gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: 029167ad | patch | commit | ignore whitespace

Michael Fürmann

2015-03-03 f52de04d050e93914d144421fd6ae0f1982e35e9

Handle host-specific ssl certificates

9 files modified

2 files added

	install/apps/metronome-init	19 ●●●●● patch \| view \| raw \| blame \| history
	install/sql/incremental/upd_0081.sql	12 ●●●●● patch \| view \| raw \| blame \| history
	install/sql/ispconfig3.sql	12 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/form/xmpp_domain.tform.php	123 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/lib/lang/en_xmpp_domain.lng	28 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/templates/xmpp_domain_edit_ssl.htm	100 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/xmpp_domain_edit.php	23 ●●●●● patch \| view \| raw \| blame \| history
	server/conf/metronome_conf_host.master	12 ●●●●● patch \| view \| raw \| blame \| history
	server/conf/metronome_conf_ssl.master	72 ●●●●● patch \| view \| raw \| blame \| history
	server/mods-available/xmpp_module.inc.php	22 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/xmpp_plugin.inc.php	140 ●●●●● patch \| view \| raw \| blame \| history

 install/apps/metronome-init

@@ -33,6 +33,16 @@
    $METRONOME stop >> /dev/null
}

reload()
{
    &METRONOME reload >> /dev/null
}

restart()
{
    &METRONOME restart >> /dev/null
}

case "$1" in
    start)
        echo -n "Starting Metronome..."
@@ -42,13 +52,16 @@
        echo -n "Stopping Metronome..."
        stop &
    ;;
    reload)
        echo -n "Reloading Metronome config..."
        reload &
    ;;
    restart)
        echo -n "Restarting Metronome..."
        stop &
        start &
        restart &
    ;;
    *)
        echo "Usage: $0 {start|stop|restart}" >&2
        echo "Usage: $0 {start|stop|reload|restart}" >&2
        exit 1
    ;;
esac

 install/sql/incremental/upd_0081.sql

@@ -48,6 +48,18 @@
  `http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
  `use_status_host` enum('n','y') NOT NULL DEFAULT 'n',

  `ssl_state` varchar(255) NULL,
  `ssl_locality` varchar(255) NULL,
  `ssl_organisation` varchar(255) NULL,
  `ssl_organisation_unit` varchar(255) NULL,
  `ssl_country` varchar(255) NULL,
  `ssl_email` varchar(255) NULL,
  `ssl_request` mediumtext NULL,
  `ssl_cert` mediumtext NULL,
  `ssl_bundle` mediumtext NULL,
  `ssl_key` mediumtext NULL,
  `ssl_action` varchar(16) NULL,

  `active` enum('n','y') NOT NULL DEFAULT 'n',
  PRIMARY KEY  (`domain_id`),
  KEY `server_id` (`server_id`,`domain`),

 install/sql/ispconfig3.sql

@@ -2002,6 +2002,18 @@
  `http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
  `use_status_host` enum('n','y') NOT NULL DEFAULT 'n',

  `ssl_state` varchar(255) NULL,
  `ssl_locality` varchar(255) NULL,
  `ssl_organisation` varchar(255) NULL,
  `ssl_organisation_unit` varchar(255) NULL,
  `ssl_country` varchar(255) NULL,
  `ssl_email` varchar(255) NULL,
  `ssl_request` mediumtext NULL,
  `ssl_cert` mediumtext NULL,
  `ssl_bundle` mediumtext NULL,
  `ssl_key` mediumtext NULL,
  `ssl_action` varchar(16) NULL,

  `active` enum('n','y') NOT NULL DEFAULT 'n',
  PRIMARY KEY  (`domain_id`),
  KEY `server_id` (`server_id`,`domain`),

 interface/web/mail/form/xmpp_domain.tform.php

@@ -280,5 +280,128 @@
    )
);

$form["tabs"]['ssl'] = array (
    'title'  => "SSL",
    'width'  => 100,
    'template'  => "templates/xmpp_domain_edit_ssl.htm",
    'readonly' => false,
    'fields'  => array (
        //#################################
        // Begin Datatable fields
        //#################################
        'ssl_state' => array (
            'datatype' => 'VARCHAR',
            'formtype' => 'TEXT',
            'validators' => array (  0 => array ( 'type' => 'REGEX',
                'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
                'errmsg'=> 'ssl_state_error_regex'),
            ),
            'default' => '',
            'value'  => '',
            'width'  => '30',
            'maxlength' => '255'
        ),
        'ssl_locality' => array (
            'datatype' => 'VARCHAR',
            'formtype' => 'TEXT',
            'validators' => array (  0 => array ( 'type' => 'REGEX',
                'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
                'errmsg'=> 'ssl_locality_error_regex'),
            ),
            'default' => '',
            'value'  => '',
            'width'  => '30',
            'maxlength' => '255'
        ),
        'ssl_organisation' => array (
            'datatype' => 'VARCHAR',
            'formtype' => 'TEXT',
            'validators' => array (  0 => array ( 'type' => 'REGEX',
                'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
                'errmsg'=> 'ssl_organisation_error_regex'),
            ),
            'default' => '',
            'value'  => '',
            'width'  => '30',
            'maxlength' => '255'
        ),
        'ssl_organisation_unit' => array (
            'datatype' => 'VARCHAR',
            'formtype' => 'TEXT',
            'validators' => array (  0 => array ( 'type' => 'REGEX',
                'regex' => '/^(([\.]{0})|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
                'errmsg'=> 'ssl_organistaion_unit_error_regex'),
            ),
            'default' => '',
            'value'  => '',
            'width'  => '30',
            'maxlength' => '255'
        ),
        'ssl_country' => array (
            'datatype' => 'VARCHAR',
            'formtype' => 'SELECT',
            'default' => '',
            'datasource' => array (  'type' => 'SQL',
                'querystring' => 'SELECT iso,printable_name FROM country ORDER BY printable_name',
                'keyfield'=> 'iso',
                'valuefield'=> 'printable_name'
            ),
            'value'  => ''
        ),
        'ssl_email' => array (
            'datatype' => 'VARCHAR',
            'formtype' => 'TEXT',
            'default' => '',
            'value'  => '',
            'width'  => '30',
            'maxlength' => '255',
            'validators' => array (  0 => array ( 'type' => 'ISEMAIL',
                'errmsg'=> 'ssl_error_isemail')
            ),
        ),
        'ssl_key' => array (
            'datatype' => 'TEXT',
            'formtype' => 'TEXTAREA',
            'default' => '',
            'value'  => '',
            'cols'  => '30',
            'rows'  => '10'
        ),
        'ssl_request' => array (
            'datatype' => 'TEXT',
            'formtype' => 'TEXTAREA',
            'default' => '',
            'value'  => '',
            'cols'  => '30',
            'rows'  => '10'
        ),
        'ssl_cert' => array (
            'datatype' => 'TEXT',
            'formtype' => 'TEXTAREA',
            'default' => '',
            'value'  => '',
            'cols'  => '30',
            'rows'  => '10'
        ),
        'ssl_bundle' => array (
            'datatype' => 'TEXT',
            'formtype' => 'TEXTAREA',
            'default' => '',
            'value'  => '',
            'cols'  => '30',
            'rows'  => '10'
        ),
        'ssl_action' => array (
            'datatype' => 'VARCHAR',
            'formtype' => 'SELECT',
            'default' => '',
            'value'  => array('' => 'none_txt', 'save' => 'save_certificate_txt', 'create' => 'create_certificate_txt', 'del' => 'delete_certificate_txt')
        ),
        //#################################
        // ENDE Datatable fields
        //#################################
    )
);


