github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-05 20:41:53 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Vesta SSL Certificate Management

Browse source
This commit is contained in:
Serghey Rodin 2016-10-06 18:52:34 +03:00
parent e343bf62a0
commit 7b0a2e904a
4 changed files with 368 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

77
bin/v-change-sys-vesta-ssl Executable file
View file

@ -0,0 +1,77 @@
#!/bin/bash
# info: change vesta ssl certificate
# options: SSL_DIR [RESTART]
#
# The function changes vesta SSL certificate and the key.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
domain='certificate'
ssl_dir=$1
restart=$2
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'SSL_DIR [RESTART]'
is_format_valid 'ssl_dir'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Checking new certificate
certificate=$(cat $ssl_dir/$domain.crt |grep -n END)
certificate_count=$(echo "$certificate" |wc -l)
if [ "$certificate_count" -gt 1 ]; then
crt_end=$(echo "$certificate" |head -n1 |cut -f 1 -d :)
crt_lines=$(wc -l $ssl_dir/$domain.crt |cut -f1 -d ' ')
pem_begin=$((crt_lines - crt_end))
mv $ssl_dir/$domain.crt $ssl_dir/$domain.crt_full
head -n $crt_end $ssl_dir/$domain.crt_full > $ssl_dir/$domain.crt
tail -n $pem_begin $ssl_dir/$domain.crt_full > $ssl_dir/$domain.ca
is_web_domain_cert_valid
mv -f $ssl_dir/$domain.crt_full $ssl_dir/$domain.crt
rm -f $ssl_dir/$domain.ca
else
is_web_domain_cert_valid
fi
# Moving old certificate
mv $VESTA/ssl/certificate.crt $VESTA/ssl/certificate.crt.back
mv $VESTA/ssl/certificate.key $VESTA/ssl/certificate.key.back
# Adding new certificate
cp -f $ssl_dir/certificate.crt $VESTA/ssl/certificate.crt
cp -f $ssl_dir/certificate.key $VESTA/ssl/certificate.key
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting web server
if [ "$restart" != 'no' ]; then
kill -HUP $(cat /var/run/vesta-nginx.pid)
$BIN/v-restart-mail
if [ ! -z "$IMAP_SYSTEM" ]; then
v-restart-service "$IMAP_SYSTEM"
fi
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

130
bin/v-list-sys-vesta-ssl Executable file
View file

@ -0,0 +1,130 @@
#!/bin/bash
# info: list vesta ssl certificate
# options: [FORMAT]
#
# The function of obtaining vesta ssl files.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
echo '{'
echo -e "\t\"VESTA\": {"
echo " \"CRT\": \"$crt\","
echo " \"KEY\": \"$key\","
echo " \"CA\": \"$ca\","
echo " \"SUBJECT\": \"$subj\","
echo " \"ALIASES\": \"$alt_dns\","
echo " \"NOT_BEFORE\": \"$before\","
echo " \"NOT_AFTER\": \"$after\","
echo " \"SIGNATURE\": \"$signature\","
echo " \"PUB_KEY\": \"$pub_key\","
echo " \"ISSUER\": \"$issuer\""
echo -e "\t}\n}"
}
# SHELL list function
shell_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$crt" ]; then
echo
echo
echo "SUBJECT: $subj"
if [ ! -z "$alt_dns" ]; then
echo "ALIASES: ${alt_dns//,/ }"
fi
echo "VALID FROM: $before"
echo "VALID TIL: $after"
echo "SIGNATURE: $signature"
echo "PUB_KEY: $pub_key"
echo "ISSUER: $issuer"
fi
}
# PLAIN list function
plain_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$ca" ]; then
echo -e "\n$ca"
fi
if [ ! -z "$crt" ]; then
echo "$subj"
echo "${alt_dns//,/ }"
echo "$before"
echo "$after"
echo "$signature"
echo "$pub_key"
echo "$issuer"
fi
}
# CSV list function
csv_list() {
echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
echo "PUB_KEY,ISSUER"
echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing SSL certificate
crt=$(cat $VESTA/ssl/certificate.crt |sed ':a;N;$!ba;s/\n/\\n/g')
key=$(cat $VESTA/ssl/certificate.crt |sed ':a;N;$!ba;s/\n/\\n/g')
# Parsing SSL certificate details without CA
info=$(openssl x509 -text -in $VESTA/ssl/certificate.crt)
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

