diff --git a/src/certificates.js b/src/certificates.js index 343cf090e..9f64bfbaa 100644 --- a/src/certificates.js +++ b/src/certificates.js @@ -12,7 +12,6 @@ exports = module.exports = { validateCertificate: validateCertificate, ensureCertificate: ensureCertificate, - setAdminCertificate: setAdminCertificate, getAdminCertificate: getAdminCertificate, renewAll: renewAll, @@ -251,17 +250,17 @@ function validateCertificate(domain, cert, key) { debug('validateCertificate: detected altNames as %j', altNames); // check altNames - if (!altNames.some(matchesDomain)) return CertificatesError(CertificatesError.INVALID_CERT, util.format('Certificate is not valid for this domain. Expecting %s in %j', domain, altNames)); + if (!altNames.some(matchesDomain)) return new CertificatesError(CertificatesError.INVALID_CERT, util.format('Certificate is not valid for this domain. Expecting %s in %j', domain, altNames)); } // http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#verify var certModulus = safe.child_process.execSync('openssl x509 -noout -modulus', { encoding: 'utf8', input: cert }); var keyModulus = safe.child_process.execSync('openssl rsa -noout -modulus', { encoding: 'utf8', input: key }); - if (certModulus !== keyModulus) return CertificatesError(CertificatesError.INVALID_CERT, 'Key does not match the certificate.'); + if (certModulus !== keyModulus) return new CertificatesError(CertificatesError.INVALID_CERT, 'Key does not match the certificate.'); // check expiration result = safe.child_process.execSync('openssl x509 -checkend 0', { encoding: 'utf8', input: cert }); - if (!result) return CertificatesError(CertificatesError.INVALID_CERT, 'Certificate has expired.'); + if (!result) return new CertificatesError(CertificatesError.INVALID_CERT, 'Certificate has expired.'); return null; } @@ -313,27 +312,6 @@ function getFallbackCertificate(domain, callback) { callback(null, { cert: cert, key: key }); } -function setAdminCertificate(cert, key, callback) { - assert.strictEqual(typeof cert, 'string'); - assert.strictEqual(typeof key, 'string'); - assert.strictEqual(typeof callback, 'function'); - - var vhost = config.adminFqdn(); - var certFilePath = path.join(paths.APP_CERTS_DIR, vhost + '.user.cert'); - var keyFilePath = path.join(paths.APP_CERTS_DIR, vhost + '.user.key'); - - var error = validateCertificate(vhost, cert, key); - if (error) return callback(error); - - // backup the cert - if (!safe.fs.writeFileSync(certFilePath, cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message)); - if (!safe.fs.writeFileSync(keyFilePath, key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message)); - - exports.events.emit(exports.EVENT_CERT_CHANGED, vhost); - - nginx.configureAdmin(certFilePath, keyFilePath, constants.NGINX_ADMIN_CONFIG_FILE_NAME, config.adminFqdn(), callback); -} - function getAdminCertificatePath(callback) { assert.strictEqual(typeof callback, 'function'); diff --git a/src/routes/settings.js b/src/routes/settings.js index c5f483129..2c4fe993c 100644 --- a/src/routes/settings.js +++ b/src/routes/settings.js @@ -17,14 +17,10 @@ exports = module.exports = { setTimeZone: setTimeZone, getAppstoreConfig: getAppstoreConfig, - setAppstoreConfig: setAppstoreConfig, - - setAdminCertificate: setAdminCertificate + setAppstoreConfig: setAppstoreConfig }; var assert = require('assert'), - certificates = require('../certificates.js'), - CertificatesError = require('../certificates.js').CertificatesError, HttpError = require('connect-lastmile').HttpError, HttpSuccess = require('connect-lastmile').HttpSuccess, safe = require('safetydance'), @@ -176,18 +172,3 @@ function setAppstoreConfig(req, res, next) { }); }); } - -// only webadmin cert, until it can be treated just like a normal app -function setAdminCertificate(req, res, next) { - assert.strictEqual(typeof req.body, 'object'); - - if (!req.body.cert || typeof req.body.cert !== 'string') return next(new HttpError(400, 'cert must be a string')); - if (!req.body.key || typeof req.body.key !== 'string') return next(new HttpError(400, 'key must be a string')); - - certificates.setAdminCertificate(req.body.cert, req.body.key, function (error) { - if (error && error.reason === CertificatesError.INVALID_CERT) return next(new HttpError(400, error.message)); - if (error) return next(new HttpError(500, error)); - - next(new HttpSuccess(202, {})); - }); -} diff --git a/src/server.js b/src/server.js index bc119f8d7..71f0ab252 100644 --- a/src/server.js +++ b/src/server.js @@ -203,7 +203,6 @@ function initializeExpressSync() { router.get ('/api/v1/settings/backup_config', settingsScope, routes.user.requireAdmin, routes.settings.getBackupConfig); router.post('/api/v1/settings/backup_config', settingsScope, routes.user.requireAdmin, routes.settings.setBackupConfig); - router.post('/api/v1/settings/admin_certificate', settingsScope, routes.user.requireAdmin, routes.settings.setAdminCertificate); router.get ('/api/v1/settings/time_zone', settingsScope, routes.user.requireAdmin, routes.settings.getTimeZone); router.post('/api/v1/settings/time_zone', settingsScope, routes.user.requireAdmin, routes.settings.setTimeZone); router.get ('/api/v1/settings/appstore_config', settingsScope, routes.user.requireAdmin, routes.settings.getAppstoreConfig);