?>

 interface/web/mail/lib/lang/en_xmpp_domain.lng

@@ -30,4 +30,32 @@
$wb["about_registration_url_txt"] = 'Link to your registration form.';
$wb["about_registration_message_txt"] = 'Description about your account registration process.';
$wb["no_corresponding_maildomain_txt"] = 'Corresponding mail domain for user management not found. Please create the mail domain first.';
$wb['ssl_state_txt'] = 'State';
$wb['ssl_locality_txt'] = 'Locality';
$wb['ssl_organisation_txt'] = 'Organisation';
$wb['ssl_organisation_unit_txt'] = 'Organisation Unit';
$wb['ssl_country_txt'] = 'Country';
$wb['ssl_key_txt'] = 'SSL Key';
$wb['ssl_request_txt'] = 'SSL Request';
$wb['ssl_cert_txt'] = 'SSL Certificate';
$wb['ssl_bundle_txt'] = 'SSL Bundle';
$wb['ssl_action_txt'] = 'SSL Action';
$wb['ssl_email_txt'] = 'Email Address';
$wb['ssl_txt'] = 'SSL';
$wb['error_ssl_state_empty'] = 'SSL State is empty.';
$wb['error_ssl_locality_empty'] = 'SSL Locality is empty.';
$wb['error_ssl_organisation_empty'] = 'SSL Organisation is empty.';
$wb['error_ssl_organisation_unit_empty'] = 'SSL Organisation Unit is empty.';
$wb['error_ssl_country_empty'] = 'SSL Country is empty.';
$wb['error_ssl_cert_empty'] = 'SSL Certificate field is empty';
$wb['ssl_state_error_regex'] = 'Invalid SSL State. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
$wb['ssl_locality_error_regex'] = 'Invalid SSL Locality. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
$wb['ssl_organisation_error_regex'] = 'Invalid SSL Organisation. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
$wb['ssl_organistaion_unit_error_regex'] = 'Invalid SSL Organisation Unit. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
$wb['ssl_country_error_regex'] = 'Invalid SSL Country. Valid characters are: A-Z';
$wb['none_txt'] = 'None';
$wb['save_certificate_txt'] = 'Save certificate';
$wb['create_certificate_txt'] = 'Create certificate';
$wb['delete_certificate_txt'] = 'Delete certificate';
$wb['ssl_error_isemail'] = 'Please enter a valid email adress for generation of the SSL certificate';
?>

 interface/web/mail/templates/xmpp_domain_edit_ssl.htm

New file
@@ -0,0 +1,100 @@
<div class='page-header'>
    <h1><tmpl_var name="list_head_txt"></h1>
</div>
<p><tmpl_var name="list_desc_txt"></p>

<tmpl_if name="config_error_msg">
<div style="background: #ffdfdf; border: 1px solid #df7d7d; border-width: 1px 0; margin: 1.5em 0 1.5em 0; padding: 7px;">
                <p style="font-face:bold">{tmpl_var name='configuration_error_txt'}</p>
                <div>
                <div style="float:left;width:150px;">{tmpl_var name='config_error_tstamp'} :&nbsp;</div><div style="padding-left:150px;">{tmpl_var name='config_error_msg'}</div>
                </div>
</div>
</tmpl_if>


            <tmpl_if name='show_helper_links'>
                <div id="show_helper_links" style="display:none;">
                    <label></label>
                    <div class="col-sm-9">
                    <a href="javascript:void(0);" id="load_data"><tmpl_if name='is_admin'>{tmpl_var name='load_client_data_txt'}</tmpl_else>{tmpl_var name='load_my_data_txt'}</tmpl_if></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="javascript:void(0);" id="reset_data">{tmpl_var name='reset_client_data_txt'}</a>
                    </div>
                </div>
            </tmpl_if>
            <div class="form-group">
                <label for="ssl_state" class="col-sm-3 control-label">{tmpl_var name='ssl_state_txt'}</label>
                <div class="col-sm-9"><input type="text" name="ssl_state" id="ssl_state" value="{tmpl_var name='ssl_state'}" class="form-control" /></div></div>
            <div class="form-group">
                <label for="ssl_locality" class="col-sm-3 control-label">{tmpl_var name='ssl_locality_txt'}</label>
                <div class="col-sm-9"><input type="text" name="ssl_locality" id="ssl_locality" value="{tmpl_var name='ssl_locality'}" class="form-control" /></div></div>
            <div class="form-group">
                <label for="ssl_organisation" class="col-sm-3 control-label">{tmpl_var name='ssl_organisation_txt'}</label>
                <div class="col-sm-9"><input type="text" name="ssl_organisation" id="ssl_organisation" value="{tmpl_var name='ssl_organisation'}" class="form-control" /></div></div>
            <div class="form-group">
                <label for="ssl_organisation_unit" class="col-sm-3 control-label">{tmpl_var name='ssl_organisation_unit_txt'}</label>
                <div class="col-sm-9"><input type="text" name="ssl_organisation_unit" id="ssl_organisation_unit" value="{tmpl_var name='ssl_organisation_unit'}" class="form-control" /></div></div>
            <div class="form-group">
                <label for="ssl_country" class="col-sm-3 control-label">{tmpl_var name='ssl_country_txt'}</label>
                <div class="col-sm-9"><select name="ssl_country" id="ssl_country" class="form-control flags">
                    {tmpl_var name='ssl_country'}
                </select></div>
            </div>
            <div class="form-group">
                <label for="ssl_email" class="col-sm-3 control-label">{tmpl_var name='ssl_email_txt'}</label>
                <div class="col-sm-9"><input type="email" name="ssl_email" id="ssl_email" value="{tmpl_var name='ssl_email'}" class="form-control" /></div></div>
            <div class="form-group">
                <label for="ssl_request" class="col-sm-3 control-label">{tmpl_var name='ssl_key_txt'}</label>
                <div class="col-sm-9"><textarea class="form-control" name="ssl_key" id="ssl_key" rows='10' cols='30'>{tmpl_var name='ssl_key'}</textarea></div>
            </div>
            <div class="form-group">
                <label for="ssl_request" class="col-sm-3 control-label">{tmpl_var name='ssl_request_txt'}</label>
                <div class="col-sm-9"><textarea class="form-control" name="ssl_request" id="ssl_request" rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea></div>
            </div>
            <div class="form-group">
                <label for="ssl_cert" class="col-sm-3 control-label">{tmpl_var name='ssl_cert_txt'}</label>
                <div class="col-sm-9"><textarea class="form-control" name="ssl_cert" id="ssl_cert" rows='10' cols='30'>{tmpl_var name='ssl_cert'}</textarea></div>
            </div>
            <div class="form-group">
                <label for="ssl_action" class="col-sm-3 control-label">{tmpl_var name='ssl_action_txt'}</label>
                <div class="col-sm-9"><select name="ssl_action" id="ssl_action" class="form-control">
                    {tmpl_var name='ssl_action'}
                </select></div>
            </div>
        

