750 100644
--- a/install/sql/incremental/upd_0081.sql
+++ b/install/sql/incremental/upd_0081.sql
@@ -48,6 +48,18 @@ CREATE TABLE `xmpp_domain` (
`http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
`use_status_host` enum('n','y') NOT NULL DEFAULT 'n',
+ `ssl_state` varchar(255) NULL,
+ `ssl_locality` varchar(255) NULL,
+ `ssl_organisation` varchar(255) NULL,
+ `ssl_organisation_unit` varchar(255) NULL,
+ `ssl_country` varchar(255) NULL,
+ `ssl_email` varchar(255) NULL,
+ `ssl_request` mediumtext NULL,
+ `ssl_cert` mediumtext NULL,
+ `ssl_bundle` mediumtext NULL,
+ `ssl_key` mediumtext NULL,
+ `ssl_action` varchar(16) NULL,
+
`active` enum('n','y') NOT NULL DEFAULT 'n',
PRIMARY KEY (`domain_id`),
KEY `server_id` (`server_id`,`domain`),
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 22c58b1b5c485f3abe021aa7973f872e000c293f..f1e661a393b121494235ead7b12135fed9aafbd4 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -2002,6 +2002,18 @@ CREATE TABLE `xmpp_domain` (
`http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
`use_status_host` enum('n','y') NOT NULL DEFAULT 'n',
+ `ssl_state` varchar(255) NULL,
+ `ssl_locality` varchar(255) NULL,
+ `ssl_organisation` varchar(255) NULL,
+ `ssl_organisation_unit` varchar(255) NULL,
+ `ssl_country` varchar(255) NULL,
+ `ssl_email` varchar(255) NULL,
+ `ssl_request` mediumtext NULL,
+ `ssl_cert` mediumtext NULL,
+ `ssl_bundle` mediumtext NULL,
+ `ssl_key` mediumtext NULL,
+ `ssl_action` varchar(16) NULL,
+
`active` enum('n','y') NOT NULL DEFAULT 'n',
PRIMARY KEY (`domain_id`),
KEY `server_id` (`server_id`,`domain`),
diff --git a/interface/web/mail/form/xmpp_domain.tform.php b/interface/web/mail/form/xmpp_domain.tform.php
index b2db7f8f2ba2951c3ddefd5360f7c0cf1b0d48de..5934497184e6ae6c63eaddc47ef6805d6a229692 100644
--- a/interface/web/mail/form/xmpp_domain.tform.php
+++ b/interface/web/mail/form/xmpp_domain.tform.php
@@ -280,5 +280,128 @@ $form["tabs"]['muc'] = array (
)
);
+$form["tabs"]['ssl'] = array (
+ 'title' => "SSL",
+ 'width' => 100,
+ 'template' => "templates/xmpp_domain_edit_ssl.htm",
+ 'readonly' => false,
+ 'fields' => array (
+ //#################################
+ // Begin Datatable fields
+ //#################################
+ 'ssl_state' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
+ 'errmsg'=> 'ssl_state_error_regex'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'ssl_locality' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
+ 'errmsg'=> 'ssl_locality_error_regex'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'ssl_organisation' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
+ 'errmsg'=> 'ssl_organisation_error_regex'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'ssl_organisation_unit' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'validators' => array ( 0 => array ( 'type' => 'REGEX',
+ 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
+ 'errmsg'=> 'ssl_organistaion_unit_error_regex'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255'
+ ),
+ 'ssl_country' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'default' => '',
+ 'datasource' => array ( 'type' => 'SQL',
+ 'querystring' => 'SELECT iso,printable_name FROM country ORDER BY printable_name',
+ 'keyfield'=> 'iso',
+ 'valuefield'=> 'printable_name'
+ ),
+ 'value' => ''
+ ),
+ 'ssl_email' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '',
+ 'value' => '',
+ 'width' => '30',
+ 'maxlength' => '255',
+ 'validators' => array ( 0 => array ( 'type' => 'ISEMAIL',
+ 'errmsg'=> 'ssl_error_isemail')
+ ),
+ ),
+ 'ssl_key' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'cols' => '30',
+ 'rows' => '10'
+ ),
+ 'ssl_request' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'cols' => '30',
+ 'rows' => '10'
+ ),
+ 'ssl_cert' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'cols' => '30',
+ 'rows' => '10'
+ ),
+ 'ssl_bundle' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXTAREA',
+ 'default' => '',
+ 'value' => '',
+ 'cols' => '30',
+ 'rows' => '10'
+ ),
+ 'ssl_action' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'default' => '',
+ 'value' => array('' => 'none_txt', 'save' => 'save_certificate_txt', 'create' => 'create_certificate_txt', 'del' => 'delete_certificate_txt')
+ ),
