diff -urN smeserver-certificate-0.0.4.old/root/certificate.lex smeserver-certificate-0.0.4/root/certificate.lex --- smeserver-certificate-0.0.4.old/root/certificate.lex 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-certificate-0.0.4/root/certificate.lex 2022-03-31 14:29:11.569660091 +0100 @@ -0,0 +1,56 @@ +'FORM_TITLE' => ' SSL certificates management', +Certificate' => +'Manage SSL certificates', +'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.
+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate :

+signal-event certificate-revert

+', +ERROR_OPEN_KEY' => +'Impossible to open the certificates', +'DESC_DOMAIN_CRT' => +'Paste Here the full certificate (server.crt)', +'LABEL_DOMAIN_CRT' => +'SSL certificate', +'DESC_DOMAIN_KEY' => +'Paste Here the full private key (server.key)', + +'LABEL_DOMAIN_KEY' => +'SSL private Key', +'DESC_CERTIFICATE_CHAINFILE' => +'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file', +'LABEL_CERTIFICATE_CHAINFILE' => +'SSL intermediate chain certificate', + +'SUCCESS-CERT-WRITTEN' => +'Success - New Certificate details written', +'SUCCESS-CERT-DEFAULTED' => +'Success - Certificate reverted to self-signed', +'FORM_TITLE' => ' SSL certificates management', +Certificate' => +'Manage SSL certificates', +'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.
+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate :

+signal-event certificate-revert

+', +ERROR_OPEN_KEY' => +'Impossible to open the certificates', +'DESC_DOMAIN_CRT' => +'Paste Here the full certificate (server.crt)', +'LABEL_DOMAIN_CRT' => +'SSL certificate', +'DESC_DOMAIN_KEY' => +'Paste Here the full private key (server.key)', + +'LABEL_DOMAIN_KEY' => +'SSL private Key', +'DESC_CERTIFICATE_CHAINFILE' => +'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file', +'LABEL_CERTIFICATE_CHAINFILE' => +'SSL intermediate chain certificate', + +'SUCCESS-CERT-WRITTEN' => +'Success - New Certificate details written', +'SUCCESS-CERT-DEFAULTED' => +'Success - Certificate reverted to self-signed', diff -urN smeserver-certificate-0.0.4.old/root/certificate.res smeserver-certificate-0.0.4/root/certificate.res --- smeserver-certificate-0.0.4.old/root/certificate.res 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-certificate-0.0.4/root/certificate.res 2022-03-31 12:28:35.032909445 +0100 @@ -0,0 +1,69 @@ + + + FORM_TITLE + + SSL certificates management + + + + Certificate + Manage SSL certificates + + + DESC_SSL_CERTIFICAT_CONFIG_PAGE + + + If you want to get back to the default SME Server certificates, simply blank all the contents and press save.
+ In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate :

