diff --git a/install/apps/metronome-init b/install/apps/metronome-init index e10ef3c32e276863f475c2b5d5f578e1ec04df67..78ba7ea14accccbc866cf1294c88f68f0821e8fc 100644 --- a/install/apps/metronome-init +++ b/install/apps/metronome-init @@ -33,6 +33,16 @@ stop() $METRONOME stop >> /dev/null } +reload() +{ + &METRONOME reload >> /dev/null +} + +restart() +{ + &METRONOME restart >> /dev/null +} + case "$1" in start) echo -n "Starting Metronome..." @@ -42,13 +52,16 @@ case "$1" in echo -n "Stopping Metronome..." stop & ;; + reload) + echo -n "Reloading Metronome config..." + reload & + ;; restart) echo -n "Restarting Metronome..." - stop & - start & + restart & ;; *) - echo "Usage: $0 {start|stop|restart}" >&2 + echo "Usage: $0 {start|stop|reload|restart}" >&2 exit 1 ;; esac diff --git a/install/sql/incremental/upd_0081.sql b/install/sql/incremental/upd_0081.sql index ce16a5b1bd4625edfd00f4983caf2840bcee96d1..5e6b90ecd4bd847dea8c3d7bfa58c37fd8167750 100644 --- a/install/sql/incremental/upd_0081.sql +++ b/install/sql/incremental/upd_0081.sql @@ -48,6 +48,18 @@ CREATE TABLE `xmpp_domain` ( `http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n', `use_status_host` enum('n','y') NOT NULL DEFAULT 'n', + `ssl_state` varchar(255) NULL, + `ssl_locality` varchar(255) NULL, + `ssl_organisation` varchar(255) NULL, + `ssl_organisation_unit` varchar(255) NULL, + `ssl_country` varchar(255) NULL, + `ssl_email` varchar(255) NULL, + `ssl_request` mediumtext NULL, + `ssl_cert` mediumtext NULL, + `ssl_bundle` mediumtext NULL, + `ssl_key` mediumtext NULL, + `ssl_action` varchar(16) NULL, + `active` enum('n','y') NOT NULL DEFAULT 'n', PRIMARY KEY (`domain_id`), KEY `server_id` (`server_id`,`domain`), diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index 22c58b1b5c485f3abe021aa7973f872e000c293f..f1e661a393b121494235ead7b12135fed9aafbd4 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -2002,6 +2002,18 @@ CREATE TABLE `xmpp_domain` ( `http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n', `use_status_host` enum('n','y') NOT NULL DEFAULT 'n', + `ssl_state` varchar(255) NULL, + `ssl_locality` varchar(255) NULL, + `ssl_organisation` varchar(255) NULL, + `ssl_organisation_unit` varchar(255) NULL, + `ssl_country` varchar(255) NULL, + `ssl_email` varchar(255) NULL, + `ssl_request` mediumtext NULL, + `ssl_cert` mediumtext NULL, + `ssl_bundle` mediumtext NULL, + `ssl_key` mediumtext NULL, + `ssl_action` varchar(16) NULL, + `active` enum('n','y') NOT NULL DEFAULT 'n', PRIMARY KEY (`domain_id`), KEY `server_id` (`server_id`,`domain`), diff --git a/interface/web/mail/form/xmpp_domain.tform.php b/interface/web/mail/form/xmpp_domain.tform.php index b2db7f8f2ba2951c3ddefd5360f7c0cf1b0d48de..5934497184e6ae6c63eaddc47ef6805d6a229692 100644 --- a/interface/web/mail/form/xmpp_domain.tform.php +++ b/interface/web/mail/form/xmpp_domain.tform.php @@ -280,5 +280,128 @@ $form["tabs"]['muc'] = array ( ) ); +$form["tabs"]['ssl'] = array ( + 'title' => "SSL", + 'width' => 100, + 'template' => "templates/xmpp_domain_edit_ssl.htm", + 'readonly' => false, + 'fields' => array ( + //################################# + // Begin Datatable fields + //################################# + 'ssl_state' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'REGEX', + 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/', + 'errmsg'=> 'ssl_state_error_regex'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'ssl_locality' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'REGEX', + 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/', + 