        <input type="hidden" name="id" value="{tmpl_var name='id'}">
        <input type="hidden" name="type" value="ssl">

        <div class="clear"><div class="right">
            <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="mail/xmpp_domain_edit.php">{tmpl_var name='btn_save_txt'}</button>
            <button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="mail/xmpp_domain_list.php">{tmpl_var name='btn_cancel_txt'}</button>
        </div></div>

<script>
<!--
    <tmpl_if name='show_helper_links'>
    if($("input[name=id]").val() > 0) $('#show_helper_links:hidden').show();

    $('#reset_data').click(function(){
        $('#ssl_organisation').add('#ssl_locality').add('#ssl_state').add('#ssl_organisation_unit').val('');
        $('#ssl_country').val($("#ssl_country option:first").val());
    });
    $('#load_data').click(function(){
        loadClientData();
    });
	
	
    function loadClientData() {
        var web_id = $("input[name=id]").val();
        
        jQuery.getJSON('sites/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {'web_id': web_id, 'type': "getclientssldata"}, function(data) {
            $('#ssl_organisation').val(data['company_name']);
            $('#ssl_locality').val(data['city']);
            $('#ssl_country').val(data['country']);
            $('#ssl_state').val(data['state']);
            $('#ssl_organisation_unit').val('IT');
        });
    }
    </tmpl_if>
//-->
</script>

 interface/web/mail/xmpp_domain_edit.php

@@ -49,14 +49,16 @@
$app->load('tform_actions');

class page_action extends tform_actions {
    var $_xmpp_type = 'domain';
    var $_xmpp_type = 'server';

    function onLoad() {
        $show_type = 'server';
        if(isset($_GET['type']) && $_GET['type'] == 'modules') {
        if(isset($_REQUEST['type']) && $_REQUEST['type'] == 'modules') {
            $show_type = 'modules';
        } elseif(isset($_GET['type']) && $_GET['type'] == 'muc') {
        } elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'muc') {
            $show_type = 'muc';
        }elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'ssl') {
            $show_type = 'ssl';
        }

        $_SESSION['s']['var']['xmpp_type'] = $show_type;
@@ -363,6 +365,21 @@
            }
        }

        if($this->_xmpp_type == 'ssl'){
            //* Check that all fields for the SSL cert creation are filled
            if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'create') {
                if($this->dataRecord['ssl_state'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_state_empty').'<br />';
                if($this->dataRecord['ssl_locality'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_locality_empty').'<br />';
                if($this->dataRecord['ssl_organisation'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_empty').'<br />';
                if($this->dataRecord['ssl_organisation_unit'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_unit_empty').'<br />';
                if($this->dataRecord['ssl_country'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_country_empty').'<br />';
            }

            if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'save') {
                if(trim($this->dataRecord['ssl_cert']) == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_cert_empty').'<br />';
            }
        }

        //* make sure that the xmpp domain is lowercase
        if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);


 server/conf/metronome_conf_host.master

@@ -52,12 +52,12 @@
        admins = {
{tmpl_var name='domain_admins'}
        };
-- TODO: SSL Certs for Hosts
--        ssl = {
--                key = "/var/lib/metronome/iplay-esports.de.key",
--                certificate = "/var/lib/metronome/iplay-esports.de.crt",
--        };

<tmpl_if name='ssl_cert' op='==' value='true'>
        ssl = {
                key = "/etc/metronome/certs/{tmpl_var name='domain'}.key",
                certificate = "/etc/metronome/certs/{tmpl_var name='domain'}.cert",
        };
</tmpl_if>

<tmpl_if name='use_proxy' op='==' value='true'>
VirtualHost "anon.{tmpl_var name='domain'}"

 server/conf/metronome_conf_ssl.master

New file
@@ -0,0 +1,72 @@
oid_section = new_oids

[ new_oids ]

# RFC 3920 section 5.1.1 defines this OID
xmppAddr = 1.3.6.1.5.5.7.8.5

# RFC 4985 defines this OID
SRVName  = 1.3.6.1.5.5.7.8.7

[ req ]

default_bits       = 4096
default_keyfile    = {tmpl_var name='domain'}.key
distinguished_name = distinguished_name
req_extensions     = v3_extensions
x509_extensions    = v3_extensions

# ask about the DN?
prompt = no

[ distinguished_name ]

commonName             = {tmpl_var name='domain'}
countryName            = {tmpl_var name='ssl_country'}
localityName           = {tmpl_var name='ssl_locality'}
organizationName       = {tmpl_var name='ssl_organisation'}
organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
emailAddress           = {tmpl_var name='ssl_email'}

[ v3_extensions ]

# for certificate requests (req_extensions)
# and self-signed certificates (x509_extensions)

basicConstraints = CA:FALSE
keyUsage         = digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName   = @subject_alternative_name

[ subject_alternative_name ]

# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.

DNS.0       =                                           {tmpl_var name='domain'}
otherName.0 =                 xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
otherName.1 =            SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
otherName.2 =            SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}

DNS.1       =                                       muc.{tmpl_var name='domain'}
otherName.3 =             xmppAddr;FORMAT:UTF8,UTF8:muc.{tmpl_var name='domain'}
otherName.4 =        SRVName;IA5STRING:_xmpp-server.muc.{tmpl_var name='domain'}

DNS.2       =                                    pubsub.{tmpl_var name='domain'}
otherName.5 =          xmppAddr;FORMAT:UTF8,UTF8:pubsub.{tmpl_var name='domain'}
otherName.6 =     SRVName;IA5STRING:_xmpp-server.pubsub.{tmpl_var name='domain'}

DNS.3       =                                      anon.{tmpl_var name='domain'}
otherName.7 =            xmppAddr;FORMAT:UTF8,UTF8:anon.{tmpl_var name='domain'}
otherName.8 =       SRVName;IA5STRING:_xmpp-server.anon.{tmpl_var name='domain'}

DNS.4       =                                      xmpp.{tmpl_var name='domain'}
otherName.9 =            xmppAddr;FORMAT:UTF8,UTF8:xmpp.{tmpl_var name='domain'}
otherName.10=       SRVName;IA5STRING:_xmpp-server.xmpp.{tmpl_var name='domain'}

DNS.5       =                                     proxy.{tmpl_var name='domain'}
otherName.11=           xmppAddr;FORMAT:UTF8,UTF8:proxy.{tmpl_var name='domain'}
otherName.12=      SRVName;IA5STRING:_xmpp-server.proxy.{tmpl_var name='domain'}

