smeserver-certificate/contribs10/smeserver-certificate-0.0.4-Add-panel-for-SM2.patch

diff -urN smeserver-certificate-0.0.4.old/root/certificate.lex smeserver-certificate-0.0.4/root/certificate.lex
--- smeserver-certificate-0.0.4.old/root/certificate.lex        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/certificate.lex    2022-03-31 14:29:11.569660091 +0100
@@ -0,0 +1,56 @@
+'FORM_TITLE' => '      SSL certificates management',
+Certificate' => 
+'Manage  SSL certificates',
+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+<b>signal-event certificate-revert</b><br><br>
+',
+ERROR_OPEN_KEY' => 
+'Impossible to open the certificates',
+'DESC_DOMAIN_CRT' => 
+'Paste Here the full certificate (server.crt)',
+'LABEL_DOMAIN_CRT' => 
+'SSL certificate',
+'DESC_DOMAIN_KEY' => 
+'Paste Here the full private key (server.key)',
+    
+'LABEL_DOMAIN_KEY' => 
+'SSL private Key',
+'DESC_CERTIFICATE_CHAINFILE' => 
+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
+'LABEL_CERTIFICATE_CHAINFILE' => 
+'SSL intermediate chain certificate',
+    
+'SUCCESS-CERT-WRITTEN' => 
+'Success - New Certificate details written',
+'SUCCESS-CERT-DEFAULTED' => 
+'Success - Certificate reverted to self-signed',
+'FORM_TITLE' => '      SSL certificates management',
+Certificate' => 
+'Manage  SSL certificates',
+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+<b>signal-event certificate-revert</b><br><br>
+',
+ERROR_OPEN_KEY' => 
+'Impossible to open the certificates',
+'DESC_DOMAIN_CRT' => 
+'Paste Here the full certificate (server.crt)',
+'LABEL_DOMAIN_CRT' => 
+'SSL certificate',
+'DESC_DOMAIN_KEY' => 
+'Paste Here the full private key (server.key)',
+    
+'LABEL_DOMAIN_KEY' => 
+'SSL private Key',
+'DESC_CERTIFICATE_CHAINFILE' => 
+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
+'LABEL_CERTIFICATE_CHAINFILE' => 
+'SSL intermediate chain certificate',
+    
+'SUCCESS-CERT-WRITTEN' => 
+'Success - New Certificate details written',
+'SUCCESS-CERT-DEFAULTED' => 
+'Success - Certificate reverted to self-signed',
diff -urN smeserver-certificate-0.0.4.old/root/certificate.res smeserver-certificate-0.0.4/root/certificate.res
--- smeserver-certificate-0.0.4.old/root/certificate.res        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/certificate.res    2022-03-31 12:28:35.032909445 +0100
@@ -0,0 +1,69 @@
+<lexicon lang="en-us">
+    <entry>
+        <base>FORM_TITLE</base>
+        <trans>
+               SSL certificates management
+        </trans>
+    </entry>
+    <entry>
+        <base>Certificate</base>
+        <trans>Manage  SSL certificates</trans>
+    </entry> 
+    <entry>
+        <base>DESC_SSL_CERTIFICAT_CONFIG_PAGE</base>
+        <trans>
+         <![CDATA[This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+         If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+         In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+         <b>signal-event certificate-revert</b><br><br>]]>
+         
+        </trans>
+    </entry>
+
+    <entry>
+        <base>ERROR_OPEN_KEY</base>
+        <trans>Impossible to open the certificates</trans>
+    </entry>
+
+    <entry>
+        <base>DESC_DOMAIN_CRT</base>
+        <trans>Paste Here the full certificate (server.crt)</trans>
+    </entry> 
+
+    <entry>
+        <base>LABEL_DOMAIN_CRT</base>
+        <trans>SSL certificate</trans>
+    </entry> 
+
+    <entry>
+        <base>DESC_DOMAIN_KEY</base>
+        <trans>Paste Here the full private key (server.key)</trans>
+    </entry> 
+    
+    <entry>
+        <base>LABEL_DOMAIN_KEY</base>
+        <trans>SSL private Key</trans>
+    </entry> 
+
+    <entry>
+        <base>DESC_CERTIFICATE_CHAINFILE</base>
+        <trans>You may need the intermediate CA certificate as 'chain' certificate in your clientssl profile. Paste here the full chain file</trans>
+    </entry> 
+
+     <entry>
+        <base>LABEL_CERTIFICATE_CHAINFILE</base>
+        <trans>SSL intermediate chain certificate</trans>
+    </entry> 
+    
+    <entry>
+        <base>SUCCESS-CERT-WRITTEN</base>
+        <trans>Success - New Certificate details written</trans>
+    </entry> 
+
+    <entry>
+        <base>SUCCESS-CERT-DEFAULTED</base>
+        <trans>Success - Certificate reverted to self-signed</trans>
+    </entry> 
+
+</lexicon>
+
diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm
--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm       1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm   2022-04-16 11:52:00.000000000 +0100
@@ -0,0 +1,222 @@
+package SrvMngr::Controller::Certificate;
+
+#----------------------------------------------------------------------
+# heading     : Configuration
+# description : Certificate
+# navigation  : 6000 6750
+
+# name   : Certificate,    method : get,  url : /certificate,     ctlact : Certificate#main
+# name   : CertificateSave,    method : post,  url : /certificatesave,     ctlact : Certificate#save
+#
+# routes : end
+#
+#
+# Documentation: https://wiki.koozali.org/Certificatemanager
+#
+use strict;
+use warnings;
+use Mojo::Base 'Mojolicious::Controller';
+
+use constant FALSE => 0;
+use constant TRUE  => 1;
+
+use Locale::gettext;
+use SrvMngr::I18N;
+use SrvMngr qw(theme_list init_session);
+
+use Data::Dumper;
+use esmith::util;
+use esmith::HostsDB;
+use esmith::AccountsDB;
+use Net::Ping;
+use esmith::util::network qw(:all);
+use Socket qw( inet_aton );
+
+
+#our $adb = esmith::AccountsDB->open() or die("Unable to open accounts DB");
+
+my %certificate_data = ();
+
+our $ssl_crt = '/home/e-smith/ssl.crt';
+our $ssl_key = '/home/e-smith/ssl.key';
+our $config_db = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n";
+
+
+sub main {
+    #
+    # Initial page - full summary of parameters etc
+    # Initial para from the Wiki.
