Site.php 3.63 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11
<?php

/**
 * Base class for SSL enabled virtual hosts.
 *
 * This class primarily abstracts the process of making sure the relevant keys
 * are synched to the server when the config files that use them get created.
 */
class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site {
  public $template = 'vhost_ssl.tpl.php';
  public $disabled_template = 'vhost_ssl_disabled.tpl.php';
12
  public $ssl_cert_ok = TRUE;
13 14 15 16 17 18 19 20 21 22 23 24 25 26

  public $description = 'encrypted virtual host configuration';

  function write() {
    if ($this->ssl_enabled && $this->ssl_key) {
      $path = dirname($this->data['ssl_cert']);
      // Make sure the ssl.d directory in the server ssl.d exists. 
      provision_file()->create_dir($path, 
      dt("SSL Certificate directory for %key on %server", array(
        '%key' => $this->ssl_key,
        '%server' => $this->data['server']->remote_host,
      )), 0700);

      // Touch a file in the server's copy of this key, so that it knows the key is in use.
27 28
      // XXX: test. data structure may not be sound. try d($this->uri)
      // if $this fails
29
      Provision_Service_http_ssl::assign_certificate_site($this->ssl_key, $this);
30
      
31
      // Copy the certificates to the server's ssl.d directory.
32 33 34 35 36 37 38 39
      if (!provision_file()->copy($this->data['ssl_cert_source'], $this->data['ssl_cert'])->status()) {
        drush_set_error('SSL_CERT_COPY_FAIL', dt('failed to copy SSL certificate in place'));
        $this->ssl_cert_ok = FALSE;
      }
      if (!provision_file()->copy($this->data['ssl_cert_key_source'], $this->data['ssl_cert_key'])->status()) {
        drush_set_error('SSL_KEY_COPY_FAIL', dt('failed to copy SSL key in place'));
        $this->ssl_cert_ok = FALSE;
      }
40 41
      // Copy the chain certificate, if it is set.
      if (!empty($this->data['ssl_chain_cert_source'])) {
42 43 44 45
        if (!provision_file()->copy($this->data['ssl_chain_cert_source'], $this->data['ssl_chain_cert'])->status()) {
          drush_set_error('SSL_CHAIN_COPY_FAIL', dt('failed to copy SSL certficate chain in place'));
          $this->ssl_cert_ok = FALSE;
        }
46
      }
47 48 49 50

      // If cert is not ok, turn off ssl_redirection.
      if ($this->ssl_cert_ok == FALSE) {
        $this->data['ssl_redirection'] = FALSE;
51
        drush_log(dt('SSL Certificate preparation failed. SSL has been disabled for this site.'), 'warning');
52 53
      }

54 55 56 57 58
      // Sync the key directory to the remote server.
      $this->data['server']->sync($path, array(
       'exclude' => "{$path}/*.receipt",  // Don't need to synch the receipts
     ));
    }
59 60 61 62

    // Call parent's write AFTER ensuring the certificates are in place to prevent
    // the vhost from referencing missing files.
    parent::write();
63 64 65 66 67 68 69 70
  }

  /**
   * Remove a stale certificate file from the server.
   */
  function unlink() {
    parent::unlink();

71 72
    if ($this->ssl_enabled) {
      // XXX: to be tested, not sure the data structure is sound
73 74 75 76 77 78 79 80
      //
      // ACHTUNG! This deletes even perfectly good certificate and key.
      // There is no check in place to determine if the cert is "stale".
      // Not sure what the idea was behind this cleanup, but it looks like
      // an unfinished work, aggressively deleting existing cert/key pair,
      // even if there is absolutely no reason to do so -- like when the site
      // is simply migrated to another platform, while its name doesn't change.
      //
81 82
      Provision_Service_http_ssl::free_certificate_site($this->ssl_key, $this);
    }
83 84 85 86
  }
  
  /**
   * Small utility function to stop code duplication.
87 88 89
   *
   * @deprecated unused
   * @see Provision_Service_http_ssl::free_certificate_site()
90 91
   */
  private function clear_certs($ssl_key) {
92
    return FALSE;
93 94 95
  }
}