implement per-domain-ssl-certificates in the cronjobs, refs #365

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

lib/classes/webserver/class.ConfigIO.php

@@ -57,6 +57,32 @@ class ConfigIO {
 
 		// old htpasswd files
 		$this->_cleanHtpasswdFiles();
+
+		// customer-specified ssl-certificates
+		$this->_cleanCustomerSslCerts();
+	}
+
+	/**
+	 * remove customer-specified auto-generated ssl-certificates
+	 * (they are being regenerated)
+	 *
+	 * @return null
+	 */
+	private function _cleanCustomerSslCerts() {
+
+		// get correct directory
+		$configdir = $this->_getFile('system', 'customer_ssl_path');
+		if ($configdir !== false) {
+
+			$configdir = makeCorrectDir($configdir);
+
+			if (@is_dir($configdir)) {
+				// now get rid of old stuff
+				//(but append /* so we don't delete the directory)
+				$configdir.='/*';
+				safe_exec('rm -rf '. makeCorrectFile($configdir));
+			}
+		}
 	}
 
 	/**
@@ -126,7 +152,7 @@ class ConfigIO {
 	 * @return null
 	 */
 	private function _cleanAwstatsFiles() {
-		
+
 		if ($this->_settings['system']['awstats_enabled'] == '0') {
 			return;
 		}
@@ -182,13 +208,13 @@ class ConfigIO {
 		if ($configdir !== false) {
 
 			$configdir = makeCorrectDir($configdir);
-	
+
 			if (@is_dir($configdir)) {
 				// create directory iterator
 				$its = new RecursiveIteratorIterator(
 						new RecursiveDirectoryIterator($configdir)
 				);
-	
+
 				// iterate through all subdirs,
 				// look for php-fcgi-starter files
 				// and take immutable-flag away from them
@@ -199,7 +225,7 @@ class ConfigIO {
 						removeImmutable($its->getPathname());
 					}
 				}
-	
+
 				// now get rid of old stuff
 				//(but append /* so we don't delete the directory)
 				$configdir.='/*';

lib/classes/webserver/class.DomainSSL.php

@@ -0,0 +1,113 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ * @since      0.9.29
+ *
+ */
+
+class DomainSSL {
+
+	/**
+	 * internal settings array
+	 *
+	 * @var array
+	 */
+	private $_settings = null;
+
+	/**
+	 * internal database object
+	 *
+	 * @var db
+	 */
+	private $_db = null;
+
+	/**
+	 * constructor gets the froxlor settings as array
+	 * and the initialized database object
+	 */
+	public function __construct(array $settings = null, $db = null) {
+		$this->_settings = $settings;
+		$this->_db = $db;
+	}
+
+	/**
+	 * read domain-related (or if empty, parentdomain-related) ssl-certificates from the database
+	 * and (if not empty) set the corresponding array-indices (ssl_cert_file, ssl_key_file,
+	 * ssl_ca_file and ssl_cert_chainfile). Hence the parameter as reference.
+	 *
+	 * @param array $domain domain-array as reference so we can set the corresponding array-indices
+	 *
+	 * @return null
+	 */
+	public function setDomainSSLFilesArray(array &$domain = null) {
+		// check if the domain itself has a certificate defined
+		$dom_certs = $this->_db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` ='".$domain['id']."'");
+		if (!is_array($dom_certs)
+				|| !isset($dom_certs['ssl_cert_file'])
+				|| $dom_certs['ssl_cert_file'] == ''
+		) {
+			// maybe its parent?
+			if ($domain['parentdomainid'] != 0) {
+				$dom_certs = $this->_db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` ='".$domain['parentdomainid']."'");
+			}
+		}
+
+		// check if it's an array and if the most important field is set
+		if (is_array($dom_certs)
+				&& isset($dom_certs['ssl_cert_file'])
+				&& $dom_certs['ssl_cert_file'] != ''
+		) {
+			// get destination path
+			$sslcertpath = makeCorrectDir($this->_settings['system']['customer_ssl_path']);
+			// create path if it does not exist
+			if (!file_exists($sslcertpath)) {
+				safe_exec('mkdir -p '.escapeshellarg($sslcertpath));
+			}
+			// make correct files for the certificates
+			$ssl_files = array(
+					'ssl_cert_file' => makeCorrectFile($sslcertpath.'/'.$domain['domain'].'.crt'),
+					'ssl_key_file' => makeCorrectFile($sslcertpath.'/'.$domain['domain'].'.key')
+			);
+			// initialize optional files
+			$ssl_files['ssl_ca_file'] = '';
+			$ssl_files['ssl_cert_chainfile'] = '';
+			// set them if they are != empty
+			if ($dom_certs['ssl_ca_file'] != '') {
+				$ssl_files['ssl_ca_file'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_CA.pem');
+			}
+			if ($dom_certs['ssl_cert_chainfile'] != '') {
+				$ssl_files['ssl_cert_chainfile'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_chain.pem');
+			}
+			// create them on the filesystem
+			foreach ($ssl_files as $type => $filename) {
+				if ($filename != '') {
+					touch($filename);
+					$_fh = fopen($filename, 'w');
+					fwrite($_fh, $dom_certs[$type]);
+					fclose($_fh);
+					chmod($filename, 0600);
+				}
+			}
+			// override corresponding array values
+			$domain['ssl_cert_file'] = $ssl_files['ssl_cert_file'];
+			$domain['ssl_key_file'] = $ssl_files['ssl_key_file'];
+			$domain['ssl_ca_file'] = $ssl_files['ssl_ca_file'];
+			$domain['ssl_cert_chainfile'] = $ssl_files['ssl_cert_chainfile'];
+		}
+
+		return;
+	}
+}

scripts/jobs/cron_tasks.inc.http.10.apache.php

@@ -603,6 +603,12 @@ class apache
 		// #418
 		$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
 
+		// SSL STUFF
+		$dssl = new DomainSSL($this->settings, $this->db);
+		// this sets the ssl-related array-indices in the $domain array
+		// if the domain has customer-defined ssl-certificates
+		$dssl->setDomainSSLFilesArray($domain);
+
 		if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
 			$ipport = '[' . $domain['ip'] . ']:' . $domain['port'];
 		} else {

scripts/jobs/cron_tasks.inc.http.20.lighttpd.php

@@ -397,6 +397,12 @@ class lighttpd
 		$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
 		$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
 
+		// SSL STUFF
+		$dssl = new DomainSSL($this->settings, $this->db);
+		// this sets the ssl-related array-indices in the $domain array
+		// if the domain has customer-defined ssl-certificates
+		$dssl->setDomainSSLFilesArray($domain);
+
 		if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
 			$ipport = '[' . $domain['ip'] . ']:' . $domain['port'];
 		} else {

scripts/jobs/cron_tasks.inc.http.30.nginx.php

@@ -364,6 +364,12 @@ class nginx
 		$domain['port'] = $ipandport['port'];
 		$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
 
+		// SSL STUFF
+		$dssl = new DomainSSL($this->settings, $this->db);
+		// this sets the ssl-related array-indices in the $domain array
+		// if the domain has customer-defined ssl-certificates
+		$dssl->setDomainSSLFilesArray($domain);
+
 		if (filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
 			$ipport = '[' . $domain['ip'] . ']:' . $domain['port'];
 		} else {