+    #
+    my $c = shift;
+    %certificate_data = ();
+    read_pem($c);
+       do_display($c);
+}
+
+sub do_display {
+    #
+    # Front parameters page
+    #
+    my $c = shift;
+    $c->app->log->info( $c->log_req );
+    my $title = $c->l("FORM_TITLE");
+    my $modul = '';
+    my $trt   = "SETTINGS";
+       our $db  = esmith::ConfigDB->open() or die("Unable to open Configuration DB");
+    $certificate_data{trt} = $trt;
+    $c->stash( title => $title, modul => $modul, certificate_data => \%certificate_data );
+    #die("here");
+       $c->render( template => 'certificate' );
+   
+}
+
+sub save{
+       #
+       # Save Cert details or revert to default
+       #
+    my $c = shift;
+       my $retmsg = write_pem($c);
+       if (index($retmsg,"SUCCESS") != -1){$certificate_data{success} = $retmsg;}
+       else {$certificate_data{error} = $retmsg;}
+       read_pem($c);
+       do_display($c);
+}
+       
+
+sub read_pem{
+       # Read in cert stuff to shared data
+    my $c = shift;
+    my $dir = '';
+    my $ret;
+    my $domain = $config_db->get_value('DomainName');
+
+       my $dir = $ssl_crt;
+       my $pem = "$domain.crt";
+       $certificate_data{"domain.crt"} = get_pem_file($dir,$pem);
+               
+       $dir = $ssl_key;
+       $pem = "$domain.crt";
+       $certificate_data{"domain.key"} = get_pem_file($dir,$pem);
+               
+       $dir = $ssl_crt;
+       $pem = "chain.pem";
+       $certificate_data{"chain.pem"} = get_pem_file($dir,$pem);
+
+    return "ok";
+}
+
+sub get_pem_file{
+       my $dir = shift;
+       my $pem = shift;
+       my $ret;
+       if (! open (PEM, "<$dir/$pem")){
+       #$fm->error('ERROR_OPEN_PEM','FIRST');
+       # Tell the user something bad has happened
+       return "";
+       }
+       while (<PEM>){
+               $ret .= $_;
+       }
+       close PEM;
+       return $ret;
+}
+
+
+sub write_pem{
+    my $q = shift;
+    my $domain = $config_db->get_value('DomainName')|| die "Couldn't open ConfigDB\n";
+
+    my $domain_crt  = $q->param('ca_crt');
+    my $domain_key = $q->param('ca_key');
+    my $chain_crt = $q->param('chain_crt_file');
+
+
+if (($domain_crt eq '') && ($domain_key eq ''))
+    {
+        my $ssl_crt     = '/home/e-smith/ssl.crt';
+        my $ssl_key     = '/home/e-smith/ssl.key';
+
+        my $domain      = $config_db->get_value('DomainName') || die "Couldn't open ConfigDB\n";
+        my $server      = $config_db->get_value('SystemName') || die "Couldn't open ConfigDB\n";
+
+        my $crt_path    = "$ssl_crt" . '/' . $domain . '.crt' || '';
+        my $key_path    = "$ssl_key" . '/' . $domain . '.key' || '';
+        my $chain_path  = "$ssl_crt" . '/chain.pem' || '';
+        
+        #we return to the default certificate of sme and we remove the db entry CertificateChainFile
+        system("/sbin/e-smith/db configuration delprop modSSL crt");
+        system("/sbin/e-smith/db configuration delprop modSSL key");
+        system("/sbin/e-smith/db configuration delprop modSSL CertificateChainFile");
+ 
+        system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem");
+        # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf");
+        # system("/sbin/service httpd-e-smith restart");
+        # system("/sbin/e-smith/signal-event ldap-update");
+        # system("/sbin/e-smith/signal-event email-update");
+        
+        system("/sbin/e-smith/signal-event ssl-update");
+
+               if (( -f $crt_path) && ( -f $key_path )) { 
+                system("/bin/rm $ssl_crt/$domain.crt");
+                system("/bin/rm $ssl_key/$domain.key");
+                system("/bin/rm $ssl_crt/chain.pem");
+               }
+        return 'SUCCESS-CERT-DEFAULTED';
+            
+    }
+
+elsif (($domain_crt ne '') && ($domain_key ne ''))
+    {
+        if (! open (CRT, ">$ssl_crt/$domain.crt")){
+            #$fm->error('ERROR_OPEN_KEY','FIRST');
+            # Tell the user something bad has happened
+             return 'ERROR_OPEN_KEY';
+            }
+        print CRT $domain_crt;
+        close CRT;
+
+        if (! open (KEY, ">$ssl_key/$domain.key")){
+            #$fm->error('ERROR_OPEN_KEY','FIRST');
+            # Tell the user something bad has happened
+             return 'ERROR_OPEN_KEY';
+        }
+        print KEY $domain_key;
+        close KEY;
+
+        if (! open (CHAIN, ">$ssl_crt/chain.pem")){
