smeserver-certificate/contribs10/smeserver-certificate-0.0.4-Add-panel-for-SM2.patch

diff -urN smeserver-certificate-0.0.4.old/root/certificate.lex smeserver-certificate-0.0.4/root/certificate.lex
--- smeserver-certificate-0.0.4.old/root/certificate.lex        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/certificate.lex    2022-03-31 14:29:11.569660091 +0100
@@ -0,0 +1,56 @@
+'FORM_TITLE' => '      SSL certificates management',
+Certificate' => 
+'Manage  SSL certificates',
+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+<b>signal-event certificate-revert</b><br><br>
+',
+ERROR_OPEN_KEY' => 
+'Impossible to open the certificates',
+'DESC_DOMAIN_CRT' => 
+'Paste Here the full certificate (server.crt)',
+'LABEL_DOMAIN_CRT' => 
+'SSL certificate',
+'DESC_DOMAIN_KEY' => 
+'Paste Here the full private key (server.key)',
+    
+'LABEL_DOMAIN_KEY' => 
+'SSL private Key',
+'DESC_CERTIFICATE_CHAINFILE' => 
+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
+'LABEL_CERTIFICATE_CHAINFILE' => 
+'SSL intermediate chain certificate',
+    
+'SUCCESS-CERT-WRITTEN' => 
+'Success - New Certificate details written',
+'SUCCESS-CERT-DEFAULTED' => 
+'Success - Certificate reverted to self-signed',
+'FORM_TITLE' => '      SSL certificates management',
+Certificate' => 
+'Manage  SSL certificates',
+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+<b>signal-event certificate-revert</b><br><br>
+',
+ERROR_OPEN_KEY' => 
+'Impossible to open the certificates',
+'DESC_DOMAIN_CRT' => 
+'Paste Here the full certificate (server.crt)',
+'LABEL_DOMAIN_CRT' => 
+'SSL certificate',
+'DESC_DOMAIN_KEY' => 
+'Paste Here the full private key (server.key)',
+    
+'LABEL_DOMAIN_KEY' => 
+'SSL private Key',
+'DESC_CERTIFICATE_CHAINFILE' => 
+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
+'LABEL_CERTIFICATE_CHAINFILE' => 
+'SSL intermediate chain certificate',
+    
+'SUCCESS-CERT-WRITTEN' => 
+'Success - New Certificate details written',
+'SUCCESS-CERT-DEFAULTED' => 
+'Success - Certificate reverted to self-signed',
diff -urN smeserver-certificate-0.0.4.old/root/certificate.res smeserver-certificate-0.0.4/root/certificate.res
--- smeserver-certificate-0.0.4.old/root/certificate.res        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/certificate.res    2022-03-31 12:28:35.032909445 +0100
@@ -0,0 +1,69 @@
+<lexicon lang="en-us">
+    <entry>
+        <base>FORM_TITLE</base>
+        <trans>
+               SSL certificates management
+        </trans>
+    </entry>
+    <entry>
+        <base>Certificate</base>
+        <trans>Manage  SSL certificates</trans>
+    </entry> 
+    <entry>
+        <base>DESC_SSL_CERTIFICAT_CONFIG_PAGE</base>
+        <trans>
+         <![CDATA[This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+         If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+         In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+         <b>signal-event certificate-revert</b><br><br>]]>
+         
+        </trans>
+    </entry>
+
+    <entry>
+        <base>ERROR_OPEN_KEY</base>
+        <trans>Impossible to open the certificates</trans>
+    </entry>
+
+    <entry>
+        <base>DESC_DOMAIN_CRT</base>
+        <trans>Paste Here the full certificate (server.crt)</trans>
+    </entry> 
+
+    <entry>
+        <base>LABEL_DOMAIN_CRT</base>
+        <trans>SSL certificate</trans>
+    </entry> 
+
+    <entry>
+        <base>DESC_DOMAIN_KEY</base>
+        <trans>Paste Here the full private key (server.key)</trans>
+    </entry> 
+    
+    <entry>
+        <base>LABEL_DOMAIN_KEY</base>
+        <trans>SSL private Key</trans>
+    </entry> 
+
+    <entry>
+        <base>DESC_CERTIFICATE_CHAINFILE</base>
+        <trans>You may need the intermediate CA certificate as 'chain' certificate in your clientssl profile. Paste here the full chain file</trans>
+    </entry> 
+
+     <entry>
+        <base>LABEL_CERTIFICATE_CHAINFILE</base>
+        <trans>SSL intermediate chain certificate</trans>
+    </entry> 
+    
+    <entry>
+        <base>SUCCESS-CERT-WRITTEN</base>
+        <trans>Success - New Certificate details written</trans>
+    </entry> 
+
+    <entry>
+        <base>SUCCESS-CERT-DEFAULTED</base>
+        <trans>Success - Certificate reverted to self-signed</trans>
+    </entry> 
+
+</lexicon>
+
diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm
--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm       1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm   2022-04-16 11:52:00.000000000 +0100
@@ -0,0 +1,222 @@
+package SrvMngr::Controller::Certificate;
+
+#----------------------------------------------------------------------
+# heading     : Configuration
+# description : Certificate
+# navigation  : 6000 6750
+
+# name   : Certificate,    method : get,  url : /certificate,     ctlact : Certificate#main
+# name   : CertificateSave,    method : post,  url : /certificatesave,     ctlact : Certificate#save
+#
+# routes : end
+#
+#
+# Documentation: https://wiki.koozali.org/Certificatemanager
+#
+use strict;
+use warnings;
+use Mojo::Base 'Mojolicious::Controller';
+
+use constant FALSE => 0;
+use constant TRUE  => 1;
+
+use Locale::gettext;
+use SrvMngr::I18N;
+use SrvMngr qw(theme_list init_session);
+
+use Data::Dumper;
+use esmith::util;
+use esmith::HostsDB;
+use esmith::AccountsDB;
+use Net::Ping;
+use esmith::util::network qw(:all);
+use Socket qw( inet_aton );
+
+
+#our $adb = esmith::AccountsDB->open() or die("Unable to open accounts DB");
+
+my %certificate_data = ();
+
+our $ssl_crt = '/home/e-smith/ssl.crt';
+our $ssl_key = '/home/e-smith/ssl.key';
+our $config_db = esmith::ConfigDB->open || die "Couldn't open ConfigDB\n";
+
+
+sub main {
+    #
+    # Initial page - full summary of parameters etc
+    # Initial para from the Wiki.
