From 66d90c36fcf33da544d8bf28979127a17bdd3e1b Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Fri, 26 Jan 2018 20:30:37 -0800
Subject: [PATCH] generate fallback cert for domains if not provided

---
 src/certificates.js | 26 ++++++++++++++++++--------
 src/domains.js      |  8 ++------
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/src/certificates.js b/src/certificates.js
index 0e3663f29..effbf5f51 100644
--- a/src/certificates.js
+++ b/src/certificates.js
@@ -307,19 +307,29 @@ function validateCertificate(cert, key, domain) {
     return null;
 }
 
-function setFallbackCertificate(cert, key, domain, callback) {
-    assert.strictEqual(typeof cert, 'string');
-    assert.strictEqual(typeof key, 'string');
+function setFallbackCertificate(domain, fallback, callback) {
     assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof fallback, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    // backup the cert
-    if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, domain + '.cert'), cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
-    if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, domain + '.key'), key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+    const certFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`);
+    const keyFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.key`);
+
+    if (!fallback) { // generate it
+        var certCommand = util.format('openssl req -x509 -newkey rsa:2048 -keyout %s -out %s -days 3650 -subj /CN=*.%s -nodes', keyFilePath, certFilePath, domain);
+        if (!safe.child_process.execSync(certCommand)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+    } else {
+        // backup the cert
+        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, domain + '.cert'), fallback.cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, domain + '.key'), fallback.key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+    }
 
     // copy over fallback cert
-    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, domain + '.cert'), cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
-    if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, domain + '.key'), key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+    var fallbackCertFilePath = path.join(paths.NGINX_CERT_DIR, `${domain}.host.cert`);
+    var fallbackKeyFilePath = path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`);
+
+    if (!safe.child_process.execSync(`cp ${certFilePath} ${fallbackCertFilePath}`)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
+    if (!safe.child_process.execSync(`cp ${keyFilePath} ${fallbackKeyFilePath}`)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
 
     exports.events.emit(exports.EVENT_CERT_CHANGED, '*.' + domain);
 
diff --git a/src/domains.js b/src/domains.js
index 0273dc6cf..ef6c0387a 100644
--- a/src/domains.js
+++ b/src/domains.js
@@ -133,9 +133,7 @@ function add(domain, zoneName, provider, config, fallbackCertificate, callback)
                 if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new DomainError(DomainError.ALREADY_EXISTS));
                 if (error) return callback(new DomainError(DomainError.INTERNAL_ERROR, error));
 
-                if (!fallbackCertificate) return callback();
-
-                certificates.setFallbackCertificate(fallbackCertificate.cert, fallbackCertificate.key, domain, function (error) {
+                certificates.setFallbackCertificate(domain, fallbackCertificate, function (error) {
                     if (error) return callback(new DomainError(DomainError.INTERNAL_ERROR, error));
 
                     callback();
@@ -205,9 +203,7 @@ function update(domain, provider, config, fallbackCertificate, callback) {
                     if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainError(DomainError.NOT_FOUND));
                     if (error) return callback(new DomainError(DomainError.INTERNAL_ERROR, error));
 
-                    if (!fallbackCertificate) return callback();
-
-                    certificates.setFallbackCertificate(fallbackCertificate.cert, fallbackCertificate.key, domain, function (error) {
+                    certificates.setFallbackCertificate(domain, fallbackCertificate, function (error) {
                         if (error) return callback(new DomainError(DomainError.INTERNAL_ERROR, error));
                         callback();
                     });