store custom app certificates in subdomains table
the REST route and model code is still ununsed as before since there is no way to set the certs from the UI.
This commit is contained in:
Girish Ramakrishnan
@@ -1,14 +1,14 @@
|
||||
'use strict';
|
||||
|
||||
exports = module.exports = {
|
||||
setAppCertificate,
|
||||
setFallbackCertificate,
|
||||
|
||||
generateFallbackCertificateSync,
|
||||
setAppCertificateSync,
|
||||
|
||||
validateCertificate,
|
||||
|
||||
getCertificate,
|
||||
getCertificatePath,
|
||||
ensureCertificate,
|
||||
|
||||
renewCerts,
|
||||
@@ -239,11 +239,7 @@ function setFallbackCertificate(domain, fallback, callback) {
|
||||
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
|
||||
|
||||
// TODO: maybe the cert is being used by the mail container
|
||||
reload(function (error) {
|
||||
if (error) return callback(new BoxError(BoxError.NGINX_ERROR, error));
|
||||
|
||||
return callback(null);
|
||||
});
|
||||
reload(callback);
|
||||
}
|
||||
|
||||
function restoreFallbackCertificates(callback) {
|
||||
@@ -270,10 +266,11 @@ function getFallbackCertificatePathSync(domain) {
|
||||
return { certFilePath, keyFilePath };
|
||||
}
|
||||
|
||||
function setAppCertificateSync(location, domainObject, certificate) {
|
||||
function setAppCertificate(location, domainObject, certificate, callback) {
|
||||
assert.strictEqual(typeof location, 'string');
|
||||
assert.strictEqual(typeof domainObject, 'object');
|
||||
assert.strictEqual(typeof certificate, 'object');
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
|
||||
let fqdn = domains.fqdn(location, domainObject);
|
||||
if (certificate.cert && certificate.key) {
|
||||
@@ -284,10 +281,10 @@ function setAppCertificateSync(location, domainObject, certificate) {
|
||||
if (!safe.fs.unlinkSync(path.join(paths.APP_CERTS_DIR, `${fqdn}.user.key`))) debug('Error removing key: ' + safe.error.message);
|
||||
}
|
||||
|
||||
return null;
|
||||
reload(callback);
|
||||
}
|
||||
|
||||
function getAcmeCertificate(vhost, domainObject, callback) {
|
||||
function getAcmeCertificatePath(vhost, domainObject, callback) {
|
||||
assert.strictEqual(typeof vhost, 'string'); // this can contain wildcard domain (for alias domains)
|
||||
assert.strictEqual(typeof domainObject, 'object');
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
@@ -310,7 +307,7 @@ function getAcmeCertificate(vhost, domainObject, callback) {
|
||||
callback(null);
|
||||
}
|
||||
|
||||
function getCertificate(fqdn, domain, callback) {
|
||||
function getCertificatePath(fqdn, domain, callback) {
|
||||
assert.strictEqual(typeof fqdn, 'string');
|
||||
assert.strictEqual(typeof domain, 'string');
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
@@ -330,7 +327,7 @@ function getCertificate(fqdn, domain, callback) {
|
||||
|
||||
if (domainObject.tlsConfig.provider === 'fallback') return callback(null, getFallbackCertificatePathSync(domain));
|
||||
|
||||
getAcmeCertificate(fqdn, domainObject, function (error, result) {
|
||||
getAcmeCertificatePath(fqdn, domainObject, function (error, result) {
|
||||
if (error || result) return callback(error, result);
|
||||
|
||||
return callback(null, getFallbackCertificatePathSync(domain));
|
||||
@@ -365,7 +362,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
|
||||
getAcmeApi(domainObject, function (error, acmeApi, apiOptions) {
|
||||
if (error) return callback(error);
|
||||
|
||||
getAcmeCertificate(vhost, domainObject, function (_error, currentBundle) {
|
||||
getAcmeCertificatePath(vhost, domainObject, function (_error, currentBundle) {
|
||||
if (currentBundle) {
|
||||
debug(`ensureCertificate: ${vhost} certificate already exists at ${currentBundle.keyFilePath}`);
|
||||
|
||||
@@ -453,7 +450,7 @@ function writeDashboardConfig(domain, callback) {
|
||||
|
||||
const adminFqdn = domains.fqdn(constants.ADMIN_LOCATION, domainObject);
|
||||
|
||||
getCertificate(adminFqdn, domainObject.domain, function (error, bundle) {
|
||||
getCertificatePath(adminFqdn, domainObject.domain, function (error, bundle) {
|
||||
if (error) return callback(error);
|
||||
|
||||
writeDashboardNginxConfig(bundle, `${adminFqdn}.conf`, adminFqdn, callback);
|
||||
@@ -564,7 +561,7 @@ function writeAppConfig(app, callback) {
|
||||
});
|
||||
|
||||
async.eachSeries(appDomains, function (appDomain, iteratorDone) {
|
||||
getCertificate(appDomain.fqdn, appDomain.domain, function (error, bundle) {
|
||||
getCertificatePath(appDomain.fqdn, appDomain.domain, function (error, bundle) {
|
||||
if (error) return iteratorDone(error);
|
||||
|
||||
if (appDomain.type === 'primary') {
|
||||
|
||||
Reference in New Issue
Block a user