+    #
+    my $c = shift;
+    %certificate_data = ();
+    read_pem($c);
+       do_display($c);
+}
+
+sub do_display {
+    #
+    # Front parameters page
+    #
+    my $c = shift;
+    $c->app->log->info( $c->log_req );
+    my $title = $c->l("FORM_TITLE");
+    my $modul = '';
+    my $trt   = "SETTINGS";
+       our $db  = esmith::ConfigDB->open() or die("Unable to open Configuration DB");
+    $certificate_data{trt} = $trt;
+    $c->stash( title => $title, modul => $modul, certificate_data => \%certificate_data );
+    #die("here");
+       $c->render( template => 'certificate' );
+   
+}
+
+sub save{
+       #
+       # Save Cert details or revert to default
+       #
+    my $c = shift;
+       my $retmsg = write_pem($c);
+       if (index($retmsg,"SUCCESS") != -1){$certificate_data{success} = $retmsg;}
+       else {$certificate_data{error} = $retmsg;}
+       read_pem($c);
+       do_display($c);
+}
+       
+
+sub read_pem{
+       # Read in cert stuff to shared data
+    my $c = shift;
+    my $dir = '';
+    my $ret;
+    my $domain = $config_db->get_value('DomainName');
+
+       my $dir = $ssl_crt;
+       my $pem = "$domain.crt";
+       $certificate_data{"domain.crt"} = get_pem_file($dir,$pem);
+               
+       $dir = $ssl_key;
+       $pem = "$domain.crt";
+       $certificate_data{"domain.key"} = get_pem_file($dir,$pem);
+               
+       $dir = $ssl_crt;
+       $pem = "chain.pem";
+       $certificate_data{"chain.pem"} = get_pem_file($dir,$pem);
+
+    return "ok";
+}
+
+sub get_pem_file{
+       my $dir = shift;
+       my $pem = shift;
+       my $ret;
+       if (! open (PEM, "<$dir/$pem")){
+       #$fm->error('ERROR_OPEN_PEM','FIRST');
+       # Tell the user something bad has happened
+       return "";
+       }
+       while (<PEM>){
+               $ret .= $_;
+       }
+       close PEM;
+       return $ret;
+}
+
+
+sub write_pem{
+    my $q = shift;
+    my $domain = $config_db->get_value('DomainName')|| die "Couldn't open ConfigDB\n";
+
+    my $domain_crt  = $q->param('ca_crt');
+    my $domain_key = $q->param('ca_key');
+    my $chain_crt = $q->param('chain_crt_file');
+
+
+if (($domain_crt eq '') && ($domain_key eq ''))
+    {
+        my $ssl_crt     = '/home/e-smith/ssl.crt';
+        my $ssl_key     = '/home/e-smith/ssl.key';
+
+        my $domain      = $config_db->get_value('DomainName') || die "Couldn't open ConfigDB\n";
+        my $server      = $config_db->get_value('SystemName') || die "Couldn't open ConfigDB\n";
+
+        my $crt_path    = "$ssl_crt" . '/' . $domain . '.crt' || '';
+        my $key_path    = "$ssl_key" . '/' . $domain . '.key' || '';
+        my $chain_path  = "$ssl_crt" . '/chain.pem' || '';
+        
+        #we return to the default certificate of sme and we remove the db entry CertificateChainFile
+        system("/sbin/e-smith/db configuration delprop modSSL crt");
+        system("/sbin/e-smith/db configuration delprop modSSL key");
+        system("/sbin/e-smith/db configuration delprop modSSL CertificateChainFile");
+ 
+        system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem");
+        # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf");
+        # system("/sbin/service httpd-e-smith restart");
+        # system("/sbin/e-smith/signal-event ldap-update");
+        # system("/sbin/e-smith/signal-event email-update");
+        
+        system("/sbin/e-smith/signal-event ssl-update");
+
+               if (( -f $crt_path) && ( -f $key_path )) { 
+                system("/bin/rm $ssl_crt/$domain.crt");
+                system("/bin/rm $ssl_key/$domain.key");
+                system("/bin/rm $ssl_crt/chain.pem");
+               }
+        return 'SUCCESS-CERT-DEFAULTED';
+            
+    }
+
+elsif (($domain_crt ne '') && ($domain_key ne ''))
+    {
+        if (! open (CRT, ">$ssl_crt/$domain.crt")){
+            #$fm->error('ERROR_OPEN_KEY','FIRST');
+            # Tell the user something bad has happened
+             return 'ERROR_OPEN_KEY';
+            }
+        print CRT $domain_crt;
+        close CRT;
+
+        if (! open (KEY, ">$ssl_key/$domain.key")){
+            #$fm->error('ERROR_OPEN_KEY','FIRST');
+            # Tell the user something bad has happened
+             return 'ERROR_OPEN_KEY';
+        }
+        print KEY $domain_key;
+        close KEY;
+
+        if (! open (CHAIN, ">$ssl_crt/chain.pem")){
+            #$fm->error('ERROR_OPEN_KEY','FIRST');
+            # Tell the user something bad has happened
+             return 'ERROR_OPEN_KEY';
+        }
+        print CHAIN $chain_crt;