DNS.6       =                                      vjud.{tmpl_var name='domain'}
otherName.13=            xmppAddr;FORMAT:UTF8,UTF8:vjud.{tmpl_var name='domain'}
otherName.14=       SRVName;IA5STRING:_xmpp-server.vjud.{tmpl_var name='domain'}

 server/mods-available/xmpp_module.inc.php

@@ -79,6 +79,8 @@
        */

        $app->modules->registerTableHook('xmpp_domain', 'xmpp_module', 'process');
        $app->services->registerService('metronome', 'xmpp_module', 'reloadXMPP');
        $app->services->registerService('metronome', 'xmpp_module', 'restartXMPP');

    }

@@ -104,6 +106,26 @@
        } // end switch
    } // end function


    function restartXMPP($action = 'restart') {
        global $app, $conf;

        // load the server configuration options
        $app->uses('getconf,system');
        $xmpp_config = $app->getconf->get_server_config($conf['server_id'], 'xmpp');

        $daemon = 'metronome';

        $retval = array('output' => '', 'retval' => 0);
        if($action == 'restart') {
            $cmd = $app->system->getinitcommand($daemon, 'restart');
        } else {
            $cmd = $app->system->getinitcommand($daemon, 'reload');
        }
        exec($cmd.' 2>&1', $retval['output'], $retval['retval']);
        $app->log("Restarting xmpp: $cmd", LOGLEVEL_DEBUG);
        return $retval;
    }
} // end class

?>

 server/plugins-available/xmpp_plugin.inc.php

@@ -38,6 +38,10 @@

    var $xmpp_config_dir = '/etc/metronome';

    var $ssl_certificate_changed = false;
    var $ssl_certificate_deleted = false;


    //* This function is called during ispconfig installation to determine
    //  if a symlink shall be created for this plugin.
    function onInstall() {
@@ -64,6 +68,11 @@

        $app->plugins->registerEvent('server_insert', 'xmpp_plugin', 'insert');
        $app->plugins->registerEvent('server_update', 'xmpp_plugin', 'update');

        $app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'ssl');
        $app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'ssl');
        $app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'ssl');

        $app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'domainInsert');
        $app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'domainUpdate');
        $app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'domainDelete');
@@ -193,6 +202,10 @@

        }

        // Check for SSL
        if(strlen($data['new']['ssl_cert']) && strlen($data['new']['ssl_key']) && !$this->ssl_certificate_deleted || $this->ssl_certificate_changed)
            $tpl->setVar('ssl_cert', true);

        $app->system->file_put_contents($this->xmpp_config_dir.'/hosts/'.$data['new']['domain'].'.cfg.lua', $tpl->grab());
        unset($tpl);

@@ -207,7 +220,7 @@
            unset($tpl);
        }

        $app->services->restartServiceDelayed('metronome', 'restart');
        $app->services->restartServiceDelayed('metronome', 'reload');
    }

    function domainDelete($event_name, $data){
@@ -253,6 +266,131 @@
        exec('metronomectl deluser '.$data['old']['jid']);
    }

    // Handle the creation of SSL certificates
    function ssl($event_name, $data) {
        global $app, $conf;

        $app->uses('system,tpl');

        // load the server configuration options
        $app->uses('getconf');
        $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');

        $ssl_dir = '/etc/metronome/certs';
        $domain = $data['new']['domain'];
        $cnf_file = $ssl_dir.'/'.$domain.'.cnf';
        $key_file = $ssl_dir.'/'.$domain.'.key';
        $csr_file = $ssl_dir.'/'.$domain.'.csr';
        $crt_file = $ssl_dir.'/'.$domain.'.cert';

        //* Create a SSL Certificate, but only if this is not a mirror server.
        if($data['new']['ssl_action'] == 'create' && $conf['mirror_server_id'] == 0) {

            $this->ssl_certificate_changed = true;

            //* Rename files if they exist
            if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
            if(file_exists($key_file)){
                $app->system->rename($key_file, $key_file.'.bak');
                $app->system->chmod($key_file.'.bak', 0400);
                $app->system->chown($key_file.'.bak', 'metronome');
            }
            if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
            if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');

            // Write new CNF file
            $tpl = new tpl();
            $tpl->newTemplate('metronome_conf_ssl.master');
            $tpl->setVar('domain', $domain);
            $tpl->setVar('ssl_country', $data['new']['ssl_country']);
            $tpl->setVar('ssl_locality', $data['new']['ssl_locality']);
            $tpl->setVar('ssl_organisation', $data['new']['ssl_organisation']);
            $tpl->setVar('ssl_organisation_unit', $data['new']['ssl_organisation_unit']);
            $tpl->setVar('ssl_email', $data['new']['ssl_email']);
            $app->system->file_put_contents($cnf_file, $tpl->grab());

            // Generate new key, csr and cert
            exec("(cd /etc/metronome/certs && make $domain.key)");
            exec("(cd /etc/metronome/certs && make $domain.csr)");
            exec("(cd /etc/metronome/certs && make $domain.cert)");

            $ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
            $app->system->chmod($key_file, 0400);
            $app->system->chown($key_file, 'metronome');
            $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
            $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
            /* Update the DB of the (local) Server */
            $app->db->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
            $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
            /* Update also the master-DB of the Server-Farm */
            $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
            $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
            $app->log('Creating XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
        }

        //* Save a SSL certificate to disk
        if($data["new"]["ssl_action"] == 'save') {
            $this->ssl_certificate_changed = true;

            //* Rename files if they exist
            if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
            if(file_exists($key_file)){
                $app->system->rename($key_file, $key_file.'.bak');
                $app->system->chmod($key_file.'.bak', 0400);
                $app->system->chown($key_file.'.bak', 'metronome');
            }
            if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
            if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');

            //* Write new ssl files
            if(trim($data["new"]["ssl_request"]) != '')
                $app->system->file_put_contents($csr_file, $data["new"]["ssl_request"]);
            if(trim($data["new"]["ssl_cert"]) != '')
                $app->system->file_put_contents($crt_file, $data["new"]["ssl_cert"]);

            //* Write the key file, if field is empty then import the key into the db
            if(trim($data["new"]["ssl_key"]) != '') {
                $app->system->file_put_contents($key_file, $data["new"]["ssl_key"]);
                $app->system->chmod($key_file, 0400);
                $app->system->chown($key_file, 'metronome');
            } else {
                $ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
                /* Update the DB of the (local) Server */
                $app->db->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
                /* Update also the master-DB of the Server-Farm */
                $app->dbmaster->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
            }

            /* Update the DB of the (local) Server */
            $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");

            /* Update also the master-DB of the Server-Farm */
            $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
            $app->log('Saving XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
        }

        //* Delete a SSL certificate
        if($data['new']['ssl_action'] == 'del') {
            $this->ssl_certificate_deleted = true;
            $app->system->unlink($csr_file);
            $app->system->unlink($crt_file);
            $app->system->unlink($key_file);
            $app->system->unlink($cnf_file);
            $app->system->unlink($csr_file.'.bak');
            $app->system->unlink($crt_file.'.bak');
            $app->system->unlink($key_file.'.bak');
            $app->system->unlink($cnf_file.'.bak');
            /* Update the DB of the (local) Server */
            $app->db->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
            $app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
            /* Update also the master-DB of the Server-Farm */
            $app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
            $app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
            $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
        }