65
web/edit/server/index.php
View file

@ -78,6 +78,21 @@ foreach ($backup_types as $backup_type) {
}
}
// List ssl certificate info
exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var);
$ssl_str = json_decode(implode('', $output), true);
unset($output);
$v_ssl_crt = $ssl_str['VESTA']['CRT'];
$v_ssl_key = $ssl_str['VESTA']['KEY'];
$v_ssl_ca = $ssl_str['VESTA']['CA'];
$v_ssl_subject = $ssl_str['VESTA']['SUBJECT'];
$v_ssl_aliases = $ssl_str['VESTA']['ALIASES'];
$v_ssl_not_before = $ssl_str['VESTA']['NOT_BEFORE'];
$v_ssl_not_after = $ssl_str['VESTA']['NOT_AFTER'];
$v_ssl_signature = $ssl_str['VESTA']['SIGNATURE'];
$v_ssl_pub_key = $ssl_str['VESTA']['PUB_KEY'];
$v_ssl_issuer = $ssl_str['VESTA']['ISSUER'];
// Check POST request
if (!empty($_POST['save'])) {
@ -178,7 +193,6 @@ if (!empty($_POST['save'])) {
}
}
// Update webmail url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) {
@ -231,7 +245,6 @@ if (!empty($_POST['save'])) {
}
}
// Change backup gzip level
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_gzip'] != $v_backup_gzip ) {
@ -323,7 +336,6 @@ if (!empty($_POST['save'])) {
}
}
// Delete remote backup host
if (empty($_SESSION['error_msg'])) {
if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) {
@ -340,6 +352,49 @@ if (!empty($_POST['save'])) {
}
}
// Update SSL certificate
if ((!empty($_POST['v_ssl_crt'])) && (empty($_SESSION['error_msg']))) {
if (($v_ssl_crt != str_replace("\r\n", "\n", $_POST['v_ssl_crt'])) || ($v_ssl_key != str_replace("\r\n", "\n", $_POST['v_ssl_key']))) {
exec ('mktemp -d', $mktemp_output, $return_var);
$tmpdir = $mktemp_output[0];
// Certificate
if (!empty($_POST['v_ssl_crt'])) {
$fp = fopen($tmpdir."/certificate.crt", 'w');
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
fwrite($fp, "\n");
fclose($fp);
}
// Key
if (!empty($_POST['v_ssl_key'])) {
$fp = fopen($tmpdir."/certificate.key", 'w');
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
fwrite($fp, "\n");
fclose($fp);
}
exec (VESTA_CMD."v-change-sys-vesta-ssl ".$tmpdir, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
// List ssl certificate info
exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var);
$ssl_str = json_decode(implode('', $output), true);
unset($output);
$v_ssl_crt = $ssl_str['VESTA']['CRT'];
$v_ssl_key = $ssl_str['VESTA']['KEY'];
$v_ssl_ca = $ssl_str['VESTA']['CA'];
$v_ssl_subject = $ssl_str['VESTA']['SUBJECT'];
$v_ssl_aliases = $ssl_str['VESTA']['ALIASES'];
$v_ssl_not_before = $ssl_str['VESTA']['NOT_BEFORE'];
$v_ssl_not_after = $ssl_str['VESTA']['NOT_AFTER'];
$v_ssl_signature = $ssl_str['VESTA']['SIGNATURE'];
$v_ssl_pub_key = $ssl_str['VESTA']['PUB_KEY'];
$v_ssl_issuer = $ssl_str['VESTA']['ISSUER'];
}
}
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Changes has been saved.');
@ -375,7 +430,6 @@ if (!empty($_POST['save'])) {
}
}
// activating filemanager licence
if (empty($_SESSION['error_msg'])) {
if($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes'){
@ -410,11 +464,14 @@ if (!empty($_POST['save'])) {
// Check system configuration
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
$sys_arr = $data['config'];
foreach ($sys_arr as $key => $value) {
$_SESSION[$key] = $value;
}
// Render page
render_page($user, $TAB, 'edit_server');

100
web/templates/admin/edit_server.html
View file

@ -576,6 +576,106 @@
</td>
</tr>
<tr>
<td class="vst-text input-label step-top">
<a href="javascript:elementHideShow('ssl');" class="vst-text">
<b><?php print __('Vesta SSL');?> <!-- span style="color:#ff6701;font-size:10px; padding:0 10px;">preview</span--><img src="/images/arrow.png"></b>
</a>
</td>
</tr>
<tr>
<td class="vst-text input-label step-left">
<table style="display:<?php if (empty($v_adv)) echo 'none';?> ;" id="ssl">
<tr>
<td class="vst-text input-label">
<?php print __('SSL Certificate');?>
</td>
</tr>
<tr>
<td>
<textarea size="20" class="vst-textinput" name="v_ssl_crt"><?php if (!empty($v_ssl_crt)) echo htmlentities($v_ssl_crt); ?></textarea>
</td>
</tr>
<tr>
<td class="vst-text input-label">
<?php print __('SSL Key');?>
</td>
</tr>
<tr>
<td>
<textarea size="20" class="vst-textinput" name="v_ssl_key"><?php if (!empty($v_ssl_key)) echo htmlentities($v_ssl_key); ?></textarea>
</td>
</tr>
<tr>
<td>
<table class="additional-info">
<tr>
<td>
<?=__('SUBJECT')?>:
</td>
<td class="details">
<?=$v_ssl_subject?>
</td>
</tr>
<? if($v_ssl_aliases){?>
<tr>
<td>
<?=__('ALIASES')?>:
</td>
<td class="details">
<?=$v_ssl_aliases?>
</td>
</tr>
<? } ?>
<tr>
<td>
<?=__('NOT_BEFORE')?>:
</td>
<td class="details">
<?=$v_ssl_not_before?>
</td>
</tr>
<tr>
<td>
<?=__('NOT_AFTER')?>:
</td>
<td class="details">
<?=$v_ssl_not_after?>
</td>
</tr>
<tr>
<td>
<?=__('SIGNATURE')?>:
</td>
<td class="details">
<?=$v_ssl_signature?>
</td>
</tr>
<tr>
<td>
<?=__('PUB_KEY')?>:
</td>
<td class="details">
<?=$v_ssl_pub_key?>
</td>
</tr>
<tr>
<td>
<?=__('ISSUER')?>
</td>
<td class="details">
<?=$v_ssl_issuer?>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="vst-text input-label step-top">
<a href="javascript:elementHideShow('vesta');" class="vst-text">