+        close CHAIN;
+        
+        # Restrict permissions on sensitive data
+        esmith::util::chownFile("root", "root","$ssl_key/$domain.key");
+        esmith::util::chownFile("root", "root","$ssl_crt/$domain.crt");
+        chmod 0600, "$ssl_key/$domain.key";
+        chmod 0600, "$ssl_crt/$domain.crt";
+        
+        #we load new certificates in db
+        system("/sbin/e-smith/db configuration setprop modSSL crt $ssl_crt/$domain.crt");
+        system("/sbin/e-smith/db configuration setprop modSSL key $ssl_key/$domain.key");
+        
+        #we look if the certificate chain file is not equal to nothing, if not we load in db
+        if  ($chain_crt ne '') {
+        system("/sbin/e-smith/db configuration setprop modSSL CertificateChainFile /home/e-smith/ssl.crt/chain.pem");
+        }
+        
+        system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem");
+        # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf");
+        # system("/sbin/service httpd-e-smith restart >/dev/null 2>&1");
+        # system("/sbin/service httpd-e-smith restart");
+        # system("/sbin/e-smith/signal-event ldap-update");
+        # system("/sbin/e-smith/signal-event email-update");
+
+        system("/sbin/e-smith/signal-event ssl-update");
+
+        return 'SUCCESS-CERT-WRITTEN';
+    }
+}
+
+1;
diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex
--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex     1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex 2022-03-31 14:29:11.000000000 +0100
@@ -0,0 +1,56 @@
+'FORM_TITLE' => '      SSL certificates management',
+Certificate' => 
+'Manage  SSL certificates',
+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+<b>signal-event certificate-revert</b><br><br>
+',
+ERROR_OPEN_KEY' => 
+'Impossible to open the certificates',
+'DESC_DOMAIN_CRT' => 
+'Paste Here the full certificate (server.crt)',
+'LABEL_DOMAIN_CRT' => 
+'SSL certificate',
+'DESC_DOMAIN_KEY' => 
+'Paste Here the full private key (server.key)',
+    
+'LABEL_DOMAIN_KEY' => 
+'SSL private Key',
+'DESC_CERTIFICATE_CHAINFILE' => 
+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
+'LABEL_CERTIFICATE_CHAINFILE' => 
+'SSL intermediate chain certificate',
+    
+'SUCCESS-CERT-WRITTEN' => 
+'Success - New Certificate details written',
+'SUCCESS-CERT-DEFAULTED' => 
+'Success - Certificate reverted to self-signed',
+'FORM_TITLE' => '      SSL certificates management',
+Certificate' => 
+'Manage  SSL certificates',
+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of  SSL certificates if you need to use commercial Certificates by example.<br>
+If you want to get back to the  default SME Server certificates, simply blank all the contents and press save.<br>
+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
+<b>signal-event certificate-revert</b><br><br>
+',
+ERROR_OPEN_KEY' => 
+'Impossible to open the certificates',
+'DESC_DOMAIN_CRT' => 
+'Paste Here the full certificate (server.crt)',
+'LABEL_DOMAIN_CRT' => 
+'SSL certificate',
+'DESC_DOMAIN_KEY' => 
+'Paste Here the full private key (server.key)',
+    
+'LABEL_DOMAIN_KEY' => 
+'SSL private Key',
+'DESC_CERTIFICATE_CHAINFILE' => 
+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
+'LABEL_CERTIFICATE_CHAINFILE' => 
+'SSL intermediate chain certificate',
+    
+'SUCCESS-CERT-WRITTEN' => 
+'Success - New Certificate details written',
+'SUCCESS-CERT-DEFAULTED' => 
+'Success - Certificate reverted to self-signed',
diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep
--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep        1970-01-01 01:00:00.000000000 +0100
+++ smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep    2022-04-16 11:53:00.000000000 +0100
@@ -0,0 +1,101 @@
+% layout 'default', title => "Sme server 2 - Certificate Manager", share_dir => './';
+
+% content_for 'module' => begin
+
+<div id="module" class="module certificate-panel">
+
+    % if ($config->{debug} == 1) {
+       <p>
+               %= dumper $c->current_route
+       </p>
+    % }
+    
+    <h1><%=$title%></h1>
+     %= $modul
+     
+       %if ($certificate_data->{first}) {
+           <br><p>
+               %=$c->render_to_string(inline =>$c->l($certificate_data->{first}))
+               </p>
+
+       %} elsif ($certificate_data->{success}) {
+               <div class='sme-border'>
+              <h2> Operation Status Report - success</h2><p>
+                       <font color=green>   
+                       %= $c->l($certificate_data->{success});
+                       </font>
+                       </p>