+ signal-event certificate-revert

]]> + + + + + + ERROR_OPEN_KEY + Impossible to open the certificates + + + + DESC_DOMAIN_CRT + Paste Here the full certificate (server.crt) + + + + LABEL_DOMAIN_CRT + SSL certificate + + + + DESC_DOMAIN_KEY + Paste Here the full private key (server.key) + + + + LABEL_DOMAIN_KEY + SSL private Key + + + + DESC_CERTIFICATE_CHAINFILE + You may need the intermediate CA certificate as 'chain' certificate in your clientssl profile. Paste here the full chain file + + + + LABEL_CERTIFICATE_CHAINFILE + SSL intermediate chain certificate + + + + SUCCESS-CERT-WRITTEN + Success - New Certificate details written + + + + SUCCESS-CERT-DEFAULTED + Success - Certificate reverted to self-signed + + + + diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm --- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm 2022-04-16 11:52:00.000000000 +0100 @@ -0,0 +1,222 @@ +package SrvMngr::Controller::Certificate; + +#---------------------------------------------------------------------- +# heading : Configuration +# description : Certificate +# navigation : 6000 6750 + +# name : Certificate, method : get, url : /certificate, ctlact : Certificate#main +# name : CertificateSave, method : post, url : /certificatesave, ctlact : Certificate#save +# +# routes : end +# +# +# Documentation: https://wiki.koozali.org/Certificatemanager +# +use strict; +use warnings; +use Mojo::Base 'Mojolicious::Controller'; + +use constant FALSE => 0; +use constant TRUE => 1; + +use Locale::gettext; +use SrvMngr::I18N; +use SrvMngr qw(theme_list init_session); + +use Data::Dumper; +use esmith::util; +use esmith::HostsDB; +use esmith::AccountsDB; +use Net::Ping; +use esmith::util::network qw(:all); +use Socket qw( inet_aton ); + + +#our $adb = esmith::AccountsDB->open() or die("Unable to open accounts DB"); + +my %certificate_data = (); + +our $ssl_crt = '/home/e-smith/ssl.crt'; +our $ssl_key = '/home/e-smith/ssl.key'; +our $config_db = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n"; + + +sub main { + # + # Initial page - full summary of parameters etc + # Initial para from the Wiki. + # + my $c = shift; + %certificate_data = (); + read_pem($c); + do_display($c); +} + +sub do_display { + # + # Front parameters page + # + my $c = shift; + $c->app->log->info( $c->log_req ); + my $title = $c->l("FORM_TITLE"); + my $modul = ''; + my $trt = "SETTINGS"; + our $db = esmith::ConfigDB->open() or die("Unable to open Configuration DB"); + $certificate_data{trt} = $trt; + $c->stash( title => $title, modul => $modul, certificate_data => \%certificate_data ); + #die("here"); + $c->render( template => 'certificate' ); + +} + +sub save{ + # + # Save Cert details or revert to default + # + my $c = shift; + my $retmsg = write_pem($c); + if (index($retmsg,"SUCCESS") != -1){$certificate_data{success} = $retmsg;} + else {$certificate_data{error} = $retmsg;} + read_pem($c); + do_display($c); +} + + +sub read_pem{ + # Read in cert stuff to shared data + my $c = shift; + my $dir = ''; + my $ret; + my $domain = $config_db->get_value('DomainName'); + + my $dir = $ssl_crt; + my $pem = "$domain.crt"; + $certificate_data{"domain.crt"} = get_pem_file($dir,$pem); + + $dir = $ssl_key; + $pem = "$domain.crt"; + $certificate_data{"domain.key"} = get_pem_file($dir,$pem); + + $dir = $ssl_crt; + $pem = "chain.pem"; + $certificate_data{"chain.pem"} = get_pem_file($dir,$pem); + + return "ok"; +} + +sub get_pem_file{ + my $dir = shift; + my $pem = shift; + my $ret; + if (! open (PEM, "<$dir/$pem")){ + #$fm->error('ERROR_OPEN_PEM','FIRST'); + # Tell the user something bad has happened + return ""; + } + while (){ + $ret .= $_; + } + close PEM; + return $ret; +} + + +sub write_pem{ + my $q = shift; + my $domain = $config_db->get_value('DomainName')|| die "Couldn't open ConfigDB\n"; + + my $domain_crt = $q->param('ca_crt'); + my $domain_key = $q->param('ca_key'); + my $chain_crt = $q->param('chain_crt_file'); + + +if (($domain_crt eq '') && ($domain_key eq '')) + { + my $ssl_crt = '/home/e-smith/ssl.crt'; + my $ssl_key = '/home/e-smith/ssl.key'; + + my $domain = $config_db->get_value('DomainName') || die "Couldn't open ConfigDB\n"; + my $server = $config_db->get_value('SystemName') || die "Couldn't open ConfigDB\n"; + + my $crt_path = "$ssl_crt" . '/' . $domain . '.crt' || ''; + my $key_path = "$ssl_key" . '/' . $domain . '.key' || ''; + my $chain_path = "$ssl_crt" . '/chain.pem' || ''; + + #we return to the default certificate of sme and we remove the db entry CertificateChainFile + system("/sbin/e-smith/db configuration delprop modSSL crt"); + system("/sbin/e-smith/db configuration delprop modSSL key"); + system("/sbin/e-smith/db configuration delprop modSSL CertificateChainFile"); + + system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem"); + # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf"); + # system("/sbin/service httpd-e-smith restart"); + # system("/sbin/e-smith/signal-event ldap-update"); + # system("/sbin/e-smith/signal-event email-update"); + + system("/sbin/e-smith/signal-event ssl-update"); + + if (( -f $crt_path) && ( -f $key_path )) { + system("/bin/rm $ssl_crt/$domain.crt"); + system("/bin/rm $ssl_key/$domain.key"); + system("/bin/rm $ssl_crt/chain.pem"); + } + return 'SUCCESS-CERT-DEFAULTED'; + + } + +elsif (($domain_crt ne '') && ($domain_key ne '')) + { + if (! open (CRT, ">$ssl_crt/$domain.crt")){ + #$fm->error('ERROR_OPEN_KEY','FIRST'); + # Tell the user something bad has happened + return 'ERROR_OPEN_KEY'; + } + print CRT $domain_crt; + close CRT; + + if (! open (KEY, ">$ssl_key/$domain.key")){ + #$fm->error('ERROR_OPEN_KEY','FIRST'); + # Tell the user something bad has happened + return 'ERROR_OPEN_KEY'; + } + print KEY $domain_key; + close KEY; + + if (! open (CHAIN, ">$ssl_crt/chain.pem")){ + #$fm->error('ERROR_OPEN_KEY','FIRST'); + # Tell the user something bad has happened + return 'ERROR_OPEN_KEY'; + } + print CHAIN $chain_crt; + close CHAIN; + + # Restrict permissions on sensitive data + esmith::util::chownFile("root", "root","$ssl_key/$domain.key"); + esmith::util::chownFile("root", "root","$ssl_crt/$domain.crt"); + chmod 0600, "$ssl_key/$domain.key"; + chmod 0600, "$ssl_crt/$domain.crt"; + + #we load new certificates in db + system("/sbin/e-smith/db configuration setprop modSSL crt $ssl_crt/$domain.crt"); + system("/sbin/e-smith/db configuration setprop modSSL key $ssl_key/$domain.key"); + + #we look if the certificate chain file is not equal to nothing, if not we load in db + if ($chain_crt ne '') { + system("/sbin/e-smith/db configuration setprop modSSL CertificateChainFile /home/e-smith/ssl.crt/chain.pem"); + } + + system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem"); + # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf"); + # system("/sbin/service httpd-e-smith restart >/dev/null 2>&1"); + # system("/sbin/service httpd-e-smith restart"); + # system("/sbin/e-smith/signal-event ldap-update"); + # system("/sbin/e-smith/signal-event email-update"); + + system("/sbin/e-smith/signal-event ssl-update"); + + return 'SUCCESS-CERT-WRITTEN'; + } +} + +1; diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex --- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex 2022-03-31 14:29:11.000000000 +0100 @@ -0,0 +1,56 @@ +'FORM_TITLE' => ' SSL certificates management', +Certificate' => +'Manage SSL certificates', +'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.
+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate :

+signal-event certificate-revert

+', +ERROR_OPEN_KEY' => +'Impossible to open the certificates', +'DESC_DOMAIN_CRT' => +'Paste Here the full certificate (server.crt)', +'LABEL_DOMAIN_CRT' => +'SSL certificate', +'DESC_DOMAIN_KEY' => +'Paste Here the full private key (server.key)', + +'LABEL_DOMAIN_KEY' => +'SSL private Key', +'DESC_CERTIFICATE_CHAINFILE' => +'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file', +'LABEL_CERTIFICATE_CHAINFILE' => +'SSL intermediate chain certificate', + +'SUCCESS-CERT-WRITTEN' => +'Success - New Certificate details written', +'SUCCESS-CERT-DEFAULTED' => +'Success - Certificate reverted to self-signed', +'FORM_TITLE' => ' SSL certificates management', +Certificate' => +'Manage SSL certificates', +'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.
+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate :

+signal-event certificate-revert

+', +ERROR_OPEN_KEY' => +'Impossible to open the certificates', +'DESC_DOMAIN_CRT' => +'Paste Here the full certificate (server.crt)', +'LABEL_DOMAIN_CRT' => +'SSL certificate', +'DESC_DOMAIN_KEY' => +'Paste Here the full private key (server.key)', + +'LABEL_DOMAIN_KEY' => +'SSL private Key', +'DESC_CERTIFICATE_CHAINFILE' => +'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file', +'LABEL_CERTIFICATE_CHAINFILE' => +'SSL intermediate chain certificate', + +'SUCCESS-CERT-WRITTEN' => +'Success - New Certificate details written', +'SUCCESS-CERT-DEFAULTED' => +'Success - Certificate reverted to self-signed', diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep --- smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep 2022-04-16 11:53:00.000000000 +0100 @@ -0,0 +1,101 @@ +% layout 'default', title => "Sme server 2 - Certificate Manager", share_dir => './'; + +% content_for 'module' => begin + +
+ + % if ($config->{debug} == 1) { +

+ %= dumper $c->current_route +

+ % } + +

<%=$title%>

+ %= $modul + + %if ($certificate_data->{first}) { +

+ %=$c->render_to_string(inline =>$c->l($certificate_data->{first})) +

+ + %} elsif ($certificate_data->{success}) { +
+

Operation Status Report - success

+ + %= $c->l($certificate_data->{success}); + +

+
+ + %} elsif ($certificate_data->{error}) { +
+

Operation Status Report - error

+ + %= $c->l($certificate_data->{error}); + +

+
+ + %} elsif ($certificate_data->{warning}) { +
+

Operation Status Report - warning

+ + %= $c->l($certificate_data->{warning}); + +

+
+ + %} + %= form_for '/certificatesave' => (method => 'POST') => begin + % my $btn = l('SAVE'); + %== l 'DESC_SSL_CERTIFICAT_CONFIG_PAGE' + + + + %=l 'LABEL_DOMAIN_CRT' + + %=l 'DESC_DOMAIN_CRT' +
+ + % param 'ca_crt' => $certificate_data->{'domain.crt'} unless param 'ca_crt'; + %= text_area 'ca_crt' , cols=>60, rows=>15 +
+
+ + + + %=l 'LABEL_DOMAIN_KEY' + + %=l 'DESC_DOMAIN_KEY' + + % param 'ca_key' => $certificate_data->{'domain.key'} unless param 'ca_key'; + %= text_area 'ca_key' , cols=>60, rows=>15 +
+
+ + + + %=l 'LABEL_CERTIFICATE_CHAINFILE' + + %=l 'DESC_CERTIFICATE_CHAINFILE' + + % param 'chain_crt_file' => $certificate_data->{'chain.pem'} unless param 'chain_crt_file'; + %= text_area 'chain_crt_file' , cols=>60, rows=>15 +
+
+ %= submit_button "$btn", class => 'action' +
+%end + +%= stylesheet begin +span.label { + width:46em; + font-weight:normal; +} + +span.label strong { + text-align:left; +} +%end + +%end \ No newline at end of file