diff --git a/src/apps.js b/src/apps.js index 08c88c427..1bcb28cf2 100644 --- a/src/apps.js +++ b/src/apps.js @@ -509,8 +509,8 @@ function install(data, auditSource, callback) { // save cert to data/box/certs if (cert && key) { - if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.cert'), cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message)); - if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.key'), key)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving key: ' + safe.error.message)); + if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.user.cert'), cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message)); + if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.user.key'), key)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving key: ' + safe.error.message)); } taskmanager.restartAppTask(appId); @@ -583,11 +583,11 @@ function configure(appId, data, auditSource, callback) { error = certificates.validateCertificate(data.cert, data.key, config.appFqdn(location)); if (error) return callback(new AppsError(AppsError.BAD_CERTIFICATE, error.message)); - if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.cert'), data.cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message)); - if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.key'), data.key)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving key: ' + safe.error.message)); + if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.user.cert'), data.cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message)); + if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.user.key'), data.key)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving key: ' + safe.error.message)); } else { // remove existing cert/key - if (!safe.fs.unlinkSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.cert'))) debug('Error removing cert: ' + safe.error.message); - if (!safe.fs.unlinkSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.key'))) debug('Error removing key: ' + safe.error.message); + if (!safe.fs.unlinkSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.user.cert'))) debug('Error removing cert: ' + safe.error.message); + if (!safe.fs.unlinkSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.user.key'))) debug('Error removing key: ' + safe.error.message); } } diff --git a/src/certificates.js b/src/certificates.js index f5201e2b2..8f0ee83d0 100644 --- a/src/certificates.js +++ b/src/certificates.js @@ -140,8 +140,18 @@ function renewAll(auditSource, callback) { var expiringApps = [ ]; for (var i = 0; i < allApps.length; i++) { var appDomain = allApps[i].altDomain || config.appFqdn(allApps[i].location); - var certFilePath = path.join(paths.APP_CERTS_DIR, appDomain + '.cert'); - var keyFilePath = path.join(paths.APP_CERTS_DIR, appDomain + '.key'); + + var certFilePath = path.join(paths.APP_CERTS_DIR, appDomain + '.user.cert'); + var keyFilePath = path.join(paths.APP_CERTS_DIR, appDomain + '.user.key'); + + if (safe.fs.existsSync(certFilePath) && safe.fs.existsSync(keyFilePath)) { + debug('renewAll: existing user key file for %s. skipping', appDomain); + continue; + } + + // check if we have an auto cert to be renewed + certFilePath = path.join(paths.APP_CERTS_DIR, appDomain + '.cert'); + keyFilePath = path.join(paths.APP_CERTS_DIR, appDomain + '.key'); if (!safe.fs.existsSync(keyFilePath)) { debug('renewAll: no existing key file for %s. skipping', appDomain); @@ -310,14 +320,21 @@ function ensureCertificate(app, callback) { var domain = app.altDomain || config.appFqdn(app.location); - // check if user uploaded a specific cert. ideally, we should not mix user certs and automatic certs as we do here... - var userCertFilePath = path.join(paths.APP_CERTS_DIR, domain + '.cert'); - var userKeyFilePath = path.join(paths.APP_CERTS_DIR, domain + '.key'); + var certFilePath = path.join(paths.APP_CERTS_DIR, domain + '.user.cert'); + var keyFilePath = path.join(paths.APP_CERTS_DIR, domain + '.user.key'); - if (fs.existsSync(userCertFilePath) && fs.existsSync(userKeyFilePath)) { - debug('ensureCertificate: %s. certificate already exists at %s', domain, userKeyFilePath); + if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) { + debug('ensureCertificate: %s. user certificate already exists at %s', domain, keyFilePath); + return callback(null, certFilePath, keyFilePath); + } - if (!isExpiringSync(userCertFilePath, 24 * 1)) return callback(null, userCertFilePath, userKeyFilePath); + certFilePath = path.join(paths.APP_CERTS_DIR, domain + '.cert'); + keyFilePath = path.join(paths.APP_CERTS_DIR, domain + '.key'); + + if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) { + debug('ensureCertificate: %s. certificate already exists at %s', domain, keyFilePath); + + if (!isExpiringSync(certFilePath, 24 * 1)) return callback(null, certFilePath, keyFilePath); } debug('ensureCertificate: %s cert require renewal', domain);