+            #$fm->error('ERROR_OPEN_KEY','FIRST');
+            # Tell the user something bad has happened
+             return 'ERROR_OPEN_KEY';
+        }
+        print CHAIN $chain_crt;
+        close CHAIN;
+        
+        # Restrict permissions on sensitive data
+        esmith::util::chownFile("root", "root","$ssl_key/$domain.key");
+        esmith::util::chownFile("root", "root","$ssl_crt/$domain.crt");
+        chmod 0600, "$ssl_key/$domain.key";
+        chmod 0600, "$ssl_crt/$domain.crt";
+        
+        #we load new certificates in db
+        system("/sbin/e-smith/db configuration setprop modSSL crt $ssl_crt/$domain.crt");
+        system("/sbin/e-smith/db configuration setprop modSSL key $ssl_key/$domain.key");
+        
+        #we look if the certificate chain file is not equal to nothing, if not we load in db
+        if  ($chain_crt ne '') {
+        system("/sbin/e-smith/db configuration setprop modSSL CertificateChainFile /home/e-smith/ssl.crt/chain.pem");
+        }
+        
+        system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem");
+        # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf");
+        # system("/sbin/service httpd-e-smith restart >/dev/null 2>&1");
+        # system("/sbin/service httpd-e-smith restart");
+        # system("/sbin/e-smith/signal-event ldap-update");
+        # system("/sbin/e-smith/signal-event email-update");
+
+        system("/sbin/e-smith/signal-event ssl-update");
+
+        return 'SUCCESS-CERT-WRITTEN';
+    }
+}
+
+1;
diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex
--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex     1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex 2022-03-31 14:29:11.000000000 +0100
@@ -0,0 +1,56 @@
+'FORM_TITLE' => '      SSL certificates management',
+Certificate' => 
+'Manage  SSL certificates',
+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+<b>signal-event certificate-revert</b><br><br>
+',
+ERROR_OPEN_KEY' => 
+'Impossible to open the certificates',
+'DESC_DOMAIN_CRT' => 
+'Paste Here the full certificate (server.crt)',
+'LABEL_DOMAIN_CRT' => 
+'SSL certificate',
+'DESC_DOMAIN_KEY' => 
+'Paste Here the full private key (server.key)',
+    
+'LABEL_DOMAIN_KEY' => 
+'SSL private Key',
+'DESC_CERTIFICATE_CHAINFILE' => 
+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
+'LABEL_CERTIFICATE_CHAINFILE' => 
+'SSL intermediate chain certificate',
+    
+'SUCCESS-CERT-WRITTEN' => 
+'Success - New Certificate details written',
+'SUCCESS-CERT-DEFAULTED' => 
+'Success - Certificate reverted to self-signed',
+'FORM_TITLE' => '      SSL certificates management',
+Certificate' => 
+'Manage  SSL certificates',
+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+<b>signal-event certificate-revert</b><br><br>
+',
+ERROR_OPEN_KEY' => 
+'Impossible to open the certificates',
+'DESC_DOMAIN_CRT' => 
+'Paste Here the full certificate (server.crt)',
+'LABEL_DOMAIN_CRT' => 
+'SSL certificate',
+'DESC_DOMAIN_KEY' => 
+'Paste Here the full private key (server.key)',
+    
+'LABEL_DOMAIN_KEY' => 
+'SSL private Key',
+'DESC_CERTIFICATE_CHAINFILE' => 
+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
+'LABEL_CERTIFICATE_CHAINFILE' => 
+'SSL intermediate chain certificate',
+    
+'SUCCESS-CERT-WRITTEN' => 
+'Success - New Certificate details written',
+'SUCCESS-CERT-DEFAULTED' => 
+'Success - Certificate reverted to self-signed',
diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep
--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep    2022-04-16 11:53:00.000000000 +0100
@@ -0,0 +1,101 @@
+% layout 'default', title => "Sme server 2 - Certificate Manager", share_dir => './';
+
+% content_for 'module' => begin
+
+<div id="module" class="module certificate-panel">
+
+    % if ($config->{debug} == 1) {
+       <p>
+               %= dumper $c->current_route
+       </p>
+    % }
+    
+    <h1><%=$title%></h1>
+     %= $modul
+     
+       %if ($certificate_data->{first}) {
+           <br><p>
+               %=$c->render_to_string(inline =>$c->l($certificate_data->{first}))
+               </p>
+
+       %} elsif ($certificate_data->{success}) {
+               <div class='sme-border'>
+              <h2> Operation Status Report - success</h2><p>
+                       <font color=green>   
+                       %= $c->l($certificate_data->{success});
+                       </font>