'errmsg'=> 'ssl_locality_error_regex'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'ssl_organisation' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'REGEX', + 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/', + 'errmsg'=> 'ssl_organisation_error_regex'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'ssl_organisation_unit' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'validators' => array ( 0 => array ( 'type' => 'REGEX', + 'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/', + 'errmsg'=> 'ssl_organistaion_unit_error_regex'), + ), + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255' + ), + 'ssl_country' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'SELECT', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => 'SELECT iso,printable_name FROM country ORDER BY printable_name', + 'keyfield'=> 'iso', + 'valuefield'=> 'printable_name' + ), + 'value' => '' + ), + 'ssl_email' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'TEXT', + 'default' => '', + 'value' => '', + 'width' => '30', + 'maxlength' => '255', + 'validators' => array ( 0 => array ( 'type' => 'ISEMAIL', + 'errmsg'=> 'ssl_error_isemail') + ), + ), + 'ssl_key' => array ( + 'datatype' => 'TEXT', + 'formtype' => 'TEXTAREA', + 'default' => '', + 'value' => '', + 'cols' => '30', + 'rows' => '10' + ), + 'ssl_request' => array ( + 'datatype' => 'TEXT', + 'formtype' => 'TEXTAREA', + 'default' => '', + 'value' => '', + 'cols' => '30', + 'rows' => '10' + ), + 'ssl_cert' => array ( + 'datatype' => 'TEXT', + 'formtype' => 'TEXTAREA', + 'default' => '', + 'value' => '', + 'cols' => '30', + 'rows' => '10' + ), + 'ssl_bundle' => array ( + 'datatype' => 'TEXT', + 'formtype' => 'TEXTAREA', + 'default' => '', + 'value' => '', + 'cols' => '30', + 'rows' => '10' + ), + 'ssl_action' => array ( + 'datatype' => 'VARCHAR', + 'formtype' => 'SELECT', + 'default' => '', + 'value' => array('' => 'none_txt', 'save' => 'save_certificate_txt', 'create' => 'create_certificate_txt', 'del' => 'delete_certificate_txt') + ), + //################################# + // ENDE Datatable fields + //################################# + ) +); + ?> diff --git a/interface/web/mail/lib/lang/en_xmpp_domain.lng b/interface/web/mail/lib/lang/en_xmpp_domain.lng index 86abd2b0c75febacfa64ab6ad729adfd00a4ff67..9e2924cb9161939905113ceb8ea9834c4d6f996c 100644 --- a/interface/web/mail/lib/lang/en_xmpp_domain.lng +++ b/interface/web/mail/lib/lang/en_xmpp_domain.lng @@ -30,4 +30,32 @@ $wb["cant_change_domainname_txt"] = 'The Domain name of existing XMPP domain can $wb["about_registration_url_txt"] = 'Link to your registration form.'; $wb["about_registration_message_txt"] = 'Description about your account registration process.'; $wb["no_corresponding_maildomain_txt"] = 'Corresponding mail domain for user management not found. Please create the mail domain first.'; +$wb['ssl_state_txt'] = 'State'; +$wb['ssl_locality_txt'] = 'Locality'; +$wb['ssl_organisation_txt'] = 'Organisation'; +$wb['ssl_organisation_unit_txt'] = 'Organisation Unit'; +$wb['ssl_country_txt'] = 'Country'; +$wb['ssl_key_txt'] = 'SSL Key'; +$wb['ssl_request_txt'] = 'SSL Request'; +$wb['ssl_cert_txt'] = 'SSL Certificate'; +$wb['ssl_bundle_txt'] = 'SSL Bundle'; +$wb['ssl_action_txt'] = 'SSL Action'; +$wb['ssl_email_txt'] = 'Email Address'; +$wb['ssl_txt'] = 'SSL'; +$wb['error_ssl_state_empty'] = 'SSL State is empty.'; +$wb['error_ssl_locality_empty'] = 'SSL Locality is empty.'; +$wb['error_ssl_organisation_empty'] = 'SSL Organisation is empty.'; +$wb['error_ssl_organisation_unit_empty'] = 'SSL Organisation Unit is empty.'; +$wb['error_ssl_country_empty'] = 'SSL Country is empty.'; +$wb['error_ssl_cert_empty'] = 'SSL Certificate field is empty'; +$wb['ssl_state_error_regex'] = 'Invalid SSL State. