From 2ebf7f902a47934a05d24a3e671fcf150392ef43 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Tue, 27 Jan 2015 20:11:41 +0000
Subject: [PATCH] Check that certificates are created

---
 src/freedombone | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/src/freedombone b/src/freedombone
index 18e4be85..fe52e873 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -1225,6 +1225,25 @@ function read_configuration {
   fi
 }
 
+# Checks whether certificates were generated for the given hostname
+function check_certificates {
+  if [ ! $1 ]; then
+      return
+  fi
+  if [ ! -f /etc/ssl/private/$1.key ]; then
+      echo "Private certificate for $CHECK_HOSTNAME was not created"
+      exit 63959
+  fi
+  if [ ! -f /etc/ssl/certs/$1.crt ]; then
+      echo "Public certificate for $CHECK_HOSTNAME was not created"
+      exit 7679
+  fi
+  if [ ! -f /etc/ssl/certs/$1.dhparam ]; then
+      echo "Diffie–Hellman parameters for $CHECK_HOSTNAME were not created"
+      exit 5989
+  fi
+}
+
 function install_not_on_BBB {
   if grep -Fxq "install_not_on_BBB" $COMPLETION_FILE; then
       return
@@ -2736,7 +2755,7 @@ function create_restore_script {
   echo '  rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_SCRIPT_NAME
   echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
   echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
-  
+
   echo 'sync' >> /usr/bin/$RESTORE_SCRIPT_NAME
   echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
   echo "# Unmount the USB drive" >> /usr/bin/$RESTORE_SCRIPT_NAME
@@ -3312,7 +3331,7 @@ function backup_to_friends_servers {
   echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
   echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 
-  
+
   if [[ $BACKUP_INCLUDES_DATABASES == "yes" ]]; then
       echo '# Mysql settings' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
       echo 'if [ ! -d $SERVER_DIRECTORY/backup/mariadb ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
@@ -3890,7 +3909,7 @@ function restore_from_friend {
   echo '  rm -rf /root/tempvoip' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
   echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
   echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
-  
+
   echo 'if [ -d $SERVER_DIRECTORY/backup/mail ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
   echo '  echo "Restoring emails"' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
   echo '  mkdir /root/tempmail' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
@@ -4991,6 +5010,7 @@ function configure_email {
   # make a tls certificate for email
   if [ ! -f /etc/ssl/private/exim.key ]; then
       makecert exim
+      check_certificates exim
   fi
   cp /etc/ssl/private/exim.key /etc/exim4
   cp /etc/ssl/certs/exim.crt /etc/exim4
@@ -5178,6 +5198,7 @@ function configure_imap {
 
   if [ ! -f /etc/ssl/private/dovecot.key ]; then
       makecert dovecot
+      check_certificates dovecot
   fi
   chown root:dovecot /etc/ssl/certs/dovecot.*
   chown root:dovecot /etc/ssl/private/dovecot.*
@@ -6492,6 +6513,7 @@ quit" > $INSTALL_DIR/batch.sql
 
   if [ ! -f /etc/ssl/private/$OWNCLOUD_DOMAIN_NAME.key ]; then
       makecert $OWNCLOUD_DOMAIN_NAME
+      check_certificates $OWNCLOUD_DOMAIN_NAME
   fi
 
   # Ensure that the database gets backed up locally, if remote
@@ -6568,6 +6590,7 @@ function install_xmpp {
 
   if [ ! -f "/etc/ssl/private/xmpp.key" ]; then
       makecert xmpp
+      check_certificates xmpp
   fi
   chown prosody:prosody /etc/ssl/private/xmpp.key
   chown prosody:prosody /etc/ssl/certs/xmpp.*
@@ -6691,6 +6714,7 @@ function install_irc_server {
 
   if [ ! -f /etc/ssl/private/ngircd.key ]; then
       makecert ngircd
+      check_certificates ngircd
   fi
 
   echo '**************************************************' > /etc/ngircd/motd
@@ -6779,6 +6803,7 @@ function install_wiki {
   fi
   if [ ! -f /etc/ssl/private/$WIKI_DOMAIN_NAME.key ]; then
       makecert $WIKI_DOMAIN_NAME
+      check_certificates $WIKI_DOMAIN_NAME
   fi
 
   ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
@@ -7056,6 +7081,7 @@ function install_blog {
 
   if [ ! -f /etc/ssl/private/$FULLBLOG_DOMAIN_NAME.key ]; then
       makecert $FULLBLOG_DOMAIN_NAME
+      check_certificates $FULLBLOG_DOMAIN_NAME
   fi
 
   echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
@@ -7415,6 +7441,7 @@ quit" > $INSTALL_DIR/batch.sql
 
   if [ ! -f /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key ]; then
       makecert $MICROBLOG_DOMAIN_NAME
+      check_certificates $MICROBLOG_DOMAIN_NAME
   fi
 
   # Ensure that the database gets backed up locally, if remote
@@ -7686,6 +7713,7 @@ quit" > $INSTALL_DIR/batch.sql
 
   if [ ! -f /etc/ssl/private/$REDMATRIX_DOMAIN_NAME.key ]; then
       makecert $REDMATRIX_DOMAIN_NAME
+      check_certificates $REDMATRIX_DOMAIN_NAME
   fi
 
   if [ ! -d /var/www/$REDMATRIX_DOMAIN_NAME/htdocs/view/tpl/smarty3 ]; then
@@ -8585,6 +8613,7 @@ function install_voip {
   # Make an ssl cert for the server
   if [ ! -f /etc/ssl/certs/mumble.crt ]; then
       makecert mumble
+      check_certificates mumble
   fi
 
   # Check that the cert was created