+                       </p>
+               </div>
+
+          %} elsif ($certificate_data->{error}) { 
+          <div class='sme-error'>
+              <h2> Operation Status Report - error</h2><p>
+                       <font color=red>   
+                       %= $c->l($certificate_data->{error});
+                       </font>
+                       </p>
+       </div>
+       
+          %} elsif ($certificate_data->{warning}) { 
+          <div class='sme-warning'>
+              <h2> Operation Status Report - warning</h2><p>
+                       <font color=orange>   
+                       %= $c->l($certificate_data->{warning});
+                       </font>
+                       </p>
+       </div>
+
+       %}
+    %= form_for '/certificatesave' => (method => 'POST') => begin
+               % my $btn = l('SAVE');
+               %== l 'DESC_SSL_CERTIFICAT_CONFIG_PAGE'
+               
+               <span class=label>
+                       <strong>
+                       %=l 'LABEL_DOMAIN_CRT'
+                       </strong>
+                       %=l 'DESC_DOMAIN_CRT'
+                       <br />
+               </span><span class=data>
+                       % param 'ca_crt' => $certificate_data->{'domain.crt'} unless param 'ca_crt';
+                       %= text_area  'ca_crt' , cols=>60, rows=>15
+               </span><br>
+               <br />
+
+               <span class=label>
+                       <strong>
+                       %=l 'LABEL_DOMAIN_KEY'
+                       </strong>
+                       %=l 'DESC_DOMAIN_KEY'
+               </span><span class=data>
+                       % param 'ca_key' => $certificate_data->{'domain.key'} unless param 'ca_key';
+                       %= text_area  'ca_key' , cols=>60, rows=>15
+               </span><br>
+               <br />
+
+               <span class=label>
+                       <strong>
+                       %=l 'LABEL_CERTIFICATE_CHAINFILE'
+                       </strong>
+                       %=l 'DESC_CERTIFICATE_CHAINFILE'
+               </span><span class=data>
+                       % param 'chain_crt_file' => $certificate_data->{'chain.pem'} unless param 'chain_crt_file';
+                       %= text_area  'chain_crt_file' , cols=>60, rows=>15
+               </span><br>
+               <br />
+               %= submit_button "$btn", class => 'action'
+       </div>
+%end
+
+%= stylesheet begin
+span.label {
+       width:46em;
+       font-weight:normal;
+}
+
+span.label strong {
+       text-align:left;
+}
+%end
+
+%end
\ No newline at end of file
1	diff -urN smeserver-certificate-0.0.4.old/root/certificate.lex smeserver-certificate-0.0.4/root/certificate.lex
2	--- smeserver-certificate-0.0.4.old/root/certificate.lex 1970-01-01 01:00:00.000000000 +0100
3	+++ smeserver-certificate-0.0.4/root/certificate.lex 2022-03-31 14:29:11.569660091 +0100
4	@@ -0,0 +1,56 @@
5	+'FORM_TITLE' => ' SSL certificates management',
6	+Certificate' =>
7	+'Manage SSL certificates',
8	+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
9	+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
10	+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
11	+<b>signal-event certificate-revert</b><br><br>
12	+',
13	+ERROR_OPEN_KEY' =>
14	+'Impossible to open the certificates',
15	+'DESC_DOMAIN_CRT' =>
16	+'Paste Here the full certificate (server.crt)',
17	+'LABEL_DOMAIN_CRT' =>
18	+'SSL certificate',
19	+'DESC_DOMAIN_KEY' =>
20	+'Paste Here the full private key (server.key)',
21	+
22	+'LABEL_DOMAIN_KEY' =>
23	+'SSL private Key',
24	+'DESC_CERTIFICATE_CHAINFILE' =>
25	+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
26	+'LABEL_CERTIFICATE_CHAINFILE' =>
27	+'SSL intermediate chain certificate',
28	+
29	+'SUCCESS-CERT-WRITTEN' =>
30	+'Success - New Certificate details written',
31	+'SUCCESS-CERT-DEFAULTED' =>
32	+'Success - Certificate reverted to self-signed',
33	+'FORM_TITLE' => ' SSL certificates management',
34	+Certificate' =>
35	+'Manage SSL certificates',
36	+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
37	+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
38	+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
39	+<b>signal-event certificate-revert</b><br><br>
40	+',
41	+ERROR_OPEN_KEY' =>
42	+'Impossible to open the certificates',
43	+'DESC_DOMAIN_CRT' =>
44	+'Paste Here the full certificate (server.crt)',