+ //#################################
+ // ENDE Datatable fields
+ //#################################
+ )
+);
+
?>
diff --git a/interface/web/mail/lib/lang/en_xmpp_domain.lng b/interface/web/mail/lib/lang/en_xmpp_domain.lng
index 86abd2b0c75febacfa64ab6ad729adfd00a4ff67..9e2924cb9161939905113ceb8ea9834c4d6f996c 100644
--- a/interface/web/mail/lib/lang/en_xmpp_domain.lng
+++ b/interface/web/mail/lib/lang/en_xmpp_domain.lng
@@ -30,4 +30,32 @@ $wb["cant_change_domainname_txt"] = 'The Domain name of existing XMPP domain can
$wb["about_registration_url_txt"] = 'Link to your registration form.';
$wb["about_registration_message_txt"] = 'Description about your account registration process.';
$wb["no_corresponding_maildomain_txt"] = 'Corresponding mail domain for user management not found. Please create the mail domain first.';
+$wb['ssl_state_txt'] = 'State';
+$wb['ssl_locality_txt'] = 'Locality';
+$wb['ssl_organisation_txt'] = 'Organisation';
+$wb['ssl_organisation_unit_txt'] = 'Organisation Unit';
+$wb['ssl_country_txt'] = 'Country';
+$wb['ssl_key_txt'] = 'SSL Key';
+$wb['ssl_request_txt'] = 'SSL Request';
+$wb['ssl_cert_txt'] = 'SSL Certificate';
+$wb['ssl_bundle_txt'] = 'SSL Bundle';
+$wb['ssl_action_txt'] = 'SSL Action';
+$wb['ssl_email_txt'] = 'Email Address';
+$wb['ssl_txt'] = 'SSL';
+$wb['error_ssl_state_empty'] = 'SSL State is empty.';
+$wb['error_ssl_locality_empty'] = 'SSL Locality is empty.';
+$wb['error_ssl_organisation_empty'] = 'SSL Organisation is empty.';
+$wb['error_ssl_organisation_unit_empty'] = 'SSL Organisation Unit is empty.';
+$wb['error_ssl_country_empty'] = 'SSL Country is empty.';
+$wb['error_ssl_cert_empty'] = 'SSL Certificate field is empty';
+$wb['ssl_state_error_regex'] = 'Invalid SSL State. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
+$wb['ssl_locality_error_regex'] = 'Invalid SSL Locality. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
+$wb['ssl_organisation_error_regex'] = 'Invalid SSL Organisation. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
+$wb['ssl_organistaion_unit_error_regex'] = 'Invalid SSL Organisation Unit. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
+$wb['ssl_country_error_regex'] = 'Invalid SSL Country. Valid characters are: A-Z';
+$wb['none_txt'] = 'None';
+$wb['save_certificate_txt'] = 'Save certificate';
+$wb['create_certificate_txt'] = 'Create certificate';
+$wb['delete_certificate_txt'] = 'Delete certificate';
+$wb['ssl_error_isemail'] = 'Please enter a valid email adress for generation of the SSL certificate';
?>
diff --git a/interface/web/mail/templates/xmpp_domain_edit_ssl.htm b/interface/web/mail/templates/xmpp_domain_edit_ssl.htm
new file mode 100644
index 0000000000000000000000000000000000000000..2bb7d059aade1ee4015a8041c0df6f45f38cacf5
--- /dev/null
+++ b/interface/web/mail/templates/xmpp_domain_edit_ssl.htm
@@ -0,0 +1,100 @@
+
+
+
+
+
+
{tmpl_var name='configuration_error_txt'}
+
+
{tmpl_var name='config_error_tstamp'} :
{tmpl_var name='config_error_msg'}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php
index 2844a2776a3ea153fc8c282aaca63ec57d9680a0..b30d4d14068a12870c6881b56f98f1a58c187c46 100644
--- a/interface/web/mail/xmpp_domain_edit.php
+++ b/interface/web/mail/xmpp_domain_edit.php
@@ -49,14 +49,16 @@ $app->uses('tpl,tform,tform_actions,tools_sites');
$app->load('tform_actions');
class page_action extends tform_actions {
- var $_xmpp_type = 'domain';
+ var $_xmpp_type = 'server';
function onLoad() {
$show_type = 'server';
- if(isset($_GET['type']) && $_GET['type'] == 'modules') {
+ if(isset($_REQUEST['type']) && $_REQUEST['type'] == 'modules') {
$show_type = 'modules';
- } elseif(isset($_GET['type']) && $_GET['type'] == 'muc') {
+ } elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'muc') {
$show_type = 'muc';
+ }elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'ssl') {
+ $show_type = 'ssl';
}
$_SESSION['s']['var']['xmpp_type'] = $show_type;
@@ -363,6 +365,21 @@ class page_action extends tform_actions {
}
}
+ if($this->_xmpp_type == 'ssl'){
+ //* Check that all fields for the SSL cert creation are filled
+ if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'create') {
+ if($this->dataRecord['ssl_state'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_state_empty').'
