jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

acme2: do not pass around paths

Browse Source
This commit is contained in:
Girish Ramakrishnan
2022-11-17 08:58:20 +01:00
parent 51f43597bc
commit 23cc0d6f0e
2 changed files with 117 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/reverseproxy.js
View File

@@ -348,29 +348,6 @@ async function writeAcmeCertificate(fqdn, domainObject) {
return true;
}
async function updateCertBlobs(fqdn, domainObject) {
assert.strictEqual(typeof fqdn, 'string'); // this can contain wildcard domain (for alias domains)
assert.strictEqual(typeof domainObject, 'object');
const { certFilePath, keyFilePath, csrFilePath } = getAcmeCertificatePathSync(fqdn, domainObject);
const privateKey = safe.fs.readFileSync(keyFilePath);
if (!privateKey) throw new BoxError(BoxError.FS_ERROR, `Failed to read private key: ${safe.error.message}`);
const cert = safe.fs.readFileSync(certFilePath);
if (!cert) throw new BoxError(BoxError.FS_ERROR, `Failed to read cert: ${safe.error.message}`);
const csr = safe.fs.readFileSync(csrFilePath);
if (!csr) throw new BoxError(BoxError.FS_ERROR, `Failed to read csr: ${safe.error.message}`);
const certName = getAcmeCertificateNameSync(fqdn, domainObject);
await blobs.set(`${blobs.CERT_PREFIX}-${certName}.key`, privateKey);
await blobs.set(`${blobs.CERT_PREFIX}-${certName}.cert`, cert);
await blobs.set(`${blobs.CERT_PREFIX}-${certName}.csr`, csr);
debug(`updateCertBlobs: cert of ${fqdn} was updated`);
}
async function needsRenewal(fqdn, domainObject) {
assert.strictEqual(typeof fqdn, 'string');
assert.strictEqual(typeof domainObject, 'object');
@@ -389,15 +366,18 @@ async function renewCert(fqdn, domainObject) {
assert.strictEqual(typeof fqdn, 'string');
assert.strictEqual(typeof domainObject, 'object');
const apiOptions = await getAcmeApiOptions(domainObject);
const acmePaths = getAcmeCertificatePathSync(fqdn, domainObject);
const [error] = await safe(acme2.getCertificate(fqdn, domainObject.domain, acmePaths, apiOptions));
const [error, result] = await safe(acme2.getCertificate(fqdn, domainObject));
if (error) { // write the fallback cert to keep the nginx configs consistent
fs.writeFileSync(acmePaths.certFilePath, domainObject.certificate.cert);
fs.writeFileSync(acmePaths.keyFilePath, domainObject.certificate.key);
} else {
await safe(updateCertBlobs(fqdn, domainObject));
const { certFilePath, keyFilePath, csrFilePath } = getAcmeCertificatePathSync(fqdn, domainObject);
if (!safe.fs.writeFileSync(keyFilePath, result.key)) throw new BoxError(BoxError.FS_ERROR, `Failed to write private key: ${safe.error.message}`);
if (!safe.fs.writeFileSync(certFilePath, result.cert)) throw new BoxError(BoxError.FS_ERROR, `Failed to write cert: ${safe.error.message}`);
if (!safe.fs.writeFileSync(csrFilePath, result.csr)) throw new BoxError(BoxError.FS_ERROR, `Failed to write csr: ${safe.error.message}`);
}
if (domainObject.domain === settings.mailDomain() && getAcmeCertificatePathSync(settings.mailFqdn(), domainObject).certFilePath === acmePaths.certFilePath) {