    }

} // end class

?>

			@@ -33,6 +33,16 @@
			$METRONOME stop >> /dev/null
			}

			reload()
			{
			&METRONOME reload >> /dev/null
			}

			restart()
			{
			&METRONOME restart >> /dev/null
			}

			case "$1" in
			start)
			echo -n "Starting Metronome..."
			@@ -42,13 +52,16 @@
			echo -n "Stopping Metronome..."
			stop &
			;;
			reload)
			echo -n "Reloading Metronome config..."
			reload &
			;;
			restart)
			echo -n "Restarting Metronome..."
			stop &
			start &
			restart &
			;;
			*)
			echo "Usage: $0 {start\|stop\|restart}" >&2
			echo "Usage: $0 {start\|stop\|reload\|restart}" >&2
			exit 1
			;;
			esac

			@@ -48,6 +48,18 @@
			`http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
			`use_status_host` enum('n','y') NOT NULL DEFAULT 'n',

			`ssl_state` varchar(255) NULL,
			`ssl_locality` varchar(255) NULL,
			`ssl_organisation` varchar(255) NULL,
			`ssl_organisation_unit` varchar(255) NULL,
			`ssl_country` varchar(255) NULL,
			`ssl_email` varchar(255) NULL,
			`ssl_request` mediumtext NULL,
			`ssl_cert` mediumtext NULL,
			`ssl_bundle` mediumtext NULL,
			`ssl_key` mediumtext NULL,
			`ssl_action` varchar(16) NULL,

			`active` enum('n','y') NOT NULL DEFAULT 'n',
			PRIMARY KEY (`domain_id`),
			KEY `server_id` (`server_id`,`domain`),

			@@ -2002,6 +2002,18 @@
			`http_archive_show_status` enum('n', 'y') NOT NULL DEFAULT 'n',
			`use_status_host` enum('n','y') NOT NULL DEFAULT 'n',

			`ssl_state` varchar(255) NULL,
			`ssl_locality` varchar(255) NULL,
			`ssl_organisation` varchar(255) NULL,
			`ssl_organisation_unit` varchar(255) NULL,
			`ssl_country` varchar(255) NULL,
			`ssl_email` varchar(255) NULL,
			`ssl_request` mediumtext NULL,
			`ssl_cert` mediumtext NULL,
			`ssl_bundle` mediumtext NULL,
			`ssl_key` mediumtext NULL,
			`ssl_action` varchar(16) NULL,

			`active` enum('n','y') NOT NULL DEFAULT 'n',
			PRIMARY KEY (`domain_id`),
			KEY `server_id` (`server_id`,`domain`),

			@@ -280,5 +280,128 @@
			)
			);

			$form["tabs"]['ssl'] = array (
			'title' => "SSL",
			'width' => 100,
			'template' => "templates/xmpp_domain_edit_ssl.htm",
			'readonly' => false,
			'fields' => array (
			//#################################
			// Begin Datatable fields
			//#################################
			'ssl_state' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'validators' => array ( 0 => array ( 'type' => 'REGEX',
			'regex' => '/^(([\.]{0})\|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
			'errmsg'=> 'ssl_state_error_regex'),
			),
			'default' => '',
			'value' => '',
			'width' => '30',
			'maxlength' => '255'
			),
			'ssl_locality' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'validators' => array ( 0 => array ( 'type' => 'REGEX',
			'regex' => '/^(([\.]{0})\|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
			'errmsg'=> 'ssl_locality_error_regex'),
			),
			'default' => '',
			'value' => '',
			'width' => '30',
			'maxlength' => '255'
			),
			'ssl_organisation' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'validators' => array ( 0 => array ( 'type' => 'REGEX',
			'regex' => '/^(([\.]{0})\|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
			'errmsg'=> 'ssl_organisation_error_regex'),
			),
			'default' => '',
			'value' => '',
			'width' => '30',
			'maxlength' => '255'
			),
			'ssl_organisation_unit' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'validators' => array ( 0 => array ( 'type' => 'REGEX',
			'regex' => '/^(([\.]{0})\|([-a-zA-Z0-9._,&äöüÄÖÜ ]{1,255}))$/',
			'errmsg'=> 'ssl_organistaion_unit_error_regex'),
			),
			'default' => '',
			'value' => '',
			'width' => '30',
			'maxlength' => '255'
			),
			'ssl_country' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'SELECT',
			'default' => '',
			'datasource' => array ( 'type' => 'SQL',
			'querystring' => 'SELECT iso,printable_name FROM country ORDER BY printable_name',
			'keyfield'=> 'iso',
			'valuefield'=> 'printable_name'
			),
			'value' => ''
			),
			'ssl_email' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'default' => '',
			'value' => '',
			'width' => '30',
			'maxlength' => '255',
			'validators' => array ( 0 => array ( 'type' => 'ISEMAIL',
			'errmsg'=> 'ssl_error_isemail')
			),
			),
			'ssl_key' => array (
			'datatype' => 'TEXT',
			'formtype' => 'TEXTAREA',
			'default' => '',
			'value' => '',
			'cols' => '30',
			'rows' => '10'
			),
			'ssl_request' => array (
			'datatype' => 'TEXT',
			'formtype' => 'TEXTAREA',
			'default' => '',
			'value' => '',
			'cols' => '30',
			'rows' => '10'
			),
			'ssl_cert' => array (
			'datatype' => 'TEXT',
			'formtype' => 'TEXTAREA',
			'default' => '',
			'value' => '',
			'cols' => '30',
			'rows' => '10'
			),
			'ssl_bundle' => array (
			'datatype' => 'TEXT',
			'formtype' => 'TEXTAREA',
			'default' => '',
			'value' => '',
			'cols' => '30',
			'rows' => '10'
			),
			'ssl_action' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'SELECT',
			'default' => '',
			'value' => array('' => 'none_txt', 'save' => 'save_certificate_txt', 'create' => 'create_certificate_txt', 'del' => 'delete_certificate_txt')
			),
			//#################################
			// ENDE Datatable fields
			//#################################
			)
			);