';
+ if($this->dataRecord['ssl_locality'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_locality_empty').'
';
+ if($this->dataRecord['ssl_organisation'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_empty').'
';
+ if($this->dataRecord['ssl_organisation_unit'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_unit_empty').'
';
+ if($this->dataRecord['ssl_country'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_country_empty').'
';
+ }
+
+ if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'save') {
+ if(trim($this->dataRecord['ssl_cert']) == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_cert_empty').'
';
+ }
+ }
+
//* make sure that the xmpp domain is lowercase
if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);
diff --git a/server/conf/metronome_conf_host.master b/server/conf/metronome_conf_host.master
index 2b4783202f91e587dc672d632c66f498f643ca16..179d533e19c532bdc498d938406a962cf877c437 100644
--- a/server/conf/metronome_conf_host.master
+++ b/server/conf/metronome_conf_host.master
@@ -52,12 +52,12 @@ VirtualHost "{tmpl_var name='domain'}"
admins = {
{tmpl_var name='domain_admins'}
};
--- TODO: SSL Certs for Hosts
--- ssl = {
--- key = "/var/lib/metronome/iplay-esports.de.key",
--- certificate = "/var/lib/metronome/iplay-esports.de.crt",
--- };
-
+
+ ssl = {
+ key = "/etc/metronome/certs/{tmpl_var name='domain'}.key",
+ certificate = "/etc/metronome/certs/{tmpl_var name='domain'}.cert",
+ };
+
VirtualHost "anon.{tmpl_var name='domain'}"
diff --git a/server/conf/metronome_conf_ssl.master b/server/conf/metronome_conf_ssl.master
new file mode 100644
index 0000000000000000000000000000000000000000..73ab3a8a3580313f9879c5e50ccd6a01c6e71547
--- /dev/null
+++ b/server/conf/metronome_conf_ssl.master
@@ -0,0 +1,72 @@
+oid_section = new_oids
+
+[ new_oids ]
+
+# RFC 3920 section 5.1.1 defines this OID
+xmppAddr = 1.3.6.1.5.5.7.8.5
+
+# RFC 4985 defines this OID
+SRVName = 1.3.6.1.5.5.7.8.7
+
+[ req ]
+
+default_bits = 4096
+default_keyfile = {tmpl_var name='domain'}.key
+distinguished_name = distinguished_name
+req_extensions = v3_extensions
+x509_extensions = v3_extensions
+
+# ask about the DN?