45	+'LABEL_DOMAIN_CRT' =>
46	+'SSL certificate',
47	+'DESC_DOMAIN_KEY' =>
48	+'Paste Here the full private key (server.key)',
49	+
50	+'LABEL_DOMAIN_KEY' =>
51	+'SSL private Key',
52	+'DESC_CERTIFICATE_CHAINFILE' =>
53	+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
54	+'LABEL_CERTIFICATE_CHAINFILE' =>
55	+'SSL intermediate chain certificate',
56	+
57	+'SUCCESS-CERT-WRITTEN' =>
58	+'Success - New Certificate details written',
59	+'SUCCESS-CERT-DEFAULTED' =>
60	+'Success - Certificate reverted to self-signed',
61	diff -urN smeserver-certificate-0.0.4.old/root/certificate.res smeserver-certificate-0.0.4/root/certificate.res
62	--- smeserver-certificate-0.0.4.old/root/certificate.res 1970-01-01 01:00:00.000000000 +0100
63	+++ smeserver-certificate-0.0.4/root/certificate.res 2022-03-31 12:28:35.032909445 +0100
64	@@ -0,0 +1,69 @@
65	+<lexicon lang="en-us">
66	+ <entry>
67	+ <base>FORM_TITLE</base>
68	+ <trans>
69	+ SSL certificates management
70	+ </trans>
71	+ </entry>
72	+ <entry>
73	+ <base>Certificate</base>
74	+ <trans>Manage SSL certificates</trans>
75	+ </entry>
76	+ <entry>
77	+ <base>DESC_SSL_CERTIFICAT_CONFIG_PAGE</base>
78	+ <trans>
79	+ <![CDATA[This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
80	+ If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
81	+ In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
82	+ <b>signal-event certificate-revert</b><br><br>]]>
83	+
84	+ </trans>
85	+ </entry>
86	+
87	+ <entry>
88	+ <base>ERROR_OPEN_KEY</base>
89	+ <trans>Impossible to open the certificates</trans>
90	+ </entry>
91	+
92	+ <entry>
93	+ <base>DESC_DOMAIN_CRT</base>
94	+ <trans>Paste Here the full certificate (server.crt)</trans>
95	+ </entry>
96	+
97	+ <entry>
98	+ <base>LABEL_DOMAIN_CRT</base>
99	+ <trans>SSL certificate</trans>
100	+ </entry>
101	+
102	+ <entry>
103	+ <base>DESC_DOMAIN_KEY</base>
104	+ <trans>Paste Here the full private key (server.key)</trans>
105	+ </entry>
106	+
107	+ <entry>
108	+ <base>LABEL_DOMAIN_KEY</base>
109	+ <trans>SSL private Key</trans>
110	+ </entry>
111	+
112	+ <entry>
113	+ <base>DESC_CERTIFICATE_CHAINFILE</base>
114	+ <trans>You may need the intermediate CA certificate as 'chain' certificate in your clientssl profile. Paste here the full chain file</trans>
115	+ </entry>
116	+
117	+ <entry>
118	+ <base>LABEL_CERTIFICATE_CHAINFILE</base>
119	+ <trans>SSL intermediate chain certificate</trans>
120	+ </entry>
121	+
122	+ <entry>
123	+ <base>SUCCESS-CERT-WRITTEN</base>
124	+ <trans>Success - New Certificate details written</trans>
125	+ </entry>
126	+
127	+ <entry>
128	+ <base>SUCCESS-CERT-DEFAULTED</base>
129	+ <trans>Success - Certificate reverted to self-signed</trans>
130	+ </entry>
131	+
132	+</lexicon>
133	+
134	diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm
135	--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm 1970-01-01 01:00:00.000000000 +0100
136	+++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm 2022-04-16 11:52:00.000000000 +0100
137	@@ -0,0 +1,222 @@
138	+package SrvMngr::Controller::Certificate;
139	+
140	+#----------------------------------------------------------------------
141	+# heading : Configuration
142	+# description : Certificate
143	+# navigation : 6000 6750
144	+
145	+# name : Certificate, method : get, url : /certificate, ctlact : Certificate#main
146	+# name : CertificateSave, method : post, url : /certificatesave, ctlact : Certificate#save
147	+#
148	+# routes : end
149	+#
150	+#
151	+# Documentation: https://wiki.koozali.org/Certificatemanager
152	+#
153	+use strict;
154	+use warnings;
155	+use Mojo::Base 'Mojolicious::Controller';
156	+
157	+use constant FALSE => 0;
158	+use constant TRUE => 1;
159	+
160	+use Locale::gettext;
161	+use SrvMngr::I18N;
162	+use SrvMngr qw(theme_list init_session);
163	+
164	+use Data::Dumper;
165	+use esmith::util;
166	+use esmith::HostsDB;
167	+use esmith::AccountsDB;
168	+use Net::Ping;
169	+use esmith::util::network qw(:all);
170	+use Socket qw( inet_aton );
171	+
172	+
173	+#our $adb = esmith::AccountsDB->open() or die("Unable to open accounts DB");
174	+
175	+my %certificate_data = ();
176	+
177	+our $ssl_crt = '/home/e-smith/ssl.crt';
178	+our $ssl_key = '/home/e-smith/ssl.key';
179	+our $config_db = esmith::ConfigDB->open \|\| die "Couldn't open ConfigDB\n";
180	+
181	+
182	+sub main {
183	+ #
184	+ # Initial page - full summary of parameters etc
185	+ # Initial para from the Wiki.