+               </div>
+
+          %} elsif ($certificate_data->{error}) { 
+          <div class='sme-error'>
+              <h2> Operation Status Report - error</h2><p>
+                       <font color=red>   
+                       %= $c->l($certificate_data->{error});
+                       </font>
+                       </p>
+       </div>
+       
+          %} elsif ($certificate_data->{warning}) { 
+          <div class='sme-warning'>
+              <h2> Operation Status Report - warning</h2><p>
+                       <font color=orange>   
+                       %= $c->l($certificate_data->{warning});
+                       </font>
+                       </p>
+       </div>
+
+       %}
+    %= form_for '/certificatesave' => (method => 'POST') => begin
+               % my $btn = l('SAVE');
+               %== l 'DESC_SSL_CERTIFICAT_CONFIG_PAGE'
+               
+               <span class=label>
+                       <strong>
+                       %=l 'LABEL_DOMAIN_CRT'
+                       </strong>
+                       %=l 'DESC_DOMAIN_CRT'
+                       <br />
+               </span><span class=data>
+                       % param 'ca_crt' => $certificate_data->{'domain.crt'} unless param 'ca_crt';
+                       %= text_area  'ca_crt' , cols=>60, rows=>15
+               </span><br>
+               <br />
+
+               <span class=label>
+                       <strong>
+                       %=l 'LABEL_DOMAIN_KEY'
+                       </strong>
+                       %=l 'DESC_DOMAIN_KEY'
+               </span><span class=data>
+                       % param 'ca_key' => $certificate_data->{'domain.key'} unless param 'ca_key';
+                       %= text_area  'ca_key' , cols=>60, rows=>15
+               </span><br>
+               <br />
+
+               <span class=label>
+                       <strong>
+                       %=l 'LABEL_CERTIFICATE_CHAINFILE'
+                       </strong>
+                       %=l 'DESC_CERTIFICATE_CHAINFILE'
+               </span><span class=data>
+                       % param 'chain_crt_file' => $certificate_data->{'chain.pem'} unless param 'chain_crt_file';
+                       %= text_area  'chain_crt_file' , cols=>60, rows=>15
+               </span><br>
+               <br />
+               %= submit_button "$btn", class => 'action'
+       </div>
+%end
+
+%= stylesheet begin
+span.label {
+       width:46em;
+       font-weight:normal;
+}
+
+span.label strong {
+       text-align:left;
+}
+%end
+
+%end
\ No newline at end of file
1	brianr	1.1	diff -urN smeserver-certificate-0.0.4.old/root/certificate.lex smeserver-certificate-0.0.4/root/certificate.lex
2			--- smeserver-certificate-0.0.4.old/root/certificate.lex 1970-01-01 01:00:00.000000000 +0100
3			+++ smeserver-certificate-0.0.4/root/certificate.lex 2022-03-31 14:29:11.569660091 +0100
4			@@ -0,0 +1,56 @@
5			+'FORM_TITLE' => ' SSL certificates management',
6			+Certificate' =>
7			+'Manage SSL certificates',
8			+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
9			+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
10			+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
11			+<b>signal-event certificate-revert</b><br><br>
12			+',
13			+ERROR_OPEN_KEY' =>
14			+'Impossible to open the certificates',
15			+'DESC_DOMAIN_CRT' =>
16			+'Paste Here the full certificate (server.crt)',
17			+'LABEL_DOMAIN_CRT' =>
18			+'SSL certificate',
19			+'DESC_DOMAIN_KEY' =>
20			+'Paste Here the full private key (server.key)',
21			+
22			+'LABEL_DOMAIN_KEY' =>
23			+'SSL private Key',
24			+'DESC_CERTIFICATE_CHAINFILE' =>
25			+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
26			+'LABEL_CERTIFICATE_CHAINFILE' =>
27			+'SSL intermediate chain certificate',
28			+
29			+'SUCCESS-CERT-WRITTEN' =>
30			+'Success - New Certificate details written',
31			+'SUCCESS-CERT-DEFAULTED' =>
32			+'Success - Certificate reverted to self-signed',
33			+'FORM_TITLE' => ' SSL certificates management',
34			+Certificate' =>
35			+'Manage SSL certificates',
36			+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
37			+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
38			+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
39			+<b>signal-event certificate-revert</b><br><br>
40			+',
41			+ERROR_OPEN_KEY' =>
42			+'Impossible to open the certificates',
43			+'DESC_DOMAIN_CRT' =>
44			+'Paste Here the full certificate (server.crt)',
45			+'LABEL_DOMAIN_CRT' =>
46			+'SSL certificate',
47			+'DESC_DOMAIN_KEY' =>
48			+'Paste Here the full private key (server.key)',
