2017-07-16 19:37:33 +08:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
const config = require('wild-config');
|
|
|
|
|
const fs = require('fs');
|
2021-05-13 22:08:14 +08:00
|
|
|
const db = require('./db');
|
|
|
|
|
const CertHandler = require('./cert-handler');
|
2022-08-16 20:22:47 +08:00
|
|
|
const { buildCertChain } = require('./tools');
|
2017-07-16 19:37:33 +08:00
|
|
|
|
|
|
|
|
const certs = new Map();
|
2017-10-05 20:14:43 +08:00
|
|
|
const servers = [];
|
2021-05-13 22:08:14 +08:00
|
|
|
|
|
|
|
|
let certHandler;
|
2017-07-16 19:37:33 +08:00
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
module.exports.reload = () => {
|
|
|
|
|
// load certificate files
|
2017-11-06 23:32:45 +08:00
|
|
|
[false, 'imap', 'lmtp', 'pop3', 'api', 'api.mobileconfig'].forEach(type => {
|
2017-10-05 20:14:43 +08:00
|
|
|
let tlsconf = config.tls;
|
|
|
|
|
|
|
|
|
|
if (type) {
|
|
|
|
|
let path = (type + '.tls').split('.');
|
|
|
|
|
tlsconf = config;
|
|
|
|
|
for (let i = 0; i < path.length; i++) {
|
|
|
|
|
let key = path[i];
|
|
|
|
|
if (!tlsconf[key]) {
|
|
|
|
|
tlsconf = false;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
tlsconf = tlsconf[key];
|
|
|
|
|
}
|
|
|
|
|
if (!tlsconf || !tlsconf.key) {
|
|
|
|
|
tlsconf = config.tls;
|
2017-07-25 20:50:16 +08:00
|
|
|
}
|
|
|
|
|
}
|
2017-10-05 20:14:43 +08:00
|
|
|
|
|
|
|
|
if (!tlsconf) {
|
|
|
|
|
return;
|
2017-07-25 20:50:16 +08:00
|
|
|
}
|
2017-07-16 19:37:33 +08:00
|
|
|
|
2021-05-13 22:08:14 +08:00
|
|
|
let key, cert, ca, dhparam;
|
2017-07-16 19:37:33 +08:00
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
if (tlsconf.key) {
|
|
|
|
|
key = fs.readFileSync(tlsconf.key, 'ascii');
|
|
|
|
|
}
|
2017-07-16 19:37:33 +08:00
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
if (!key) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-07-16 19:37:33 +08:00
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
if (tlsconf.cert) {
|
|
|
|
|
cert = fs.readFileSync(tlsconf.cert, 'ascii');
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-13 22:08:14 +08:00
|
|
|
if (tlsconf.dhparam) {
|
|
|
|
|
dhparam = fs.readFileSync(tlsconf.dhparam, 'ascii');
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
if (tlsconf.ca) {
|
|
|
|
|
ca = [].concat(tlsconf.ca || []).map(ca => fs.readFileSync(ca, 'ascii'));
|
|
|
|
|
if (!ca.length) {
|
|
|
|
|
ca = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
certs.set(type || 'default', {
|
|
|
|
|
key,
|
|
|
|
|
cert,
|
2021-05-13 22:08:14 +08:00
|
|
|
ca,
|
|
|
|
|
dhparam
|
2017-10-05 20:14:43 +08:00
|
|
|
});
|
|
|
|
|
});
|
2017-07-16 19:37:33 +08:00
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
if (!certs.has('default')) {
|
|
|
|
|
certs.set('default', {
|
|
|
|
|
key: fs.readFileSync(__dirname + '/../certs/example.key', 'ascii'),
|
|
|
|
|
cert: fs.readFileSync(__dirname + '/../certs/example.cert', 'ascii'),