			?>

			@@ -30,4 +30,32 @@
			$wb["about_registration_url_txt"] = 'Link to your registration form.';
			$wb["about_registration_message_txt"] = 'Description about your account registration process.';
			$wb["no_corresponding_maildomain_txt"] = 'Corresponding mail domain for user management not found. Please create the mail domain first.';
			$wb['ssl_state_txt'] = 'State';
			$wb['ssl_locality_txt'] = 'Locality';
			$wb['ssl_organisation_txt'] = 'Organisation';
			$wb['ssl_organisation_unit_txt'] = 'Organisation Unit';
			$wb['ssl_country_txt'] = 'Country';
			$wb['ssl_key_txt'] = 'SSL Key';
			$wb['ssl_request_txt'] = 'SSL Request';
			$wb['ssl_cert_txt'] = 'SSL Certificate';
			$wb['ssl_bundle_txt'] = 'SSL Bundle';
			$wb['ssl_action_txt'] = 'SSL Action';
			$wb['ssl_email_txt'] = 'Email Address';
			$wb['ssl_txt'] = 'SSL';
			$wb['error_ssl_state_empty'] = 'SSL State is empty.';
			$wb['error_ssl_locality_empty'] = 'SSL Locality is empty.';
			$wb['error_ssl_organisation_empty'] = 'SSL Organisation is empty.';
			$wb['error_ssl_organisation_unit_empty'] = 'SSL Organisation Unit is empty.';
			$wb['error_ssl_country_empty'] = 'SSL Country is empty.';
			$wb['error_ssl_cert_empty'] = 'SSL Certificate field is empty';
			$wb['ssl_state_error_regex'] = 'Invalid SSL State. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
			$wb['ssl_locality_error_regex'] = 'Invalid SSL Locality. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
			$wb['ssl_organisation_error_regex'] = 'Invalid SSL Organisation. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
			$wb['ssl_organistaion_unit_error_regex'] = 'Invalid SSL Organisation Unit. Valid characters are: a-z, 0-9 and .,-_&äöüÄÖÜ';
			$wb['ssl_country_error_regex'] = 'Invalid SSL Country. Valid characters are: A-Z';
			$wb['none_txt'] = 'None';
			$wb['save_certificate_txt'] = 'Save certificate';
			$wb['create_certificate_txt'] = 'Create certificate';
			$wb['delete_certificate_txt'] = 'Delete certificate';
			$wb['ssl_error_isemail'] = 'Please enter a valid email adress for generation of the SSL certificate';
			?>

New file
			@@ -0,0 +1,100 @@
			<div class='page-header'>
			<h1><tmpl_var name="list_head_txt"></h1>
			</div>
			<p><tmpl_var name="list_desc_txt"></p>

			<tmpl_if name="config_error_msg">
			<div style="background: #ffdfdf; border: 1px solid #df7d7d; border-width: 1px 0; margin: 1.5em 0 1.5em 0; padding: 7px;">
			<p style="font-face:bold">{tmpl_var name='configuration_error_txt'}</p>
			<div>
			<div style="float:left;width:150px;">{tmpl_var name='config_error_tstamp'} : </div><div style="padding-left:150px;">{tmpl_var name='config_error_msg'}</div>
			</div>
			</div>
			</tmpl_if>


			<tmpl_if name='show_helper_links'>
			<div id="show_helper_links" style="display:none;">
			<label></label>
			<div class="col-sm-9">
			<a href="javascript:void(0);" id="load_data"><tmpl_if name='is_admin'>{tmpl_var name='load_client_data_txt'}</tmpl_else>{tmpl_var name='load_my_data_txt'}</tmpl_if></a>       <a href="javascript:void(0);" id="reset_data">{tmpl_var name='reset_client_data_txt'}</a>
			</div>
			</div>
			</tmpl_if>
			<div class="form-group">
			<label for="ssl_state" class="col-sm-3 control-label">{tmpl_var name='ssl_state_txt'}</label>
			<div class="col-sm-9"><input type="text" name="ssl_state" id="ssl_state" value="{tmpl_var name='ssl_state'}" class="form-control" /></div></div>
			<div class="form-group">
			<label for="ssl_locality" class="col-sm-3 control-label">{tmpl_var name='ssl_locality_txt'}</label>
			<div class="col-sm-9"><input type="text" name="ssl_locality" id="ssl_locality" value="{tmpl_var name='ssl_locality'}" class="form-control" /></div></div>
			<div class="form-group">
			<label for="ssl_organisation" class="col-sm-3 control-label">{tmpl_var name='ssl_organisation_txt'}</label>
			<div class="col-sm-9"><input type="text" name="ssl_organisation" id="ssl_organisation" value="{tmpl_var name='ssl_organisation'}" class="form-control" /></div></div>
			<div class="form-group">
			<label for="ssl_organisation_unit" class="col-sm-3 control-label">{tmpl_var name='ssl_organisation_unit_txt'}</label>
			<div class="col-sm-9"><input type="text" name="ssl_organisation_unit" id="ssl_organisation_unit" value="{tmpl_var name='ssl_organisation_unit'}" class="form-control" /></div></div>
			<div class="form-group">
			<label for="ssl_country" class="col-sm-3 control-label">{tmpl_var name='ssl_country_txt'}</label>
			<div class="col-sm-9"><select name="ssl_country" id="ssl_country" class="form-control flags">
			{tmpl_var name='ssl_country'}
			</select></div>
			</div>
			<div class="form-group">
			<label for="ssl_email" class="col-sm-3 control-label">{tmpl_var name='ssl_email_txt'}</label>
			<div class="col-sm-9"><input type="email" name="ssl_email" id="ssl_email" value="{tmpl_var name='ssl_email'}" class="form-control" /></div></div>
			<div class="form-group">
			<label for="ssl_request" class="col-sm-3 control-label">{tmpl_var name='ssl_key_txt'}</label>
			<div class="col-sm-9"><textarea class="form-control" name="ssl_key" id="ssl_key" rows='10' cols='30'>{tmpl_var name='ssl_key'}</textarea></div>
			</div>
			<div class="form-group">
			<label for="ssl_request" class="col-sm-3 control-label">{tmpl_var name='ssl_request_txt'}</label>
			<div class="col-sm-9"><textarea class="form-control" name="ssl_request" id="ssl_request" rows='10' cols='30'>{tmpl_var name='ssl_request'}</textarea></div>
			</div>
			<div class="form-group">
			<label for="ssl_cert" class="col-sm-3 control-label">{tmpl_var name='ssl_cert_txt'}</label>
			<div class="col-sm-9"><textarea class="form-control" name="ssl_cert" id="ssl_cert" rows='10' cols='30'>{tmpl_var name='ssl_cert'}</textarea></div>
			</div>
			<div class="form-group">
			<label for="ssl_action" class="col-sm-3 control-label">{tmpl_var name='ssl_action_txt'}</label>
			<div class="col-sm-9"><select name="ssl_action" id="ssl_action" class="form-control">
			{tmpl_var name='ssl_action'}
			</select></div>
			</div>


			<input type="hidden" name="id" value="{tmpl_var name='id'}">
			<input type="hidden" name="type" value="ssl">

			<div class="clear"><div class="right">
			<button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="mail/xmpp_domain_edit.php">{tmpl_var name='btn_save_txt'}</button>
			<button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="mail/xmpp_domain_list.php">{tmpl_var name='btn_cancel_txt'}</button>
			</div></div>

			<script>
			<!--
			<tmpl_if name='show_helper_links'>
			if($("input[name=id]").val() > 0) $('#show_helper_links:hidden').show();

			$('#reset_data').click(function(){
			$('#ssl_organisation').add('#ssl_locality').add('#ssl_state').add('#ssl_organisation_unit').val('');
			$('#ssl_country').val($("#ssl_country option:first").val());
			});
			$('#load_data').click(function(){
			loadClientData();
			});


			function loadClientData() {
			var web_id = $("input[name=id]").val();

			jQuery.getJSON('sites/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {'web_id': web_id, 'type': "getclientssldata"}, function(data) {
			$('#ssl_organisation').val(data['company_name']);
			$('#ssl_locality').val(data['city']);
			$('#ssl_country').val(data['country']);
			$('#ssl_state').val(data['state']);
			$('#ssl_organisation_unit').val('IT');
			});
			}
			</tmpl_if>
			//-->
			</script>