49			+
50			+'LABEL_DOMAIN_KEY' =>
51			+'SSL private Key',
52			+'DESC_CERTIFICATE_CHAINFILE' =>
53			+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
54			+'LABEL_CERTIFICATE_CHAINFILE' =>
55			+'SSL intermediate chain certificate',
56			+
57			+'SUCCESS-CERT-WRITTEN' =>
58			+'Success - New Certificate details written',
59			+'SUCCESS-CERT-DEFAULTED' =>
60			+'Success - Certificate reverted to self-signed',
61			diff -urN smeserver-certificate-0.0.4.old/root/certificate.res smeserver-certificate-0.0.4/root/certificate.res
62			--- smeserver-certificate-0.0.4.old/root/certificate.res 1970-01-01 01:00:00.000000000 +0100
63			+++ smeserver-certificate-0.0.4/root/certificate.res 2022-03-31 12:28:35.032909445 +0100
64			@@ -0,0 +1,69 @@
65			+<lexicon lang="en-us">
66			+ <entry>
67			+ <base>FORM_TITLE</base>
68			+ <trans>
69			+ SSL certificates management
70			+ </trans>
71			+ </entry>
72			+ <entry>
73			+ <base>Certificate</base>
74			+ <trans>Manage SSL certificates</trans>
75			+ </entry>
76			+ <entry>
77			+ <base>DESC_SSL_CERTIFICAT_CONFIG_PAGE</base>
78			+ <trans>
79			+ <![CDATA[This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
80			+ If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
81			+ In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
82			+ <b>signal-event certificate-revert</b><br><br>]]>
83			+
84			+ </trans>
85			+ </entry>
86			+
87			+ <entry>
88			+ <base>ERROR_OPEN_KEY</base>
89			+ <trans>Impossible to open the certificates</trans>
90			+ </entry>
91			+
92			+ <entry>
93			+ <base>DESC_DOMAIN_CRT</base>
94			+ <trans>Paste Here the full certificate (server.crt)</trans>
95			+ </entry>
96			+
97			+ <entry>
98			+ <base>LABEL_DOMAIN_CRT</base>
99			+ <trans>SSL certificate</trans>
100			+ </entry>
101			+
102			+ <entry>
103			+ <base>DESC_DOMAIN_KEY</base>
104			+ <trans>Paste Here the full private key (server.key)</trans>
105			+ </entry>
106			+
107			+ <entry>
108			+ <base>LABEL_DOMAIN_KEY</base>
109			+ <trans>SSL private Key</trans>
110			+ </entry>
111			+
112			+ <entry>
113			+ <base>DESC_CERTIFICATE_CHAINFILE</base>
114			+ <trans>You may need the intermediate CA certificate as 'chain' certificate in your clientssl profile. Paste here the full chain file</trans>
115			+ </entry>
116			+
117			+ <entry>
118			+ <base>LABEL_CERTIFICATE_CHAINFILE</base>
119			+ <trans>SSL intermediate chain certificate</trans>
120			+ </entry>
121			+
122			+ <entry>
123			+ <base>SUCCESS-CERT-WRITTEN</base>
124			+ <trans>Success - New Certificate details written</trans>
125			+ </entry>
126			+
127			+ <entry>
128			+ <base>SUCCESS-CERT-DEFAULTED</base>
129			+ <trans>Success - Certificate reverted to self-signed</trans>
130			+ </entry>
131			+
132			+</lexicon>
133			+
134			diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm
135			--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm 1970-01-01 01:00:00.000000000 +0100
136			+++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/Controller/Certificate.pm 2022-04-16 11:52:00.000000000 +0100
137			@@ -0,0 +1,222 @@
138			+package SrvMngr::Controller::Certificate;
139			+
140			+#----------------------------------------------------------------------
141			+# heading : Configuration
142			+# description : Certificate
143			+# navigation : 6000 6750
144			+
145			+# name : Certificate, method : get, url : /certificate, ctlact : Certificate#main
146			+# name : CertificateSave, method : post, url : /certificatesave, ctlact : Certificate#save
147			+#
148			+# routes : end
149			+#
150			+#
151			+# Documentation: https://wiki.koozali.org/Certificatemanager
152			+#
153			+use strict;
154			+use warnings;
155			+use Mojo::Base 'Mojolicious::Controller';
156			+
157			+use constant FALSE => 0;
158			+use constant TRUE => 1;
159			+
160			+use Locale::gettext;
161			+use SrvMngr::I18N;
162			+use SrvMngr qw(theme_list init_session);
163			+
164			+use Data::Dumper;
165			+use esmith::util;
166			+use esmith::HostsDB;
167			+use esmith::AccountsDB;
168			+use Net::Ping;
169			+use esmith::util::network qw(:all);
170			+use Socket qw( inet_aton );
171			+
172			+
173			+#our $adb = esmith::AccountsDB->open() or die("Unable to open accounts DB");
174			+
175			+my %certificate_data = ();
176			+
177			+our $ssl_crt = '/home/e-smith/ssl.crt';
178			+our $ssl_key = '/home/e-smith/ssl.key';
179			+our $config_db = esmith::ConfigDB->open \|\| die "Couldn't open ConfigDB\n";
180			+
181			+
182			+sub main {
183			+ #
184			+ # Initial page - full summary of parameters etc
185			+ # Initial para from the Wiki.
