/** * Return HTTPS certificate and private key * @return DOMDocument */ protected function GetHttpsCertificate() { $ResponseDOMDocument = $this->CreateResponse(); if (in_array($this->DBServer->status, array(SERVER_STATUS::PENDING_TERMINATE, SERVER_STATUS::TERMINATED, SERVER_STATUS::TROUBLESHOOTING, SERVER_STATUS::SUSPENDED))) { return $ResponseDOMDocument; } $hostName = $this->GetArg("hostname") ? " AND name=" . $this->qstr($this->GetArg("hostname")) : ""; if ($this->GetArg("id")) { $sslInfo = Entity\SslCertificate::findPk($this->GetArg("id")); if ($sslInfo->envId != $this->DBServer->envId) { $sslInfo = null; } } else { if ($this->DBServer->GetFarmRoleObject()->GetRoleObject()->hasBehavior(ROLE_BEHAVIORS::NGINX)) { $vhost_info = $this->DB->GetRow("SELECT * FROM apache_vhosts WHERE farm_id=? AND is_ssl_enabled='1' {$hostName} LIMIT 1", array($this->DBServer->farmId)); } else { $vhost_info = $this->DB->GetRow("SELECT * FROM apache_vhosts WHERE farm_roleid=? AND is_ssl_enabled='1' {$hostName} LIMIT 1", array($this->DBServer->farmRoleId)); } if ($vhost_info) { $sslInfo = Entity\SslCertificate::findPk($vhost_info['ssl_cert_id']); if ($sslInfo->envId != $this->DBServer->envId) { $sslInfo = null; } } } if ($sslInfo) { $vhost = $ResponseDOMDocument->createElement("virtualhost"); $vhost->setAttribute("name", $sslInfo->name); $vhost->appendChild($ResponseDOMDocument->createElement("cert", $sslInfo->certificate)); $vhost->appendChild($ResponseDOMDocument->createElement("pkey", $sslInfo->privateKey)); $vhost->appendChild($ResponseDOMDocument->createElement("ca_cert", $sslInfo->caBundle)); $ResponseDOMDocument->documentElement->appendChild($vhost); } return $ResponseDOMDocument; }
/** * Save certificate (create new or update existing). * * @param string $name * @param int $id optional * @param int $privateKeyClear optional * @param int $certificateClear optional * @param int $caBundleClear optional * @param string $privateKeyPassword optional * @throws Scalr_Exception_Core * @throws Scalr_Exception_InsufficientPermissions * @throws Scalr_UI_Exception_NotFound * @throws \Scalr\Exception\ModelException */ public function xSaveAction($name, $id = null, $privateKeyClear = null, $certificateClear = null, $caBundleClear = null, $privateKeyPassword = null) { $this->request->restrictAccess(Acl::RESOURCE_SERVICES_SSL, Acl::PERM_SERVICES_SSL_MANAGE); $flagNew = false; if ($id) { /* @var \Scalr\Model\Entity\SslCertificate $cert */ $cert = Entity\SslCertificate::findPk($id); if (!$cert) { throw new Scalr_UI_Exception_NotFound(); } $this->user->getPermissions()->validate($cert); } else { $cert = new Entity\SslCertificate(); $cert->envId = $this->getEnvironmentId(); $flagNew = true; } $cert->name = $name; if (!$cert->name) { $this->request->addValidationErrors('name', 'Name can\'t be empty'); } $criteria = [['name' => $cert->name], ['envId' => $cert->envId]]; if ($id) { $criteria[] = ['id' => ['$ne' => $id]]; } if (Entity\SslCertificate::findOne($criteria)) { $this->request->addValidationErrors('name', 'Name must be unique.'); } if (!empty($_FILES['privateKey']['tmp_name'])) { $cert->privateKey = file_get_contents($_FILES['privateKey']['tmp_name']); } elseif ($privateKeyClear) { $cert->privateKey = null; } if ($privateKeyPassword) { if (!$cert->privateKey) { $this->request->addValidationErrors('privateKeyPassword', 'Private key password requires private key'); } else { if ($privateKeyPassword != '******') { $cert->privateKeyPassword = $privateKeyPassword; } } } else { $cert->privateKeyPassword = null; } if (!empty($_FILES['certificate']['tmp_name'])) { $cr = file_get_contents($_FILES['certificate']['tmp_name']); if (!openssl_x509_parse($cr, false)) { $this->request->addValidationErrors('certificate', 'Not valid certificate'); } else { $cert->certificate = $cr; } } elseif ($certificateClear) { $cert->certificate = null; } if (!empty($_FILES['caBundle']['tmp_name'])) { $bn = file_get_contents($_FILES['caBundle']['tmp_name']); if (!openssl_x509_parse($bn, false)) { $this->request->addValidationErrors('caBundle', 'Not valid certificate chain'); } else { $cert->caBundle = $bn; } } elseif ($caBundleClear) { $cert->caBundle = null; } if (!