			@@ -49,14 +49,16 @@
			$app->load('tform_actions');

			class page_action extends tform_actions {
			var $_xmpp_type = 'domain';
			var $_xmpp_type = 'server';

			function onLoad() {
			$show_type = 'server';
			if(isset($_GET['type']) && $_GET['type'] == 'modules') {
			if(isset($_REQUEST['type']) && $_REQUEST['type'] == 'modules') {
			$show_type = 'modules';
			} elseif(isset($_GET['type']) && $_GET['type'] == 'muc') {
			} elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'muc') {
			$show_type = 'muc';
			}elseif(isset($_REQUEST['type']) && $_REQUEST['type'] == 'ssl') {
			$show_type = 'ssl';
			}

			$_SESSION['s']['var']['xmpp_type'] = $show_type;
			@@ -363,6 +365,21 @@
			}
			}

			if($this->_xmpp_type == 'ssl'){
			//* Check that all fields for the SSL cert creation are filled
			if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'create') {
			if($this->dataRecord['ssl_state'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_state_empty').'<br />';
			if($this->dataRecord['ssl_locality'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_locality_empty').'<br />';
			if($this->dataRecord['ssl_organisation'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_empty').'<br />';
			if($this->dataRecord['ssl_organisation_unit'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_organisation_unit_empty').'<br />';
			if($this->dataRecord['ssl_country'] == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_country_empty').'<br />';
			}

			if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'save') {
			if(trim($this->dataRecord['ssl_cert']) == '') $app->tform->errorMessage .= $app->tform->lng('error_ssl_cert_empty').'<br />';
			}
			}

			//* make sure that the xmpp domain is lowercase
			if(isset($this->dataRecord["domain"])) $this->dataRecord["domain"] = strtolower($this->dataRecord["domain"]);

			@@ -52,12 +52,12 @@
			admins = {
			{tmpl_var name='domain_admins'}
			};
			-- TODO: SSL Certs for Hosts
			-- ssl = {
			-- key = "/var/lib/metronome/iplay-esports.de.key",
			-- certificate = "/var/lib/metronome/iplay-esports.de.crt",
			-- };

			<tmpl_if name='ssl_cert' op='==' value='true'>
			ssl = {
			key = "/etc/metronome/certs/{tmpl_var name='domain'}.key",
			certificate = "/etc/metronome/certs/{tmpl_var name='domain'}.cert",
			};
			</tmpl_if>

			<tmpl_if name='use_proxy' op='==' value='true'>
			VirtualHost "anon.{tmpl_var name='domain'}"

New file
			@@ -0,0 +1,72 @@
			oid_section = new_oids

			[ new_oids ]

			# RFC 3920 section 5.1.1 defines this OID
			xmppAddr = 1.3.6.1.5.5.7.8.5

			# RFC 4985 defines this OID
			SRVName = 1.3.6.1.5.5.7.8.7

			[ req ]

			default_bits = 4096
			default_keyfile = {tmpl_var name='domain'}.key
			distinguished_name = distinguished_name
			req_extensions = v3_extensions
			x509_extensions = v3_extensions

			# ask about the DN?
			prompt = no

			[ distinguished_name ]

			commonName = {tmpl_var name='domain'}
			countryName = {tmpl_var name='ssl_country'}
			localityName = {tmpl_var name='ssl_locality'}
			organizationName = {tmpl_var name='ssl_organisation'}
			organizationalUnitName = {tmpl_var name='ssl_organisation_unit'}
			emailAddress = {tmpl_var name='ssl_email'}

			[ v3_extensions ]

			# for certificate requests (req_extensions)
			# and self-signed certificates (x509_extensions)

			basicConstraints = CA:FALSE
			keyUsage = digitalSignature,keyEncipherment
			extendedKeyUsage = serverAuth,clientAuth
			subjectAltName = @subject_alternative_name

			[ subject_alternative_name ]

			# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.

			DNS.0 = {tmpl_var name='domain'}
			otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:{tmpl_var name='domain'}
			otherName.1 = SRVName;IA5STRING:_xmpp-client.{tmpl_var name='domain'}
			otherName.2 = SRVName;IA5STRING:_xmpp-server.{tmpl_var name='domain'}

			DNS.1 = muc.{tmpl_var name='domain'}
			otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:muc.{tmpl_var name='domain'}
			otherName.4 = SRVName;IA5STRING:_xmpp-server.muc.{tmpl_var name='domain'}

			DNS.2 = pubsub.{tmpl_var name='domain'}
			otherName.5 = xmppAddr;FORMAT:UTF8,UTF8:pubsub.{tmpl_var name='domain'}
			otherName.6 = SRVName;IA5STRING:_xmpp-server.pubsub.{tmpl_var name='domain'}

			DNS.3 = anon.{tmpl_var name='domain'}
			otherName.7 = xmppAddr;FORMAT:UTF8,UTF8:anon.{tmpl_var name='domain'}
			otherName.8 = SRVName;IA5STRING:_xmpp-server.anon.{tmpl_var name='domain'}

			DNS.4 = xmpp.{tmpl_var name='domain'}
			otherName.9 = xmppAddr;FORMAT:UTF8,UTF8:xmpp.{tmpl_var name='domain'}
			otherName.10= SRVName;IA5STRING:_xmpp-server.xmpp.{tmpl_var name='domain'}

			DNS.5 = proxy.{tmpl_var name='domain'}
			otherName.11= xmppAddr;FORMAT:UTF8,UTF8:proxy.{tmpl_var name='domain'}
			otherName.12= SRVName;IA5STRING:_xmpp-server.proxy.{tmpl_var name='domain'}

			DNS.6 = vjud.{tmpl_var name='domain'}
			otherName.13= xmppAddr;FORMAT:UTF8,UTF8:vjud.{tmpl_var name='domain'}
			otherName.14= SRVName;IA5STRING:_xmpp-server.vjud.{tmpl_var name='domain'}

			@@ -79,6 +79,8 @@
			*/

			$app->modules->registerTableHook('xmpp_domain', 'xmpp_module', 'process');
			$app->services->registerService('metronome', 'xmpp_module', 'reloadXMPP');
			$app->services->registerService('metronome', 'xmpp_module', 'restartXMPP');

			}

			@@ -104,6 +106,26 @@
			} // end switch
			} // end function


			function restartXMPP($action = 'restart') {
			global $app, $conf;

			// load the server configuration options
			$app->uses('getconf,system');
			$xmpp_config = $app->getconf->get_server_config($conf['server_id'], 'xmpp');

			$daemon = 'metronome';

