store custom app certificates in subdomains table

the REST route and model code is still ununsed as before since there
is no way to set the certs from the UI.
This commit is contained in:
Girish Ramakrishnan
2021-05-05 10:34:22 -07:00
parent 963e92b517
commit 7f6a0555b2
8 changed files with 64 additions and 49 deletions

View File

@@ -1,14 +1,14 @@
'use strict';
exports = module.exports = {
setAppCertificate,
setFallbackCertificate,
generateFallbackCertificateSync,
setAppCertificateSync,
validateCertificate,
getCertificate,
getCertificatePath,
ensureCertificate,
renewCerts,
@@ -239,11 +239,7 @@ function setFallbackCertificate(domain, fallback, callback) {
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
// TODO: maybe the cert is being used by the mail container
reload(function (error) {
if (error) return callback(new BoxError(BoxError.NGINX_ERROR, error));
return callback(null);
});
reload(callback);
}
function restoreFallbackCertificates(callback) {
@@ -270,10 +266,11 @@ function getFallbackCertificatePathSync(domain) {
return { certFilePath, keyFilePath };
}
function setAppCertificateSync(location, domainObject, certificate) {
function setAppCertificate(location, domainObject, certificate, callback) {
assert.strictEqual(typeof location, 'string');
assert.strictEqual(typeof domainObject, 'object');
assert.strictEqual(typeof certificate, 'object');
assert.strictEqual(typeof callback, 'function');
let fqdn = domains.fqdn(location, domainObject);
if (certificate.cert && certificate.key) {
@@ -284,10 +281,10 @@ function setAppCertificateSync(location, domainObject, certificate) {
if (!safe.fs.unlinkSync(path.join(paths.APP_CERTS_DIR, `${fqdn}.user.key`))) debug('Error removing key: ' + safe.error.message);
}
return null;
reload(callback);
}
function getAcmeCertificate(vhost, domainObject, callback) {
function getAcmeCertificatePath(vhost, domainObject, callback) {
assert.strictEqual(typeof vhost, 'string'); // this can contain wildcard domain (for alias domains)
assert.strictEqual(typeof domainObject, 'object');
assert.strictEqual(typeof callback, 'function');
@@ -310,7 +307,7 @@ function getAcmeCertificate(vhost, domainObject, callback) {
callback(null);
}
function getCertificate(fqdn, domain, callback) {
function getCertificatePath(fqdn, domain, callback) {
assert.strictEqual(typeof fqdn, 'string');
assert.strictEqual(typeof domain, 'string');
assert.strictEqual(typeof callback, 'function');
@@ -330,7 +327,7 @@ function getCertificate(fqdn, domain, callback) {
if (domainObject.tlsConfig.provider === 'fallback') return callback(null, getFallbackCertificatePathSync(domain));
getAcmeCertificate(fqdn, domainObject, function (error, result) {
getAcmeCertificatePath(fqdn, domainObject, function (error, result) {
if (error || result) return callback(error, result);
return callback(null, getFallbackCertificatePathSync(domain));
@@ -365,7 +362,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
getAcmeApi(domainObject, function (error, acmeApi, apiOptions) {
if (error) return callback(error);
getAcmeCertificate(vhost, domainObject, function (_error, currentBundle) {
getAcmeCertificatePath(vhost, domainObject, function (_error, currentBundle) {
if (currentBundle) {
debug(`ensureCertificate: ${vhost} certificate already exists at ${currentBundle.keyFilePath}`);
@@ -453,7 +450,7 @@ function writeDashboardConfig(domain, callback) {
const adminFqdn = domains.fqdn(constants.ADMIN_LOCATION, domainObject);
getCertificate(adminFqdn, domainObject.domain, function (error, bundle) {
getCertificatePath(adminFqdn, domainObject.domain, function (error, bundle) {
if (error) return callback(error);
writeDashboardNginxConfig(bundle, `${adminFqdn}.conf`, adminFqdn, callback);
@@ -564,7 +561,7 @@ function writeAppConfig(app, callback) {
});
async.eachSeries(appDomains, function (appDomain, iteratorDone) {
getCertificate(appDomain.fqdn, appDomain.domain, function (error, bundle) {
getCertificatePath(appDomain.fqdn, appDomain.domain, function (error, bundle) {
if (error) return iteratorDone(error);
if (appDomain.type === 'primary') {