$cert->certificate) { $this->request->addValidationErrors('certificate', 'Certificate cannot be empty.'); } if (!$cert->privateKey) { $this->request->addValidationErrors('privateKey', 'Private key cannot be empty.'); } if (!$this->request->isValid()) { $this->response->data($this->request->getValidationErrors()); $this->response->failure(); } else { $cert->save(); if ($id) { try { // Update existing servers $res = $this->db->Execute("SELECT farm_roleid FROM farm_role_settings WHERE name='nginx.proxies' AND value LIKE '%ssl_certificate_id\":\"{$cert->id}%'"); while ($f = $res->FetchRow()) { $dbFarmRole = DBFarmRole::LoadByID($f['farm_roleid']); $servers = $dbFarmRole->GetServersByFilter(['status' => SERVER_STATUS::RUNNING]); foreach ($servers as $server) { $msg = new Scalr_Messaging_Msg_SSLCertificateUpdate(); $msg->id = $cert->id; $msg->certificate = $cert->certificate; $msg->cacertificate = $cert->caBundle; $msg->privateKey = $cert->privateKey; $server->SendMessage($msg, false, true); } } // Update apache server } catch (Exception $e) { } } $this->response->success('Certificate was successfully saved'); if ($flagNew) { $this->response->data(['cert' => $cert->getInfo()]); } } }
public function xSaveAction() { $this->request->restrictAccess(Acl::RESOURCE_SERVICES_APACHE, Acl::PERM_SERVICES_APACHE_MANAGE); $validator = new Scalr_Validator(); try { if ($validator->validateDomain($this->getParam('domainName')) !== true) { $err['domainName'] = _("Domain name is incorrect"); } if (!$this->getParam('farmId')) { $err['farmId'] = _("Farm required"); } else { $dbFarm = DBFarm::LoadByID($this->getParam('farmId')); $this->user->getPermissions()->validate($dbFarm); } if (!$this->getParam('farmRoleId')) { $err['farmRoleId'] = _("Role required"); } else { $dbFarmRole = DBFarmRole::LoadByID($this->getParam('farmRoleId')); if ($dbFarmRole->FarmID != $dbFarm->ID) { $err['farmRoleId'] = _("Role not found"); } } if ($validator->validateEmail($this->getParam('serverAdmin'), null, true) !== true) { $err['serverAdmin'] = _("Server admin's email is incorrect or empty "); } if (!$this->getParam('documentRoot')) { $err['documentRoot'] = _("Document root required"); } if (!$this->getParam('logsDir')) { $err['logsDir'] = _("Logs directory required"); } if ($this->db->GetOne("SELECT id FROM apache_vhosts WHERE env_id=? AND `name` = ? AND id != ? AND farm_id = ? AND farm_roleid = ? LIMIT 1", array($this->getEnvironmentId(), $this->getParam('domainName'), $this->getParam('vhostId'), $this->getParam('farmId'), $this->getParam('farmRoleId')))) { $err['domainName'] = "'{$this->getParam('domainName')}' virtualhost already exists"; } } catch (Exception $e) { $err[] = $e->getMessage(); } if (count($err) == 0) { $vHost = Scalr_Service_Apache_Vhost::init(); if ($this->getParam('vhostId')) { $vHost->loadById($this->getParam('vhostId')); $this->user->getPermissions()->validate($vHost); } else { $vHost->envId = $this->getEnvironmentId(); $vHost->clientId = $this->user->getAccountId(); } $vHost->domainName = $this->getParam('domainName'); $isSslEnabled = $this->getParam('isSslEnabled') == 'on' ? true : false; if ($vHost->farmRoleId && $vHost->farmRoleId != $this->getParam('farmRoleId')) { $oldFarmRoleId = $vHost->farmRoleId; } $vHost->farmId = $this->getParam('farmId'); $vHost->farmRoleId = $this->getParam('farmRoleId'); $vHost->isSslEnabled = $isSslEnabled ? 