Permalink
Browse files

add a default certificate for the fast server

  • Loading branch information...
1 parent 913190b commit 010e8c0e5880a22632156d47eb76c101c7c27dfa @adamcooke adamcooke committed May 5, 2017
Showing with 55 additions and 7 deletions.
  1. +2 −0 .gitignore
  2. +2 −0 config/postal.defaults.yml
  3. +29 −4 lib/postal/config.rb
  4. +3 −3 lib/postal/fast_server/client.rb
  5. +19 −0 script/generate_initial_config.rb
View
@@ -21,6 +21,8 @@ config/smtp.cert
config/smtp.key
config/lets_encrypt.pem
config/signing.key
+config/fast_server.cert
+config/fast_server.key
public/assets
vendor/bundle
@@ -25,6 +25,8 @@ fast_server:
port: 5010
ssl_port: 5011
proxy_protocol: false
+ default_private_key_path: # Defaults to config/fast_server.key
+ default_tls_certificate_path: # Defaults to config/fast_server.cert
main_db:
host: 127.0.0.1
View
@@ -103,14 +103,14 @@ def self.smtp_from_address
config.smtp&.from_address || "postal@example.com"
end
- def self.smtp_private_key
- @smtp_private_key ||= OpenSSL::PKey::RSA.new(File.read(smtp_private_key_path))
- end
-
def self.smtp_private_key_path
config.smtp_server.tls_private_key_path || config_root.join('smtp.key')
end
+ def self.smtp_private_key
+ @smtp_private_key ||= OpenSSL::PKey::RSA.new(File.read(smtp_private_key_path))
+ end
+
def self.smtp_certificate_path
config.smtp_server.tls_certificate_path || config_root.join('smtp.cert')
end
@@ -128,6 +128,31 @@ def self.smtp_certificates
end
end
+ def self.fast_server_default_private_key_path
+ config.fast_server.default_private_key_path || config_root.join('fast_server.key')
+ end
+
+ def self.fast_server_default_private_key
+ @fast_server_default_private_key ||= OpenSSL::PKey::RSA.new(File.read(fast_server_default_private_key_path))
+ end
+
+ def self.fast_server_default_certificate_path
+ config.fast_server.default_tls_certificate_path || config_root.join('fast_server.cert')
+ end
+
+ def self.fast_server_default_certificate_data
+ @fast_server_default_certificate_data ||= File.read(fast_server_default_certificate_path)
+ end
+
+ def self.fast_server_default_certificates
+ @fast_server_default_certificates ||= begin
+ certs = self.fast_server_default_certificate_data.scan(/-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----/m)
+ certs.map do |c|
+ OpenSSL::X509::Certificate.new(c)
+ end.freeze
+ end
+ end
+
def self.lets_encrypt_private_key_path
@lets_encrypt_private_key_path ||= Postal.config_root.join('lets_encrypt.pem')
end
@@ -140,9 +140,9 @@ def self.ssl_context(domain_name = nil)
end
if ssl_context.cert.nil?
- ssl_context.cert = Postal.smtp_certificates[0]
- ssl_context.extra_chain_cert = Postal.smtp_certificates[1..-1]
- ssl_context.key = Postal.smtp_private_key
+ ssl_context.cert = Postal.fast_server_default_certificates[0]
+ ssl_context.extra_chain_cert = Postal.fast_server_default_certificates[1..-1]
+ ssl_context.key = Postal.fast_server_default_private_key
end
ssl_context.ssl_version = "SSLv23"
@@ -26,3 +26,22 @@
File.open(Postal.signing_key_path, 'w') { |f| f.write(key) }
puts "Created new signing key for DKIM & HTTP requests"
end
+
+unless File.exists?(Postal.fast_server_default_private_key_path)
+ key = OpenSSL::PKey::RSA.new(2048).to_s
+ File.open(Postal.fast_server_default_private_key_path, 'w') { |f| f.write(key) }
+ puts "Created new private key for default fast server TLS connections"
+end
+
+unless File.exist?(Postal.fast_server_default_certificate_path)
+ cert = OpenSSL::X509::Certificate.new
+ cert.subject = cert.issuer = OpenSSL::X509::Name.parse("/C=GB/O=Default/OU=Default/CN=default")
+ cert.not_before = Time.now
+ cert.not_after = Time.now + (365 * 24 * 60 * 60) * 10
+ cert.public_key = Postal.fast_server_default_private_key.public_key
+ cert.serial = 0x0
+ cert.version = 2
+ cert.sign Postal.fast_server_default_private_key, OpenSSL::Digest::SHA256.new
+ File.open(Postal.fast_server_default_certificate_path, 'w') { |f| f.write(cert.to_pem) }
+ puts "Created new self signed certificate for default fast server TLS connections"
+end

0 comments on commit 010e8c0

Please sign in to comment.