186			+ #
187			+ my $c = shift;
188			+ %certificate_data = ();
189			+ read_pem($c);
190			+ do_display($c);
191			+}
192			+
193			+sub do_display {
194			+ #
195			+ # Front parameters page
196			+ #
197			+ my $c = shift;
198			+ $c->app->log->info( $c->log_req );
199			+ my $title = $c->l("FORM_TITLE");
200			+ my $modul = '';
201			+ my $trt = "SETTINGS";
202			+ our $db = esmith::ConfigDB->open() or die("Unable to open Configuration DB");
203			+ $certificate_data{trt} = $trt;
204			+ $c->stash( title => $title, modul => $modul, certificate_data => \%certificate_data );
205			+ #die("here");
206			+ $c->render( template => 'certificate' );
207			+
208			+}
209			+
210			+sub save{
211			+ #
212			+ # Save Cert details or revert to default
213			+ #
214			+ my $c = shift;
215			+ my $retmsg = write_pem($c);
216			+ if (index($retmsg,"SUCCESS") != -1){$certificate_data{success} = $retmsg;}
217			+ else {$certificate_data{error} = $retmsg;}
218			+ read_pem($c);
219			+ do_display($c);
220			+}
221			+
222			+
223			+sub read_pem{
224			+ # Read in cert stuff to shared data
225			+ my $c = shift;
226			+ my $dir = '';
227			+ my $ret;
228			+ my $domain = $config_db->get_value('DomainName');
229			+
230			+ my $dir = $ssl_crt;
231			+ my $pem = "$domain.crt";
232			+ $certificate_data{"domain.crt"} = get_pem_file($dir,$pem);
233			+
234			+ $dir = $ssl_key;
235			+ $pem = "$domain.crt";
236			+ $certificate_data{"domain.key"} = get_pem_file($dir,$pem);
237			+
238			+ $dir = $ssl_crt;
239			+ $pem = "chain.pem";
240			+ $certificate_data{"chain.pem"} = get_pem_file($dir,$pem);
241			+
242			+ return "ok";
243			+}
244			+
245			+sub get_pem_file{
246			+ my $dir = shift;
247			+ my $pem = shift;
248			+ my $ret;
249			+ if (! open (PEM, "<$dir/$pem")){
250			+ #$fm->error('ERROR_OPEN_PEM','FIRST');
251			+ # Tell the user something bad has happened
252			+ return "";
253			+ }
254			+ while (<PEM>){
255			+ $ret .= $_;
256			+ }
257			+ close PEM;
258			+ return $ret;
259			+}
260			+
261			+
262			+sub write_pem{
263			+ my $q = shift;
264			+ my $domain = $config_db->get_value('DomainName')\|\| die "Couldn't open ConfigDB\n";
265			+
266			+ my $domain_crt = $q->param('ca_crt');
267			+ my $domain_key = $q->param('ca_key');
268			+ my $chain_crt = $q->param('chain_crt_file');
269			+
270			+
271			+if (($domain_crt eq '') && ($domain_key eq ''))
272			+ {
273			+ my $ssl_crt = '/home/e-smith/ssl.crt';
274			+ my $ssl_key = '/home/e-smith/ssl.key';
275			+
276			+ my $domain = $config_db->get_value('DomainName') \|\| die "Couldn't open ConfigDB\n";
277			+ my $server = $config_db->get_value('SystemName') \|\| die "Couldn't open ConfigDB\n";
278			+
279			+ my $crt_path = "$ssl_crt" . '/' . $domain . '.crt' \|\| '';
280			+ my $key_path = "$ssl_key" . '/' . $domain . '.key' \|\| '';
281			+ my $chain_path = "$ssl_crt" . '/chain.pem' \|\| '';
282			+
283			+ #we return to the default certificate of sme and we remove the db entry CertificateChainFile
284			+ system("/sbin/e-smith/db configuration delprop modSSL crt");
285			+ system("/sbin/e-smith/db configuration delprop modSSL key");
286			+ system("/sbin/e-smith/db configuration delprop modSSL CertificateChainFile");
287			+
288			+ system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem");
289			+ # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf");
290			+ # system("/sbin/service httpd-e-smith restart");
291			+ # system("/sbin/e-smith/signal-event ldap-update");
292			+ # system("/sbin/e-smith/signal-event email-update");
293			+
294			+ system("/sbin/e-smith/signal-event ssl-update");
295			+
296			+ if (( -f $crt_path) && ( -f $key_path )) {
297			+ system("/bin/rm $ssl_crt/$domain.crt");
298			+ system("/bin/rm $ssl_key/$domain.key");
299			+ system("/bin/rm $ssl_crt/chain.pem");
300			+ }
301			+ return 'SUCCESS-CERT-DEFAULTED';
302			+
303			+ }
304			+
305			+elsif (($domain_crt ne '') && ($domain_key ne ''))
306			+ {
307			+ if (! open (CRT, ">$ssl_crt/$domain.crt")){
308			+ #$fm->error('ERROR_OPEN_KEY','FIRST');