+prompt = no
+
+[ distinguished_name ]
+
+commonName = {tmpl_var name='domain'}
+countryName = {tmpl_var name='ssl_country'}
+localityName = {tmpl_var name='ssl_locality'}
+organizationName = {tmpl_var name='ssl_organisation'}
+organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
+emailAddress = {tmpl_var name='ssl_email'}
+
+[ v3_extensions ]
+
+# for certificate requests (req_extensions)
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth,clientAuth
+subjectAltName = @subject_alternative_name
+
+[ subject_alternative_name ]
+
+# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
+
+DNS.0 = {tmpl_var name='domain'}
+otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
+otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
+otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}
+
+DNS.1 = muc.{tmpl_var name='domain'}
+otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:muc.{tmpl_var name='domain'}
+otherName.4 = SRVName;IA5STRING:_xmpp-server.muc.{tmpl_var name='domain'}
+
+DNS.2 = pubsub.{tmpl_var name='domain'}
+otherName.5 = xmppAddr;FORMAT:UTF8,UTF8:pubsub.{tmpl_var name='domain'}
+otherName.6 = SRVName;IA5STRING:_xmpp-server.pubsub.{tmpl_var name='domain'}
+
+DNS.3 = anon.{tmpl_var name='domain'}
+otherName.7 = xmppAddr;FORMAT:UTF8,UTF8:anon.{tmpl_var name='domain'}
+otherName.8 = SRVName;IA5STRING:_xmpp-server.anon.{tmpl_var name='domain'}
+
+DNS.4 = xmpp.{tmpl_var name='domain'}
+otherName.9 = xmppAddr;FORMAT:UTF8,UTF8:xmpp.{tmpl_var name='domain'}
+otherName.10= SRVName;IA5STRING:_xmpp-server.xmpp.{tmpl_var name='domain'}
+
+DNS.5 = proxy.{tmpl_var name='domain'}
+otherName.11= xmppAddr;FORMAT:UTF8,UTF8:proxy.{tmpl_var name='domain'}
+otherName.12= SRVName;IA5STRING:_xmpp-server.proxy.{tmpl_var name='domain'}
+
+DNS.6 = vjud.{tmpl_var name='domain'}
+otherName.13= xmppAddr;FORMAT:UTF8,UTF8:vjud.{tmpl_var name='domain'}
+otherName.14= SRVName;IA5STRING:_xmpp-server.vjud.{tmpl_var name='domain'}
\ No newline at end of file
diff --git a/server/mods-available/xmpp_module.inc.php b/server/mods-available/xmpp_module.inc.php
index 145b7f0f5894de07ef2e72e0724661bc5e03d414..f8c1526e7392d5046df2e3ed7a3c891417c4c055 100644
--- a/server/mods-available/xmpp_module.inc.php
+++ b/server/mods-available/xmpp_module.inc.php
@@ -79,6 +79,8 @@ class xmpp_module {
*/
$app->modules->registerTableHook('xmpp_domain', 'xmpp_module', 'process');
+ $app->services->registerService('metronome', 'xmpp_module', 'reloadXMPP');
+ $app->services->registerService('metronome', 'xmpp_module', 'restartXMPP');
}
@@ -104,6 +106,26 @@ class xmpp_module {
} // end switch
} // end function
+
+ function restartXMPP($action = 'restart') {
+ global $app, $conf;
+
+ // load the server configuration options
+ $app->uses('getconf,system');
+ $xmpp_config = $app->getconf->get_server_config($conf['server_id'], 'xmpp');
+
+ $daemon = 'metronome';
+
+ $retval = array('output' => '', 'retval' => 0);
+ if($action == 'restart') {
+ $cmd = $app->system->getinitcommand($daemon, 'restart');
+ } else {
+ $cmd = $app->system->getinitcommand($daemon, 'reload');
+ }
+ exec($cmd.' 2>&1', $retval['output'], $retval['retval']);
+ $app->log("Restarting xmpp: $cmd", LOGLEVEL_DEBUG);
+ return $retval;
+ }
} // end class
?>
diff --git a/server/plugins-available/xmpp_plugin.inc.php b/server/plugins-available/xmpp_plugin.inc.php
index 312a2a9945a2fef0b861398350c7265dc5618992..2176cc513f2931e1797fdce660ea70619465b5cc 100644
--- a/server/plugins-available/xmpp_plugin.inc.php
+++ b/server/plugins-available/xmpp_plugin.inc.php
@@ -38,6 +38,10 @@ class xmpp_plugin {
var $xmpp_config_dir = '/etc/metronome';
+ var $ssl_certificate_changed = false;
+ var $ssl_certificate_deleted = false;
+
+
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
function onInstall() {
@@ -64,6 +68,11 @@ class xmpp_plugin {
$app->plugins->registerEvent('server_insert', 'xmpp_plugin', 'insert');
$app->plugins->registerEvent('server_update', 'xmpp_plugin', 'update');
+
+ $app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'ssl');
+ $app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'ssl');
+ $app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'ssl');
+
$app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'domainInsert');
$app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'domainUpdate');
$app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'domainDelete');
@@ -193,6 +202,10 @@ class xmpp_plugin {
}
+ // Check for SSL
+ if(strlen($data['new']['ssl_cert']) && strlen($data['new']['ssl_key']) && !$this->ssl_certificate_deleted || $this->ssl_certificate_changed)
+ $tpl->setVar('ssl_cert', true);
+
$app->system->file_put_contents($this->xmpp_config_dir.'/hosts/'.$data['new']['domain'].'.cfg.lua', $tpl->grab());
unset($tpl);
@@ -207,7 +220,7 @@ class xmpp_plugin {
unset($tpl);
}
- $app->services->restartServiceDelayed('metronome', 'restart');
+ $app->services->restartServiceDelayed('metronome', 'reload');
}
function domainDelete($event_name, $data){
@@ -253,6 +266,131 @@ class xmpp_plugin {
exec('metronomectl deluser '.$data['old']['jid']);
}
+ // Handle the creation of SSL certificates
+ function ssl($event_name, $data) {
+ global $app, $conf;
+
+ $app->uses('system,tpl');
+
+ // load the server configuration options
+ $app->uses('getconf');
+ $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+ $ssl_dir = '/etc/metronome/certs';
+ $domain = $data['new']['domain'];
+ $cnf_file = $ssl_dir.'/'.$domain.'.cnf';
+ $key_file = $ssl_dir.'/'.$domain.'.key';
+ $csr_file = $ssl_dir.'/'.$domain.'.csr';
+ $crt_file = $ssl_dir.'/'.$domain.'.cert';
+
+ //* Create a SSL Certificate, but only if this is not a mirror server.