186	+ #
187	+ my $c = shift;
188	+ %certificate_data = ();
189	+ read_pem($c);
190	+ do_display($c);
191	+}
192	+
193	+sub do_display {
194	+ #
195	+ # Front parameters page
196	+ #
197	+ my $c = shift;
198	+ $c->app->log->info( $c->log_req );
199	+ my $title = $c->l("FORM_TITLE");
200	+ my $modul = '';
201	+ my $trt = "SETTINGS";
202	+ our $db = esmith::ConfigDB->open() or die("Unable to open Configuration DB");
203	+ $certificate_data{trt} = $trt;
204	+ $c->stash( title => $title, modul => $modul, certificate_data => \%certificate_data );
205	+ #die("here");
206	+ $c->render( template => 'certificate' );
207	+
208	+}
209	+
210	+sub save{
211	+ #
212	+ # Save Cert details or revert to default
213	+ #
214	+ my $c = shift;
215	+ my $retmsg = write_pem($c);
216	+ if (index($retmsg,"SUCCESS") != -1){$certificate_data{success} = $retmsg;}
217	+ else {$certificate_data{error} = $retmsg;}
218	+ read_pem($c);
219	+ do_display($c);
220	+}
221	+
222	+
223	+sub read_pem{
224	+ # Read in cert stuff to shared data
225	+ my $c = shift;
226	+ my $dir = '';
227	+ my $ret;
228	+ my $domain = $config_db->get_value('DomainName');
229	+
230	+ my $dir = $ssl_crt;
231	+ my $pem = "$domain.crt";
232	+ $certificate_data{"domain.crt"} = get_pem_file($dir,$pem);
233	+
234	+ $dir = $ssl_key;
235	+ $pem = "$domain.crt";
236	+ $certificate_data{"domain.key"} = get_pem_file($dir,$pem);
237	+
238	+ $dir = $ssl_crt;
239	+ $pem = "chain.pem";
240	+ $certificate_data{"chain.pem"} = get_pem_file($dir,$pem);
241	+
242	+ return "ok";
243	+}
244	+
245	+sub get_pem_file{
246	+ my $dir = shift;
247	+ my $pem = shift;
248	+ my $ret;
249	+ if (! open (PEM, "<$dir/$pem")){
250	+ #$fm->error('ERROR_OPEN_PEM','FIRST');
251	+ # Tell the user something bad has happened
252	+ return "";
253	+ }
254	+ while (<PEM>){
255	+ $ret .= $_;
256	+ }
257	+ close PEM;
258	+ return $ret;
259	+}
260	+
261	+
262	+sub write_pem{
263	+ my $q = shift;
264	+ my $domain = $config_db->get_value('DomainName')\|\| die "Couldn't open ConfigDB\n";
265	+
266	+ my $domain_crt = $q->param('ca_crt');
267	+ my $domain_key = $q->param('ca_key');
268	+ my $chain_crt = $q->param('chain_crt_file');
269	+
270	+
271	+if (($domain_crt eq '') && ($domain_key eq ''))
272	+ {
273	+ my $ssl_crt = '/home/e-smith/ssl.crt';
274	+ my $ssl_key = '/home/e-smith/ssl.key';
275	+
276	+ my $domain = $config_db->get_value('DomainName') \|\| die "Couldn't open ConfigDB\n";
277	+ my $server = $config_db->get_value('SystemName') \|\| die "Couldn't open ConfigDB\n";
278	+
279	+ my $crt_path = "$ssl_crt" . '/' . $domain . '.crt' \|\| '';
280	+ my $key_path = "$ssl_key" . '/' . $domain . '.key' \|\| '';
281	+ my $chain_path = "$ssl_crt" . '/chain.pem' \|\| '';
282	+
283	+ #we return to the default certificate of sme and we remove the db entry CertificateChainFile
284	+ system("/sbin/e-smith/db configuration delprop modSSL crt");
285	+ system("/sbin/e-smith/db configuration delprop modSSL key");
286	+ system("/sbin/e-smith/db configuration delprop modSSL CertificateChainFile");
287	+
288	+ system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem");
289	+ # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf");
290	+ # system("/sbin/service httpd-e-smith restart");
291	+ # system("/sbin/e-smith/signal-event ldap-update");
292	+ # system("/sbin/e-smith/signal-event email-update");
293	+
294	+ system("/sbin/e-smith/signal-event ssl-update");
295	+
296	+ if (( -f $crt_path) && ( -f $key_path )) {
297	+ system("/bin/rm $ssl_crt/$domain.crt");
298	+ system("/bin/rm $ssl_key/$domain.key");
299	+ system("/bin/rm $ssl_crt/chain.pem");
300	+ }
301	+ return 'SUCCESS-CERT-DEFAULTED';
302	+
303	+ }
304	+