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ'; +$wb['ssl_locality_error_regex'] = 'Invalid SSL Locality. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ'; +$wb['ssl_organisation_error_regex'] = 'Invalid SSL Organisation. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ'; +$wb['ssl_organistaion_unit_error_regex'] = 'Invalid SSL Organisation Unit. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ'; +$wb['ssl_country_error_regex'] = 'Invalid SSL Country. Valid characters are: A-Z'; +$wb['none_txt'] = 'None'; +$wb['save_certificate_txt'] = 'Save certificate'; +$wb['create_certificate_txt'] = 'Create certificate'; +$wb['delete_certificate_txt'] = 'Delete certificate'; +$wb['ssl_error_isemail'] = 'Please enter a valid email adress for generation of the SSL certificate'; ?> diff --git a/interface/web/mail/templates/xmpp_domain_edit_ssl.htm b/interface/web/mail/templates/xmpp_domain_edit_ssl.htm new file mode 100644 index 0000000000000000000000000000000000000000..2bb7d059aade1ee4015a8041c0df6f45f38cacf5 --- /dev/null +++ b/interface/web/mail/templates/xmpp_domain_edit_ssl.htm @@ -0,0 +1,100 @@ +
+

+
+

+ + +
+

{tmpl_var name='configuration_error_txt'}

+
+
{tmpl_var name='config_error_tstamp'} : 
{tmpl_var name='config_error_msg'}
+
+
+ + + + + + +
+ +
+
+ +
+
+ +
+
+ +
+
+ +
+
+
+ +
+
+ +
+
+
+ +
+
+
+ +
+
+
+ +
+
+ + + + + +
+ + +
+ + \ No newline at end of file diff --git a/interface/web/mail/xmpp_domain_edit.php b/interface/web/mail/xmpp_domain_edit.php index 2844a2776a3ea153fc8c282aaca63ec57d9680a0..b30d4d14068a12870c6881b56f98f1a58c187c46 100644 --- a/interface/web/mail/xmpp_domain_edit.php +++ b/interface/web/mail/xmpp_domain_edit.php @@ -49,14 +49,16 @@ $app->uses('tpl,tform,tform_actions,tools_sites'); $app->load('tform_actions'); class page_action extends tform_actions { - var $_xmpp_type = 'domain'; + var $_xmpp_type = 'server'; function onLoad() { $show_type = 'server'; - if(isset($_GET['type']) && $_GET['type'] == 'modules') { + if(isset($_REQUEST['type']) && $_REQUEST['type'] == 'modules') { $show_type = 'modules'; - } elseif(isset($_GET['type']) && $_GET['type'] == 'muc') { + } elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'muc') { $show_type = 'muc'; + }elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'ssl') { + $show_type = 'ssl'; } $_SESSION['s']['var']['xmpp_type'] = $show_type; @@ -363,6 +365,21 @@ class page_action extends tform_actions { } } + if($this->_xmpp_type == 'ssl'){ + //* Check that all fields for the SSL cert creation are filled + if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'create') { + if($this->dataRecord['ssl_state'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_state_empty').'
'; + if($this->dataRecord['ssl_locality'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_locality_empty').'
'; + if($this->dataRecord['ssl_organisation'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_empty').'
'; + if($this->dataRecord['ssl_organisation_unit'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_unit_empty').'
'; + if($this->dataRecord['ssl_country'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_country_empty').'
'; + } + + if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'save') { + if(trim($this->dataRecord['ssl_cert']) == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_cert_empty').'