309			+ # Tell the user something bad has happened
310			+ return 'ERROR_OPEN_KEY';
311			+ }
312			+ print CRT $domain_crt;
313			+ close CRT;
314			+
315			+ if (! open (KEY, ">$ssl_key/$domain.key")){
316			+ #$fm->error('ERROR_OPEN_KEY','FIRST');
317			+ # Tell the user something bad has happened
318			+ return 'ERROR_OPEN_KEY';
319			+ }
320			+ print KEY $domain_key;
321			+ close KEY;
322			+
323			+ if (! open (CHAIN, ">$ssl_crt/chain.pem")){
324			+ #$fm->error('ERROR_OPEN_KEY','FIRST');
325			+ # Tell the user something bad has happened
326			+ return 'ERROR_OPEN_KEY';
327			+ }
328			+ print CHAIN $chain_crt;
329			+ close CHAIN;
330			+
331			+ # Restrict permissions on sensitive data
332			+ esmith::util::chownFile("root", "root","$ssl_key/$domain.key");
333			+ esmith::util::chownFile("root", "root","$ssl_crt/$domain.crt");
334			+ chmod 0600, "$ssl_key/$domain.key";
335			+ chmod 0600, "$ssl_crt/$domain.crt";
336			+
337			+ #we load new certificates in db
338			+ system("/sbin/e-smith/db configuration setprop modSSL crt $ssl_crt/$domain.crt");
339			+ system("/sbin/e-smith/db configuration setprop modSSL key $ssl_key/$domain.key");
340			+
341			+ #we look if the certificate chain file is not equal to nothing, if not we load in db
342			+ if ($chain_crt ne '') {
343			+ system("/sbin/e-smith/db configuration setprop modSSL CertificateChainFile /home/e-smith/ssl.crt/chain.pem");
344			+ }
345			+
346			+ system("/sbin/e-smith/expand-template /home/e-smith/ssl.pem/pem");
347			+ # system("/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf");
348			+ # system("/sbin/service httpd-e-smith restart >/dev/null 2>&1");
349			+ # system("/sbin/service httpd-e-smith restart");
350			+ # system("/sbin/e-smith/signal-event ldap-update");
351			+ # system("/sbin/e-smith/signal-event email-update");
352			+
353			+ system("/sbin/e-smith/signal-event ssl-update");
354			+
355			+ return 'SUCCESS-CERT-WRITTEN';
356			+ }
357			+}
358			+
359			+1;
360			diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex
361			--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex 1970-01-01 01:00:00.000000000 +0100
362			+++ smeserver-certificate-0.0.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Certificate/certificate_en.lex 2022-03-31 14:29:11.000000000 +0100
363			@@ -0,0 +1,56 @@
364			+'FORM_TITLE' => ' SSL certificates management',
365			+Certificate' =>
366			+'Manage SSL certificates',
367			+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
368			+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
369			+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
370			+<b>signal-event certificate-revert</b><br><br>
371			+',
372			+ERROR_OPEN_KEY' =>
373			+'Impossible to open the certificates',
374			+'DESC_DOMAIN_CRT' =>
375			+'Paste Here the full certificate (server.crt)',
376			+'LABEL_DOMAIN_CRT' =>
377			+'SSL certificate',
378			+'DESC_DOMAIN_KEY' =>
379			+'Paste Here the full private key (server.key)',
380			+
381			+'LABEL_DOMAIN_KEY' =>
382			+'SSL private Key',
383			+'DESC_CERTIFICATE_CHAINFILE' =>
384			+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
385			+'LABEL_CERTIFICATE_CHAINFILE' =>
386			+'SSL intermediate chain certificate',
387			+
388			+'SUCCESS-CERT-WRITTEN' =>
389			+'Success - New Certificate details written',
390			+'SUCCESS-CERT-DEFAULTED' =>
391			+'Success - Certificate reverted to self-signed',
392			+'FORM_TITLE' => ' SSL certificates management',
393			+Certificate' =>
394			+'Manage SSL certificates',
395			+'DESC_SSL_CERTIFICAT_CONFIG_PAGE' => 'This panel is made to help the managing of SSL certificates if you need to use commercial Certificates by example.<br>
396			+If you want to get back to the default SME Server certificates, simply blank all the contents and press save.<br>
397			+In case of you set wrong certificates, the server Web may crash. You will have to do a command line in a root Terminal to get back to the default certificate : <br><br>
398			+<b>signal-event certificate-revert</b><br><br>
399			+',
