jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor expiry check

Browse Source
This commit is contained in:
Girish Ramakrishnan
2016-03-19 12:50:31 -07:00
parent 3d088aa9c4
commit 7ddbf7b652
1 changed files with 15 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/certificates.js
+15 -34
View File
@@ -108,9 +108,14 @@ function installAdminCertificate(callback) {
});
}
function isExpiringSync(hours, certFilePath) {
function isExpiringSync(domain, hours) {
assert.strictEqual(typeof domain, 'string');
assert.strictEqual(typeof hours, 'number');
assert.strictEqual(typeof certFilePath, 'string');
var certFilePath = path.join(paths.APP_CERTS_DIR, domain + '.cert');
var keyFilePath = path.join(paths.APP_CERTS_DIR, domain + '.key');
if (!fs.existsSync(userCertFilePath) || !fs.existsSync(userKeyFilePath)) return 2; // not found
var result = safe.child_process.spawnSync('/usr/bin/openssl', [ 'x509', '-checkend', new String(60 * 60 * hours), '-in', certFilePath ]);
@@ -131,18 +136,9 @@ function autoRenew(callback) {
var expiringApps = [ ];
for (var i = 0; i < allApps.length; i++) {
var appDomain = config.appFqdn(allApps[i].location);
var certFile = path.join(paths.APP_CERTS_DIR, appDomain + '.cert');
if (!safe.fs.existsSync(certFile)) {
debug('autoRenew: no existing certificate for %s. skipping', appDomain);
continue;
if (isExpiringSync(appDomain, 24 * 30)) { // expired or not found
expiringApps.push(allApps[i]);
}
if (!isExpiringSync(24 * 30, certFile)) {
debug('autoRenew: %s does not need renewal', appDomain);
continue;
}
expiringApps.push(allApps[i]);
}
debug('autoRenew: %j needs to be renewed', expiringApps.map(function (a) { return config.appFqdn(a.location); }));
@@ -181,18 +177,9 @@ function fallbackExpiredCertificates(callback) {
var expiringApps = [ ];
for (var i = 0; i < allApps.length; i++) {
var appDomain = config.appFqdn(allApps[i].location);
var certFile = path.join(paths.APP_CERTS_DIR, appDomain + '.cert');
if (!safe.fs.existsSync(certFile)) {
debug('fallbackExpiredCertificates: no existing certificate for %s. skipping', appDomain);
continue;
if (isExpiringSync(appDomain, 1)) { // expiring in next hour
expiringApps.push(allApps[i]);
}
if (!isExpiringSync(1, certFile)) { // expiring in the next hour
debug('fallbackExpiredCertificates: %s does not need to be switched', appDomain);
continue;
}
expiringApps.push(allApps[i]);
}
debug('fallbackExpiredCertificates: %j needs to be switched', expiringApps.map(function (a) { return config.appFqdn(a.location); }));
@@ -297,18 +284,12 @@ function ensureCertificate(domain, callback) {
assert.strictEqual(typeof callback, 'function');
// check if user uploaded a specific cert. ideally, we should not mix user certs and automatic certs as we do here...
var userCertFilePath = path.join(paths.APP_CERTS_DIR, domain + '.cert');
var userKeyFilePath = path.join(paths.APP_CERTS_DIR, domain + '.key');
if (fs.existsSync(userCertFilePath) && fs.existsSync(userKeyFilePath)) {
debug('ensureCertificate: %s. certificate already exists at %s', domain, userKeyFilePath);
// if expiring in coming 5 days, try to renew it now
if (!isExpiringSync(24 * 5, userCertFilePath)) return callback(null, userCertFilePath, userKeyFilePath);
debug('ensureCertificate: %s cert require renewal', domain);
if (!isExpiringSync(domain, 24 * 5)) {
return callback(null, userCertFilePath, userKeyFilePath);
}
debug('ensureCertificate: %s cert require renewal', domain);
getApi(function (error, api, apiOptions) {
if (error) return callback(error);