'; + } + } + //* make sure that the xmpp domain is lowercase if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]); diff --git a/server/conf/metronome_conf_host.master b/server/conf/metronome_conf_host.master index 2b4783202f91e587dc672d632c66f498f643ca16..179d533e19c532bdc498d938406a962cf877c437 100644 --- a/server/conf/metronome_conf_host.master +++ b/server/conf/metronome_conf_host.master @@ -52,12 +52,12 @@ VirtualHost "{tmpl_var name='domain'}" admins = { {tmpl_var name='domain_admins'} }; --- TODO: SSL Certs for Hosts --- ssl = { --- key = "/var/lib/metronome/iplay-esports.de.key", --- certificate = "/var/lib/metronome/iplay-esports.de.crt", --- }; - + + ssl = { + key = "/etc/metronome/certs/{tmpl_var name='domain'}.key", + certificate = "/etc/metronome/certs/{tmpl_var name='domain'}.cert", + }; + VirtualHost "anon.{tmpl_var name='domain'}" diff --git a/server/conf/metronome_conf_ssl.master b/server/conf/metronome_conf_ssl.master new file mode 100644 index 0000000000000000000000000000000000000000..73ab3a8a3580313f9879c5e50ccd6a01c6e71547 --- /dev/null +++ b/server/conf/metronome_conf_ssl.master @@ -0,0 +1,72 @@ +oid_section = new_oids + +[ new_oids ] + +# RFC 3920 section 5.1.1 defines this OID +xmppAddr = 1.3.6.1.5.5.7.8.5 + +# RFC 4985 defines this OID +SRVName = 1.3.6.1.5.5.7.8.7 + +[ req ] + +default_bits = 4096 +default_keyfile = {tmpl_var name='domain'}.key +distinguished_name = distinguished_name +req_extensions = v3_extensions +x509_extensions = v3_extensions + +# ask about the DN? +prompt = no + +[ distinguished_name ] + +commonName = {tmpl_var name='domain'} +countryName = {tmpl_var name='ssl_country'} +localityName = {tmpl_var name='ssl_locality'} +organizationName = {tmpl_var name='ssl_organisation'} +organizationalUnitName = {tmpl_var name='ssl_organisation_unit'} +emailAddress = {tmpl_var name='ssl_email'} + +[ v3_extensions ] + +# for certificate requests (req_extensions) +# and self-signed certificates (x509_extensions) + +basicConstraints = CA:FALSE +keyUsage = digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectAltName = @subject_alternative_name + +[ subject_alternative_name ] + +# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info. + +DNS.0 = {tmpl_var name='domain'} +otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'} +otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'} +otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'} + +DNS.1 = muc.{tmpl_var name='domain'} +otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:muc.{tmpl_var name='domain'} +otherName.4 = SRVName;IA5STRING:_xmpp-server.muc.{tmpl_var name='domain'} + +DNS.2 = pubsub.{tmpl_var name='domain'} +otherName.5 = xmppAddr;FORMAT:UTF8,UTF8:pubsub.{tmpl_var name='domain'} +otherName.6 = SRVName;IA5STRING:_xmpp-server.pubsub.{tmpl_var name='domain'} + +DNS.3 = anon.{tmpl_var name='domain'} +otherName.7 = xmppAddr;FORMAT:UTF8,UTF8:anon.{tmpl_var name='domain'} +otherName.8 = SRVName;IA5STRING:_xmpp-server.anon.{tmpl_var name='domain'} + +DNS.4 = xmpp.{tmpl_var name='domain'} +otherName.9 = xmppAddr;FORMAT:UTF8,UTF8:xmpp.{tmpl_var name='domain'} +otherName.10= SRVName;IA5STRING:_xmpp-server.xmpp.{tmpl_var name='domain'} + +DNS.5 = proxy.{tmpl_var name='domain'} +otherName.11= xmppAddr;FORMAT:UTF8,UTF8:proxy.{tmpl_var name='domain'} +otherName.12= SRVName;IA5STRING:_xmpp-server.proxy.{tmpl_var name='domain'} + +DNS.6 = vjud.{tmpl_var name='domain'} +otherName.13= xmppAddr;FORMAT:UTF8,UTF8:vjud.{tmpl_var name='domain'} +otherName.14= SRVName;IA5STRING:_xmpp-server.vjud.