400			+ERROR_OPEN_KEY' =>
401			+'Impossible to open the certificates',
402			+'DESC_DOMAIN_CRT' =>
403			+'Paste Here the full certificate (server.crt)',
404			+'LABEL_DOMAIN_CRT' =>
405			+'SSL certificate',
406			+'DESC_DOMAIN_KEY' =>
407			+'Paste Here the full private key (server.key)',
408			+
409			+'LABEL_DOMAIN_KEY' =>
410			+'SSL private Key',
411			+'DESC_CERTIFICATE_CHAINFILE' =>
412			+'You may need the intermediate CA certificate as \'chain\' certificate in your clientssl profile. Paste here the full chain file',
413			+'LABEL_CERTIFICATE_CHAINFILE' =>
414			+'SSL intermediate chain certificate',
415			+
416			+'SUCCESS-CERT-WRITTEN' =>
417			+'Success - New Certificate details written',
418			+'SUCCESS-CERT-DEFAULTED' =>
419			+'Success - Certificate reverted to self-signed',
420			diff -urN smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep
421			--- smeserver-certificate-0.0.4.old/root/usr/share/smanager/themes/default/templates/certificate.html.ep 1970-01-01 01:00:00.000000000 +0100
422			+++ smeserver-certificate-0.0.4/root/usr/share/smanager/themes/default/templates/certificate.html.ep 2022-04-16 11:53:00.000000000 +0100
423			@@ -0,0 +1,101 @@
424			+% layout 'default', title => "Sme server 2 - Certificate Manager", share_dir => './';
425			+
426			+% content_for 'module' => begin
427			+
428			+<div id="module" class="module certificate-panel">
429			+
430			+ % if ($config->{debug} == 1) {
431			+ <p>
432			+ %= dumper $c->current_route
433			+ </p>
434			+ % }
435			+
436			+ <h1><%=$title%></h1>
437			+ %= $modul
438			+
439			+ %if ($certificate_data->{first}) {
440			+ <br><p>
441			+ %=$c->render_to_string(inline =>$c->l($certificate_data->{first}))
442			+ </p>
443			+
444			+ %} elsif ($certificate_data->{success}) {
445			+ <div class='sme-border'>
446			+ <h2> Operation Status Report - success</h2><p>
447			+ <font color=green>
448			+ %= $c->l($certificate_data->{success});
449			+ </font>
450			+ </p>
451			+ </div>
452			+
453			+ %} elsif ($certificate_data->{error}) {
454			+ <div class='sme-error'>
455			+ <h2> Operation Status Report - error</h2><p>
456			+ <font color=red>
457			+ %= $c->l($certificate_data->{error});
458			+ </font>
459			+ </p>
460			+ </div>
461			+
462			+ %} elsif ($certificate_data->{warning}) {
463			+ <div class='sme-warning'>
464			+ <h2> Operation Status Report - warning</h2><p>
465			+ <font color=orange>
466			+ %= $c->l($certificate_data->{warning});
467			+ </font>
468			+ </p>
469			+ </div>
470			+
471			+ %}
472			+ %= form_for '/certificatesave' => (method => 'POST') => begin
473			+ % my $btn = l('SAVE');
474			+ %== l 'DESC_SSL_CERTIFICAT_CONFIG_PAGE'
475			+
476			+ <span class=label>
477			+ <strong>
478			+ %=l 'LABEL_DOMAIN_CRT'
479			+ </strong>
480			+ %=l 'DESC_DOMAIN_CRT'
481			+ <br />
482			+ </span><span class=data>
483			+ % param 'ca_crt' => $certificate_data->{'domain.crt'} unless param 'ca_crt';
484			+ %= text_area 'ca_crt' , cols=>60, rows=>15
485			+ </span><br>
486			+ <br />
487			+
488			+ <span class=label>
489			+ <strong>
490			+ %=l 'LABEL_DOMAIN_KEY'
491			+ </strong>
492			+ %=l 'DESC_DOMAIN_KEY'
493			+ </span><span class=data>
494			+ % param 'ca_key' => $certificate_data->{'domain.key'} unless param 'ca_key';
495			+ %= text_area 'ca_key' , cols=>60, rows=>15
496			+ </span><br>
497			+ <br />
498			+
499			+ <span class=label>
500			+ <strong>
501			+ %=l 'LABEL_CERTIFICATE_CHAINFILE'
502			+ </strong>
503			+ %=l 'DESC_CERTIFICATE_CHAINFILE'
504			+ </span><span class=data>
505			+ % param 'chain_crt_file' => $certificate_data->{'chain.pem'} unless param 'chain_crt_file';
506			+ %= text_area 'chain_crt_file' , cols=>60, rows=>15
507			+ </span><br>
508			+ <br />
509			+ %= submit_button "$btn", class => 'action'
510			+ </div>
511			+%end
512			+
513			+%= stylesheet begin
514			+span.label {
515			+ width:46em;
516			+ font-weight:normal;
517			+}
518			+
519			+span.label strong {
520			+ text-align:left;
521			+}
522			+%end
523			+
524			+%end
525			\ No newline at end of file