			$retval = array('output' => '', 'retval' => 0);
			if($action == 'restart') {
			$cmd = $app->system->getinitcommand($daemon, 'restart');
			} else {
			$cmd = $app->system->getinitcommand($daemon, 'reload');
			}
			exec($cmd.' 2>&1', $retval['output'], $retval['retval']);
			$app->log("Restarting xmpp: $cmd", LOGLEVEL_DEBUG);
			return $retval;
			}
			} // end class

			?>

			@@ -38,6 +38,10 @@

			var $xmpp_config_dir = '/etc/metronome';

			var $ssl_certificate_changed = false;
			var $ssl_certificate_deleted = false;


			//* This function is called during ispconfig installation to determine
			// if a symlink shall be created for this plugin.
			function onInstall() {
			@@ -64,6 +68,11 @@

			$app->plugins->registerEvent('server_insert', 'xmpp_plugin', 'insert');
			$app->plugins->registerEvent('server_update', 'xmpp_plugin', 'update');

			$app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'ssl');
			$app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'ssl');
			$app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'ssl');

			$app->plugins->registerEvent('xmpp_domain_insert', 'xmpp_plugin', 'domainInsert');
			$app->plugins->registerEvent('xmpp_domain_update', 'xmpp_plugin', 'domainUpdate');
			$app->plugins->registerEvent('xmpp_domain_delete', 'xmpp_plugin', 'domainDelete');
			@@ -193,6 +202,10 @@

			}

			// Check for SSL
			if(strlen($data['new']['ssl_cert']) && strlen($data['new']['ssl_key']) && !$this->ssl_certificate_deleted \|\| $this->ssl_certificate_changed)
			$tpl->setVar('ssl_cert', true);

			$app->system->file_put_contents($this->xmpp_config_dir.'/hosts/'.$data['new']['domain'].'.cfg.lua', $tpl->grab());
			unset($tpl);

			@@ -207,7 +220,7 @@
			unset($tpl);
			}

			$app->services->restartServiceDelayed('metronome', 'restart');
			$app->services->restartServiceDelayed('metronome', 'reload');
			}

			function domainDelete($event_name, $data){
			@@ -253,6 +266,131 @@
			exec('metronomectl deluser '.$data['old']['jid']);
			}

			// Handle the creation of SSL certificates
			function ssl($event_name, $data) {
			global $app, $conf;

			$app->uses('system,tpl');

			// load the server configuration options
			$app->uses('getconf');
			$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');

			$ssl_dir = '/etc/metronome/certs';
			$domain = $data['new']['domain'];
			$cnf_file = $ssl_dir.'/'.$domain.'.cnf';
			$key_file = $ssl_dir.'/'.$domain.'.key';
			$csr_file = $ssl_dir.'/'.$domain.'.csr';
			$crt_file = $ssl_dir.'/'.$domain.'.cert';

			//* Create a SSL Certificate, but only if this is not a mirror server.
			if($data['new']['ssl_action'] == 'create' && $conf['mirror_server_id'] == 0) {

			$this->ssl_certificate_changed = true;

			//* Rename files if they exist
			if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
			if(file_exists($key_file)){
			$app->system->rename($key_file, $key_file.'.bak');
			$app->system->chmod($key_file.'.bak', 0400);
			$app->system->chown($key_file.'.bak', 'metronome');
			}
			if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
			if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');

			// Write new CNF file
			$tpl = new tpl();
			$tpl->newTemplate('metronome_conf_ssl.master');
			$tpl->setVar('domain', $domain);
			$tpl->setVar('ssl_country', $data['new']['ssl_country']);
			$tpl->setVar('ssl_locality', $data['new']['ssl_locality']);
			$tpl->setVar('ssl_organisation', $data['new']['ssl_organisation']);
			$tpl->setVar('ssl_organisation_unit', $data['new']['ssl_organisation_unit']);
			$tpl->setVar('ssl_email', $data['new']['ssl_email']);
			$app->system->file_put_contents($cnf_file, $tpl->grab());

			// Generate new key, csr and cert
			exec("(cd /etc/metronome/certs && make $domain.key)");
			exec("(cd /etc/metronome/certs && make $domain.csr)");
			exec("(cd /etc/metronome/certs && make $domain.cert)");

			$ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
			$app->system->chmod($key_file, 0400);
			$app->system->chown($key_file, 'metronome');
			$ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));
			$ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));
			/* Update the DB of the (local) Server */
			$app->db->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
			$app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
			/* Update also the master-DB of the Server-Farm */
			$app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
			$app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
			$app->log('Creating XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
			}

			//* Save a SSL certificate to disk
			if($data["new"]["ssl_action"] == 'save') {
			$this->ssl_certificate_changed = true;

			//* Rename files if they exist
			if(file_exists($cnf_file)) $app->system->rename($cnf_file, $cnf_file.'.bak');
			if(file_exists($key_file)){
			$app->system->rename($key_file, $key_file.'.bak');
			$app->system->chmod($key_file.'.bak', 0400);
			$app->system->chown($key_file.'.bak', 'metronome');
			}
			if(file_exists($csr_file)) $app->system->rename($csr_file, $csr_file.'.bak');
			if(file_exists($crt_file)) $app->system->rename($crt_file, $crt_file.'.bak');

			//* Write new ssl files
			if(trim($data["new"]["ssl_request"]) != '')
			$app->system->file_put_contents($csr_file, $data["new"]["ssl_request"]);
			if(trim($data["new"]["ssl_cert"]) != '')
			$app->system->file_put_contents($crt_file, $data["new"]["ssl_cert"]);

			//* Write the key file, if field is empty then import the key into the db
			if(trim($data["new"]["ssl_key"]) != '') {
			$app->system->file_put_contents($key_file, $data["new"]["ssl_key"]);
			$app->system->chmod($key_file, 0400);
			$app->system->chown($key_file, 'metronome');
			} else {
			$ssl_key = $app->db->quote($app->system->file_get_contents($key_file));
			/* Update the DB of the (local) Server */
			$app->db->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
			/* Update also the master-DB of the Server-Farm */
			$app->dbmaster->query("UPDATE xmpp_domain SET ssl_key = '$ssl_key' WHERE domain = '".$data['new']['domain']."'");
			}

			/* Update the DB of the (local) Server */
			$app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");

			/* Update also the master-DB of the Server-Farm */
			$app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
			$app->log('Saving XMPP SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
			}

			//* Delete a SSL certificate
			if($data['new']['ssl_action'] == 'del') {
			$this->ssl_certificate_deleted = true;
			$app->system->unlink($csr_file);
			$app->system->unlink($crt_file);
			$app->system->unlink($key_file);
			$app->system->unlink($cnf_file);
			$app->system->unlink($csr_file.'.bak');
			$app->system->unlink($crt_file.'.bak');
			$app->system->unlink($key_file.'.bak');
			$app->system->unlink($cnf_file.'.bak');
			/* Update the DB of the (local) Server */
			$app->db->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
			$app->db->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
			/* Update also the master-DB of the Server-Farm */
			$app->dbmaster->query("UPDATE xmpp_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = '".$data['new']['domain']."'");
			$app->dbmaster->query("UPDATE xmpp_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");
			$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
			}

			}

			} // end class

			?>