{tmpl_var name='domain'} \ No newline at end of file diff --git a/server/mods-available/xmpp_module.inc.php b/server/mods-available/xmpp_module.inc.php index 145b7f0f5894de07ef2e72e0724661bc5e03d414..f8c1526e7392d5046df2e3ed7a3c891417c4c055 100644 --- a/server/mods-available/xmpp_module.inc.php +++ b/server/mods-available/xmpp_module.inc.php @@ -79,6 +79,8 @@ class xmpp_module { */ $app->modules->registerTableHook('xmpp_domain', 'xmpp_module', 'process'); + $app->services->registerService('metronome', 'xmpp_module', 'reloadXMPP'); + $app->services->registerService('metronome', 'xmpp_module', 'restartXMPP'); } @@ -104,6 +106,26 @@ class xmpp_module { } // end switch } // end function + + function restartXMPP($action = 'restart') { + global $app, $conf; + + // load the server configuration options + $app->uses('getconf,system'); + $xmpp_config = $app->getconf->get_server_config($conf['server_id'], 'xmpp'); + + $daemon = 'metronome'; + + $retval = array('output' => '', 'retval' => 0); + if($action == 'restart') { + $cmd = $app->system->getinitcommand($daemon, 'restart'); + } else { + $cmd = $app->system->getinitcommand($daemon, 'reload'); + } + exec($cmd.' 2>&1', $retval['output'], $retval['retval']); + $app->log("Restarting xmpp: $cmd", LOGLEVEL_DEBUG); + return $retval; + } } // end class ?> diff --git a/server/plugins-available/xmpp_plugin.inc.php b/server/plugins-available/xmpp_plugin.inc.php index 312a2a9945a2fef0b861398350c7265dc5618992..2176cc513f2931e1797fdce660ea70619465b5cc 100644 --- a/server/plugins-available/xmpp_plugin.inc.php +++ b/server/plugins-available/xmpp_plugin.inc.php @@ -38,6 +38,10 @@ class xmpp_plugin { var $xmpp_config_dir = '/etc/metronome'; + var $ssl_certificate_changed = false; + var $ssl_certificate_deleted = false; + + //* This function is called during ispconfig installation to determine // if a symlink shall be created for this plugin. function onInstall() { @@ -64,6 +68,11 @@ class xmpp_plugin { $app->plugins->registerEvent('server_insert', 'xmpp_plugin', 'insert'); $app->plugins->registerEvent('server_update', 'xmpp_plugin', 'update'); + + $app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'ssl'); + $app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'ssl'); + $app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'ssl'); + $app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'domainInsert'); $app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'domainUpdate'); $app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'domainDelete'); @@ -193,6 +202,10 @@ class xmpp_plugin { } + // Check for SSL + if(strlen($data['new']['ssl_cert']) && strlen($data['new']['ssl_key']) && !$this->ssl_certificate_deleted || $this->ssl_certificate_changed) + $tpl->setVar('ssl_cert', true); + $app->system->file_put_contents($this->xmpp_config_dir.'/hosts/'.$data['new']['domain'].'.cfg.lua', $tpl->grab()); unset($tpl); @@ -207,7 +220,7 @@ class xmpp_plugin { unset($tpl); } - $app->services->restartServiceDelayed('metronome', 'restart'); + $app->services->restartServiceDelayed('metronome', 'reload'); } function domainDelete($event_name, $data){ @@ -253,6 +266,131 @@ class xmpp_plugin { exec('metronomectl deluser '.$data['old']['jid']); } + // Handle the creation of SSL certificates + function ssl($event_name, $data) { + global $app, $conf; + + $app->uses('system,tpl'); + + // load the server configuration options + $app->uses('getconf'); + $web_config = $app->getconf->get_server_config($conf['server_id'], 'web'); + + $ssl_dir = '/etc/metronome/certs'; + $domain = $data['new']['domain']; + $cnf_file = $ssl_dir.'/'.$domain.'.cnf'; + $key_file = $ssl_dir.'/'.$domain.'.key'; + $csr_file = $ssl_dir.'/'.$domain.'.csr'; + $crt_file = $ssl_dir.'/'.$domain.'.cert'; + + //* Create a SSL Certificate, but only if this is not a mirror server. + if($data['new']['ssl_action'] == 'create' && $conf['mirror_server_id'] == 0) { + + $this->ssl_certificate_changed = true; + + //* Rename files if they exist + if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak'); + if(file_exists($key_file)){ + $app->system->rename($key_file, $key_file.'.bak'); + $app->system->chmod($key_file.'.bak', 0400); + $app->system->chown($key_file.'