|
|
|
|
|
ca: false
|
|
|
|
|
});
|
2017-07-16 19:37:33 +08:00
|
|
|
}
|
2017-10-05 20:14:43 +08:00
|
|
|
};
|
2017-07-16 19:37:33 +08:00
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
module.exports.reload();
|
|
|
|
|
|
|
|
|
|
module.exports.get = type => (certs.has(type) ? certs.get(type) : certs.get('default')) || false;
|
|
|
|
|
|
|
|
|
|
module.exports.loadTLSOptions = (serverOptions, name) => {
|
|
|
|
|
Object.keys(config[name].tls || {}).forEach(key => {
|
2021-05-13 22:08:14 +08:00
|
|
|
if (!['key', 'cert', 'ca', 'dhparam'].includes(key)) {
|
2017-10-05 20:14:43 +08:00
|
|
|
serverOptions[key] = config[name].tls[key];
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2021-05-13 22:08:14 +08:00
|
|
|
let serverCerts = module.exports.get(name);
|
2017-10-05 20:14:43 +08:00
|
|
|
|
|
|
|
|
if (serverCerts) {
|
|
|
|
|
serverOptions.key = serverCerts.key;
|
2022-08-16 20:22:47 +08:00
|
|
|
serverOptions.cert = buildCertChain(serverCerts.cert, serverCerts.ca);
|
2021-05-13 22:08:14 +08:00
|
|
|
|
|
|
|
|
if (serverCerts.dhparam) {
|
|
|
|
|
serverOptions.dhparam = serverCerts.dhparam;
|
|
|
|
|
}
|
2017-07-16 19:37:33 +08:00
|
|
|
}
|
2017-10-05 20:14:43 +08:00
|
|
|
};
|
2017-07-16 19:37:33 +08:00
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
module.exports.registerReload = (server, name) => {
|
|
|
|
|
servers.push({ server, name });
|
|
|
|
|
};
|
2017-07-16 19:37:33 +08:00
|
|
|
|
2021-10-08 22:30:15 +08:00
|
|
|
module.exports.getContextForServername = async (servername, serverOptions, meta, opts) => {
|
2021-05-13 22:08:14 +08:00
|
|
|
if (!certHandler) {
|
|
|
|
|
certHandler = new CertHandler({
|
|
|
|
|
cipher: config.certs && config.certs.cipher,
|
|
|
|
|
secret: config.certs && config.certs.secret,
|
|
|
|
|
database: db.database,
|
2021-10-08 22:30:15 +08:00
|
|
|
redis: db.redis,
|
|
|
|
|
loggelf: opts ? opts.loggelf : false
|
2021-05-13 22:08:14 +08:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-08 22:10:53 +08:00
|
|
|
return await certHandler.getContextForServername(servername, serverOptions, meta);
|
2021-05-13 22:08:14 +08:00
|
|
|
};
|
|
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
config.on('reload', () => {
|
|
|
|
|
module.exports.reload();
|
|
|
|
|
servers.forEach(entry => {
|
|
|
|
|
let serverCerts = certs.get(entry.name);
|
|
|
|
|
let certOptions = {};
|
|
|
|
|
if (serverCerts) {
|
|
|
|
|
certOptions.key = serverCerts.key;
|
2022-08-16 20:22:47 +08:00
|
|
|
certOptions.cert = buildCertChain(serverCerts.cert, serverCerts.ca);
|
|
|
|
|
|
2021-05-13 22:08:14 +08:00
|
|
|
if (serverCerts.dhparam) {
|
|
|
|
|
certOptions.dhparam = serverCerts.dhparam;
|
|
|
|
|
}
|
2022-08-16 20:22:47 +08:00
|
|
|
|
2017-10-05 20:14:43 +08:00
|
|
|
entry.server.updateSecureContext(certOptions);
|
|
|
|
|
}
|
2017-07-25 20:50:16 +08:00
|
|
|
});
|
2017-10-05 20:14:43 +08:00
|
|
|
});
|