1 : 0; $vHost->httpdConf = $this->getParam("nonSslTemplate", true); $vHost->templateOptions = serialize(array("document_root" => trim($this->getParam('documentRoot')), "logs_dir" => trim($this->getParam('logsDir')), "server_admin" => trim($this->getParam('serverAdmin')), "server_alias" => trim($this->getParam('serverAlias')))); //SSL stuff if ($isSslEnabled) { $cert = Entity\SslCertificate::findPk($this->getParam('sslCertId')); $this->user->getPermissions()->validate($cert); $vHost->sslCertId = $cert->id; $vHost->httpdConfSsl = $this->getParam("sslTemplate", true); } else { $vHost->sslCertId = 0; $vHost->httpdConfSsl = ""; } $vHost->save(); $servers = $dbFarm->GetServersByFilter(array('status' => array(SERVER_STATUS::INIT, SERVER_STATUS::RUNNING))); foreach ($servers as $dBServer) { if ($dBServer->GetFarmRoleObject()->GetRoleObject()->hasBehavior(ROLE_BEHAVIORS::NGINX) || $dBServer->GetFarmRoleObject()->GetRoleObject()->hasBehavior(ROLE_BEHAVIORS::APACHE) && $dBServer->farmRoleId == $vHost->farmRoleId) { $dBServer->SendMessage(new Scalr_Messaging_Msg_VhostReconfigure()); } } if ($oldFarmRoleId) { $oldFarmRole = DBFarmRole::LoadByID($oldFarmRoleId); $servers = $oldFarmRole->GetServersByFilter(array('status' => array(SERVER_STATUS::INIT, SERVER_STATUS::RUNNING))); foreach ($servers as $dBServer) { $dBServer->SendMessage(new Scalr_Messaging_Msg_VhostReconfigure()); } } $this->response->success(_('Virtualhost successfully saved')); } else { $this->response->failure(); $this->response->data(array('errors' => $err)); } }
public function getConfiguration(DBServer $dbServer) { $configuration = new stdClass(); $configuration->keyfile = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_KEYFILE); $configuration->volumeConfig = $this->getVolumeConfig($dbServer->GetFarmRoleObject(), $dbServer); $configuration->snapshotConfig = $this->getSnapshotConfig($dbServer->GetFarmRoleObject(), $dbServer); $configuration->password = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_PASSWORD); $configuration->replicaSetIndex = $dbServer->GetProperty(self::SERVER_REPLICA_SET_INDEX); $configuration->shardIndex = $dbServer->GetProperty(self::SERVER_SHARD_INDEX); $configuration->shardsTotal = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_SHARDS_COUNT); $configuration->replicasPerShard = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_REPLICAS_COUNT); $configuration->cfgServerStorageSize = 5; $mmsApiKey = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_MMS_API_KEY); if ($mmsApiKey) { $configuration->mms = new stdClass(); $configuration->mms->apiKey = $mmsApiKey; $configuration->mms->secretKey = $dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_MMS_SECRET_KEY); } if ($dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_SSL_ENABLED) == 1) { $cert = Entity\SslCertificate::findPk($dbServer->GetFarmRoleObject()->GetSetting(self::ROLE_SSL_CERT_ID)); $configuration->ssl = new stdClass(); $configuration->ssl->privateKey = $cert->privateKey; $configuration->ssl->certificate = $cert->certificate; $configuration->ssl->privateKeyPassword = $cert->privateKeyPassword; } $configServers = $this->db->GetAll("SELECT * FROM services_mongodb_config_servers WHERE\n `farm_role_id` = ?\n ", array($dbServer->farmRoleId)); if (count($configServers) > 0) { $configuration->config_servers = array(); foreach ($configServers as $cs) { $itm = new stdClass(); $itm->id = $cs['config_server_index']; $itm->replicaSetIndex = $cs['replica_set_index']; $itm->shardIndex = $cs['shard_index']; try { $volume = Scalr_Storage_Volume::init()->loadById($cs['volume_id']); $volumeConfig = $volume->getConfig(); } catch (Exception $e) { } $itm->volume = $volumeConfig; $configuration->config_servers[] = $itm; } } return $configuration; }