.bak', 'metronome'); + } + if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak'); + if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak'); + + // Write new CNF file + $tpl = new tpl(); + $tpl->newTemplate('metronome_conf_ssl.master'); + $tpl->setVar('domain', $domain); + $tpl->setVar('ssl_country', $data['new']['ssl_country']); + $tpl->setVar('ssl_locality', $data['new']['ssl_locality']); + $tpl->setVar('ssl_organisation', $data['new']['ssl_organisation']); + $tpl->setVar('ssl_organisation_unit', $data['new']['ssl_organisation_unit']); + $tpl->setVar('ssl_email', $data['new']['ssl_email']); + $app->system->file_put_contents($cnf_file, $tpl->grab()); + + // Generate new key, csr and cert + exec("(cd /etc/metronome/certs && make $domain.key)"); + exec("(cd /etc/metronome/certs && make $domain.csr)"); + exec("(cd /etc/metronome/certs && make $domain.cert)"); + + $ssl_key = $app->db->quote($app->system->file_get_contents($key_file)); + $app->system->chmod($key_file, 0400); + $app->system->chown($key_file, 'metronome'); + $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file)); + $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file)); + /* Update the DB of the (local) Server */ + $app->db->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'"); + $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + /* Update also the master-DB of the Server-Farm */ + $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'"); + $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + $app->log('Creating XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG); + } + + //* Save a SSL certificate to disk + if($data["new"]["ssl_action"] == 'save') { + $this->ssl_certificate_changed = true; + + //* Rename files if they exist + if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak'); + if(file_exists($key_file)){ + $app->system->rename($key_file, $key_file.'.bak'); + $app->system->chmod($key_file.'.bak', 0400); + $app->system->chown($key_file.'.bak', 'metronome'); + } + if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak'); + if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak'); + + //* Write new ssl files + if(trim($data["new"]["ssl_request"]) != '') + $app->system->file_put_contents($csr_file, $data["new"]["ssl_request"]); + if(trim($data["new"]["ssl_cert"]) != '') + $app->system->file_put_contents($crt_file, $data["new"]["ssl_cert"]); + + //* Write the key file, if field is empty then import the key into the db + if(trim($data["new"]["ssl_key"]) != '') { + $app->system->file_put_contents($key_file, $data["new"]["ssl_key"]); + $app->system->chmod($key_file, 0400); + $app->system->chown($key_file, 'metronome'); + } else { + $ssl_key = $app->db->quote($app->system->file_get_contents($key_file)); + /* Update the DB of the (local) Server */ + $app->db->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'"); + /* Update also the master-DB of the Server-Farm */ + $app->dbmaster->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'"); + } + + /* Update the DB of the (local) Server */ + $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + + /* Update also the master-DB of the Server-Farm */ + $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + $app->log('Saving XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG); + } + + //* Delete a SSL certificate + if($data['new']['ssl_action'] == 'del') { + $this->ssl_certificate_deleted = true; + $app->system->unlink($csr_file); + $app->system->unlink($crt_file); + $app->system->unlink($key_file); + $app->system->unlink($cnf_file); + $app->system->unlink($csr_file.'.bak'); + $app->system->unlink($crt_file.'.bak'); + $app->system->unlink($key_file.'.bak'); + $app->system->unlink($cnf_file.'.bak'); + /* Update the DB of the (local) Server */ + $app->db->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'"); + $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + /* Update also the master-DB of the Server-Farm */ + $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'"); + $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'"); + $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG); + } + + } + } // end class ?>