+ if($data['new']['ssl_action'] == 'create' && $conf['mirror_server_id'] == 0) {
+
+ $this->ssl_certificate_changed = true;
+
+ //* Rename files if they exist
+ if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
+ if(file_exists($key_file)){
+ $app->system->rename($key_file, $key_file.'.bak');
+ $app->system->chmod($key_file.'.bak', 0400);
+ $app->system->chown($key_file.'.bak', 'metronome');
+ }
+ if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
+ if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');
+
+ // Write new CNF file
+ $tpl = new tpl();
+ $tpl->newTemplate('metronome_conf_ssl.master');
+ $tpl->setVar('domain', $domain);
+ $tpl->setVar('ssl_country', $data['new']['ssl_country']);
+ $tpl->setVar('ssl_locality', $data['new']['ssl_locality']);
+ $tpl->setVar('ssl_organisation', $data['new']['ssl_organisation']);
+ $tpl->setVar('ssl_organisation_unit', $data['new']['ssl_organisation_unit']);
+ $tpl->setVar('ssl_email', $data['new']['ssl_email']);
+ $app->system->file_put_contents($cnf_file, $tpl->grab());
+
+ // Generate new key, csr and cert
+ exec("(cd /etc/metronome/certs && make $domain.key)");
+ exec("(cd /etc/metronome/certs && make $domain.csr)");
+ exec("(cd /etc/metronome/certs && make $domain.cert)");
+
+ $ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
+ $app->system->chmod($key_file, 0400);
+ $app->system->chown($key_file, 'metronome');
+ $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
+ $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->log('Creating XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+ }
+
+ //* Save a SSL certificate to disk
+ if($data["new"]["ssl_action"] == 'save') {
+ $this->ssl_certificate_changed = true;
+
+ //* Rename files if they exist
+ if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
+ if(file_exists($key_file)){
+ $app->system->rename($key_file, $key_file.'.bak');
+ $app->system->chmod($key_file.'.bak', 0400);
+ $app->system->chown($key_file.'.bak', 'metronome');
+ }
+ if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
+ if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');
+
+ //* Write new ssl files
+ if(trim($data["new"]["ssl_request"]) != '')
+ $app->system->file_put_contents($csr_file, $data["new"]["ssl_request"]);
+ if(trim($data["new"]["ssl_cert"]) != '')
+ $app->system->file_put_contents($crt_file, $data["new"]["ssl_cert"]);
+
+ //* Write the key file, if field is empty then import the key into the db
+ if(trim($data["new"]["ssl_key"]) != '') {
+ $app->system->file_put_contents($key_file, $data["new"]["ssl_key"]);
+ $app->system->chmod($key_file, 0400);
+ $app->system->chown($key_file, 'metronome');
+ } else {
+ $ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
+ }
+
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->log('Saving XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+ }
+
+ //* Delete a SSL certificate
+ if($data['new']['ssl_action'] == 'del') {
+ $this->ssl_certificate_deleted = true;
+ $app->system->unlink($csr_file);
+ $app->system->unlink($crt_file);
+ $app->system->unlink($key_file);
+ $app->system->unlink($cnf_file);
+ $app->system->unlink($csr_file.'.bak');
+ $app->system->unlink($crt_file.'.bak');
+ $app->system->unlink($key_file.'.bak');
+ $app->system->unlink($cnf_file.'.bak');
+ /* Update the DB of the (local) Server */
+ $app->db->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ /* Update also the master-DB of the Server-Farm */
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
+ $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+ }
+
+ }
+
} // end class
?>