305	+elsif (($domain_crt ne '') && ($domain_key ne ''))
306	+ {
307	+ if (! open (CRT, ">$ssl_crt/$domain.crt")){
308	+ #$fm->error('ERROR_OPEN_KEY','FIRST');
309	+ # Tell the user something bad has happened
310	+ return 'ERROR_OPEN_KEY';
311	+ }
312	+ print CRT $domain_crt;
313	+ close CRT;
314	+
315	+ if (! open (KEY, ">$ssl_key/$domain.key")){
316	+ #$fm->error('ERROR_OPEN_KEY','FIRST');
317	+ # Tell the user something bad has happened
318	+ return 'ERROR_OPEN_KEY';
319	+ }
320	+ print KEY $domain_key;
321	+ close KEY;
322	+
323	+ if (! open (CHAIN, ">$ssl_crt/chain.pem")){
324	+ #$fm->error('ERROR_OPEN_KEY','FIRST');
325	+ # Tell the user something bad has happened
326	+ return 'ERROR_OPEN_KEY';
327	+ }
328	+ print CHAIN $chain_crt;
329	+ close CHAIN;
330	+
331	+ # Restrict permissions on sensitive data
332	+ esmith::util::chownFile("root", "root","$ssl_key/$domain.key");
333	+ esmith::util::chownFile("root", "root","$ssl_crt/$domain.crt");
334	+ chmod 0600, "$ssl_key/$domain.key";
335	+ chmod 0600, "$ssl_crt/$domain.crt";
336	+
337	+ #we load new certificates in db
338	+ system("/sbin/e-smith/db configuration setprop modSSL crt $ssl_crt/$domain.crt");
339	+ system("/sbin/e-smith/db configuration setprop modSSL key $ssl_key/$domain.key");
340	+
341	+ #we look if the certificate chain file is not equal to nothing, if not we load in db
342	+ if ($chain_crt ne '') {
343	+ system("/sbin/e-smith/db configuration setprop modSSL CertificateChainFile /home/e-smith/ssl.crt/chain.pem");
344	+ }
345	+
346	+ system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem");
347	+ # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf");
348	+ # system("/sbin/service httpd-e-smith restart >/dev/null 2>&1");
349	+ # system("/sbin/service httpd-e-smith restart");
350	+ # system("/sbin/e-smith/signal-event ldap-update");
351	+ # system("/sbin/e-smith/signal-event email-update");
352	+
353	+ system("/sbin/e-smith/signal-event ssl-update");
354	+
355	+ return 'SUCCESS-CERT-WRITTEN';
356	+ }
357	+}
358	+
359	+1;
360	diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex
361	--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex 1970-01-01 01:00:00.000000000 +0100
362	+++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex 2022-03-31 14:29:11.000000000 +0100
363	@@ -0,0 +1,56 @@
364	+'FORM_TITLE' => ' SSL certificates management',
365	+Certificate' =>
366	+'Manage SSL certificates',
367	+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
368	+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
369	+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
370	+<b>signal-event certificate-revert</b><br><br>
371	+',
372	+ERROR_OPEN_KEY' =>
373	+'Impossible to open the certificates',
374	+'DESC_DOMAIN_CRT' =>
375	+'Paste Here the full certificate (server.crt)',
376	+'LABEL_DOMAIN_CRT' =>
377	+'SSL certificate',
378	+'DESC_DOMAIN_KEY' =>
379	+'Paste Here the full private key (server.key)',
380	+
381	+'LABEL_DOMAIN_KEY' =>
382	+'SSL private Key',
383	+'DESC_CERTIFICATE_CHAINFILE' =>
384	+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
385	+'LABEL_CERTIFICATE_CHAINFILE' =>
386	+'SSL intermediate chain certificate',
387	+
388	+'SUCCESS-CERT-WRITTEN' =>
389	+'Success - New Certificate details written',
390	+'SUCCESS-CERT-DEFAULTED' =>
391	+'Success - Certificate reverted to self-signed',
392	+'FORM_TITLE' => ' SSL certificates management',
393	+Certificate' =>
394	+'Manage SSL certificates',
395	+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
396	+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
397	+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
398	+<b>signal-event certificate-revert</b><br><br>
