store fallback certs in the database
This commit is contained in:
Girish Ramakrishnan
@@ -2,7 +2,6 @@
|
||||
|
||||
exports = module.exports = {
|
||||
setFallbackCertificate,
|
||||
getFallbackCertificate,
|
||||
|
||||
generateFallbackCertificateSync,
|
||||
setAppCertificateSync,
|
||||
@@ -25,6 +24,7 @@ exports = module.exports = {
|
||||
writeAppConfig,
|
||||
|
||||
removeAppConfigs,
|
||||
restoreFallbackCertificates,
|
||||
|
||||
// exported for testing
|
||||
_getAcmeApi: getAcmeApi
|
||||
@@ -196,10 +196,9 @@ function reload(callback) {
|
||||
});
|
||||
}
|
||||
|
||||
function generateFallbackCertificateSync(domainObject) {
|
||||
assert.strictEqual(typeof domainObject, 'object');
|
||||
function generateFallbackCertificateSync(domain) {
|
||||
assert.strictEqual(typeof domain, 'string');
|
||||
|
||||
const domain = domainObject.domain;
|
||||
const certFilePath = path.join(os.tmpdir(), `${domain}-${crypto.randomBytes(4).readUInt32LE(0)}.cert`);
|
||||
const keyFilePath = path.join(os.tmpdir(), `${domain}-${crypto.randomBytes(4).readUInt32LE(0)}.key`);
|
||||
|
||||
@@ -208,7 +207,7 @@ function generateFallbackCertificateSync(domainObject) {
|
||||
let opensslConfWithSan;
|
||||
let cn = domain;
|
||||
|
||||
debug(`generateFallbackCertificateSync: domain=${domainObject.domain} cn=${cn}`);
|
||||
debug(`generateFallbackCertificateSync: domain=${domain} cn=${cn}`);
|
||||
|
||||
opensslConfWithSan = `${opensslConf}\n[SAN]\nsubjectAltName=DNS:${domain},DNS:*.${cn}\n`;
|
||||
let configFile = path.join(os.tmpdir(), 'openssl-' + crypto.randomBytes(4).readUInt32LE(0) + '.conf');
|
||||
@@ -247,14 +246,28 @@ function setFallbackCertificate(domain, fallback, callback) {
|
||||
});
|
||||
}
|
||||
|
||||
function getFallbackCertificate(domain, callback) {
|
||||
assert.strictEqual(typeof domain, 'string');
|
||||
function restoreFallbackCertificates(callback) {
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
|
||||
domains.getAll(function (error, result) {
|
||||
if (error) return callback(error);
|
||||
|
||||
result.forEach(function (domain) {
|
||||
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain.domain}.host.cert`), domain.fallbackCertificate.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
|
||||
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain.domain}.host.key`), domains.fallbackCertificate.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
|
||||
});
|
||||
|
||||
callback(null);
|
||||
});
|
||||
}
|
||||
|
||||
function getFallbackCertificatePathSync(domain) {
|
||||
assert.strictEqual(typeof domain, 'string');
|
||||
|
||||
const certFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`);
|
||||
const keyFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.key`);
|
||||
|
||||
callback(null, { certFilePath, keyFilePath });
|
||||
return { certFilePath, keyFilePath };
|
||||
}
|
||||
|
||||
function setAppCertificateSync(location, domainObject, certificate) {
|
||||
@@ -315,12 +328,12 @@ function getCertificate(fqdn, domain, callback) {
|
||||
|
||||
if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) return callback(null, { certFilePath, keyFilePath });
|
||||
|
||||
if (domainObject.tlsConfig.provider === 'fallback') return getFallbackCertificate(domain, callback);
|
||||
if (domainObject.tlsConfig.provider === 'fallback') return callback(null, getFallbackCertificatePathSync(domain));
|
||||
|
||||
getAcmeCertificate(fqdn, domainObject, function (error, result) {
|
||||
if (error || result) return callback(error, result);
|
||||
|
||||
return getFallbackCertificate(domain, callback);
|
||||
return callback(null, getFallbackCertificatePathSync(domain));
|
||||
});
|
||||
});
|
||||
}
|
||||
@@ -346,11 +359,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
|
||||
if (domainObject.tlsConfig.provider === 'fallback') {
|
||||
debug(`ensureCertificate: ${vhost} will use fallback certs`);
|
||||
|
||||
return getFallbackCertificate(domain, function (error, bundle) {
|
||||
if (error) return callback(error);
|
||||
|
||||
callback(null, bundle, { renewed: false });
|
||||
});
|
||||
return callback(null, getFallbackCertificatePathSync(domain), { renewed: false });
|
||||
}
|
||||
|
||||
getAcmeApi(domainObject, function (error, acmeApi, apiOptions) {
|
||||
@@ -382,11 +391,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
|
||||
|
||||
debug(`ensureCertificate: renewal of ${vhost} failed. using fallback certificates for ${domain}`);
|
||||
|
||||
getFallbackCertificate(domain, function (error, bundle) {
|
||||
if (error) return callback(error);
|
||||
|
||||
callback(null, bundle, { renewed: false });
|
||||
});
|
||||
callback(null, getFallbackCertificatePathSync(domain), { renewed: false });
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user