399	+',
400	+ERROR_OPEN_KEY' =>
401	+'Impossible to open the certificates',
402	+'DESC_DOMAIN_CRT' =>
403	+'Paste Here the full certificate (server.crt)',
404	+'LABEL_DOMAIN_CRT' =>
405	+'SSL certificate',
406	+'DESC_DOMAIN_KEY' =>
407	+'Paste Here the full private key (server.key)',
408	+
409	+'LABEL_DOMAIN_KEY' =>
410	+'SSL private Key',
411	+'DESC_CERTIFICATE_CHAINFILE' =>
412	+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
413	+'LABEL_CERTIFICATE_CHAINFILE' =>
414	+'SSL intermediate chain certificate',
415	+
416	+'SUCCESS-CERT-WRITTEN' =>
417	+'Success - New Certificate details written',
418	+'SUCCESS-CERT-DEFAULTED' =>
419	+'Success - Certificate reverted to self-signed',
420	diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep
421	--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep 1970-01-01 01:00:00.000000000 +0100
422	+++ smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep 2022-04-16 11:53:00.000000000 +0100
423	@@ -0,0 +1,101 @@
424	+% layout 'default', title => "Sme server 2 - Certificate Manager", share_dir => './';
425	+
426	+% content_for 'module' => begin
427	+
428	+<div id="module" class="module certificate-panel">
429	+
430	+ % if ($config->{debug} == 1) {
431	+ <p>
432	+ %= dumper $c->current_route
433	+ </p>
434	+ % }
435	+
436	+ <h1><%=$title%></h1>
437	+ %= $modul
438	+
439	+ %if ($certificate_data->{first}) {
440	+ <br><p>
441	+ %=$c->render_to_string(inline =>$c->l($certificate_data->{first}))
442	+ </p>
443	+
444	+ %} elsif ($certificate_data->{success}) {
445	+ <div class='sme-border'>
446	+ <h2> Operation Status Report - success</h2><p>
447	+ <font color=green>
448	+ %= $c->l($certificate_data->{success});
449	+ </font>
450	+ </p>
451	+ </div>
452	+
453	+ %} elsif ($certificate_data->{error}) {
454	+ <div class='sme-error'>
455	+ <h2> Operation Status Report - error</h2><p>
456	+ <font color=red>
457	+ %= $c->l($certificate_data->{error});
458	+ </font>
459	+ </p>
460	+ </div>
461	+
462	+ %} elsif ($certificate_data->{warning}) {
463	+ <div class='sme-warning'>
464	+ <h2> Operation Status Report - warning</h2><p>
465	+ <font color=orange>
466	+ %= $c->l($certificate_data->{warning});
467	+ </font>
468	+ </p>
469	+ </div>
470	+
471	+ %}
472	+ %= form_for '/certificatesave' => (method => 'POST') => begin
473	+ % my $btn = l('SAVE');
474	+ %== l 'DESC_SSL_CERTIFICAT_CONFIG_PAGE'
475	+
476	+ <span class=label>
477	+ <strong>
478	+ %=l 'LABEL_DOMAIN_CRT'
479	+ </strong>
480	+ %=l 'DESC_DOMAIN_CRT'
481	+ <br />
482	+ </span><span class=data>
483	+ % param 'ca_crt' => $certificate_data->{'domain.crt'} unless param 'ca_crt';
484	+ %= text_area 'ca_crt' , cols=>60, rows=>15
485	+ </span><br>
486	+ <br />
487	+
488	+ <span class=label>
489	+ <strong>
490	+ %=l 'LABEL_DOMAIN_KEY'
491	+ </strong>
492	+ %=l 'DESC_DOMAIN_KEY'
493	+ </span><span class=data>
494	+ % param 'ca_key' => $certificate_data->{'domain.key'} unless param 'ca_key';
495	+ %= text_area 'ca_key' , cols=>60, rows=>15
496	+ </span><br>
497	+ <br />
498	+
499	+ <span class=label>
500	+ <strong>
501	+ %=l 'LABEL_CERTIFICATE_CHAINFILE'
502	+ </strong>
503	+ %=l 'DESC_CERTIFICATE_CHAINFILE'
504	+ </span><span class=data>
505	+ % param 'chain_crt_file' => $certificate_data->{'chain.pem'} unless param 'chain_crt_file';
506	+ %= text_area 'chain_crt_file' , cols=>60, rows=>15
507	+ </span><br>
508	+ <br />
509	+ %= submit_button "$btn", class => 'action'
510	+ </div>
511	+%end
512	+
513	+%= stylesheet begin
514	+span.label {
515	+ width:46em;
516	+ font-weight:normal;
517	+}
518	+
519	+span.label strong {
520	+ text-align:left;
521	+}
522	+%end
523	+
524	+%end
525	\ No newline at end of file