xmpp uses cert if available

src/freedombone-app-xmpp

@@ -46,7 +46,8 @@ xmpp_variables=(ONION_ONLY
                 XMPP_ECC_CURVE
                 XMPP_ECC_CURVE
                 MY_USERNAME
-                DEFAULT_DOMAIN_NAME)
+                DEFAULT_DOMAIN_NAME
+                XMPP_DOMAIN_CODE)
 
 function remove_user_xmpp {
     remove_username="$1"
@@ -312,7 +313,7 @@ function install_xmpp_main {
 
     if [ ! -d /etc/prosody ]; then
         echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
-        exit 52
+        exit 52367
     fi
 
     # obtain the prosody modules
@@ -331,18 +332,29 @@ function install_xmpp_main {
     fi
 
     # create a certificate
-    if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
-        ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
-        check_certificates xmpp
+    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
+            ${PROJECT_NAME}-addcert -h xmpp --dhkey $DH_KEYLENGTH
+            check_certificates xmpp
+        fi
     fi
     chown prosody:prosody /etc/ssl/private/xmpp.key
     chown prosody:prosody /etc/ssl/certs/xmpp.*
     cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
 
-    sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
-    sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        sed -i "s|/etc/prosody/certs/example.com.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i "s|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+    else
+        sed -i 's|/etc/prosody/certs/example.com.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i 's|/etc/prosody/certs/example.com.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
     if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-        sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
+        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
+            sed -i "/certificate =/a\        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
+        else
+            sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
+        fi
     fi
     if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
         sed -i '/certificate =/a\        options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
@@ -386,10 +398,19 @@ function install_xmpp_main {
     fi
     ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua
 
-    sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
-    sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        sed -i "s|/etc/prosody/certs/localhost.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+        sed -i "s|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+    else
+        sed -i 's|/etc/prosody/certs/localhost.key|/etc/ssl/private/xmpp.key|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|/etc/prosody/certs/localhost.crt|/etc/ssl/certs/xmpp.crt|g' /etc/prosody/prosody.cfg.lua
+    fi
     if ! grep -q "xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then
-        sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
+        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
+            sed -i "/certificate =/a\    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/prosody.cfg.lua
+        else
+            sed -i '/certificate =/a\    dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/prosody.cfg.lua
+        fi
     fi
     if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/prosody.cfg.lua; then
         sed -i '/certificate =/a\    options = {"no_sslv2", "no_sslv3" };' /etc/prosody/prosody.cfg.lua
@@ -413,8 +434,14 @@ function install_xmpp_main {
     sed -i 's/--"bosh";/"bosh";/g' /etc/prosody/prosody.cfg.lua
     sed -i 's/authentication = "internal_plain"/authentication = "internal_hashed"/g' /etc/prosody/prosody.cfg.lua
     sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/prosody.cfg.lua
-    sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
-    sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        # use an existing cert if possible
+        sed -i "s|key = \"/etc/prosody/certs/example.com.key\"|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\"|g" /etc/prosody/prosody.cfg.lua
+        sed -i "s|certificate = \"/etc/prosody/certs/example.com.crt\"|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\"|g" /etc/prosody/prosody.cfg.lua
+    else
+        sed -i 's|key = "/etc/prosody/certs/example.com.key"|key = "/etc/ssl/private/xmpp.key"|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|certificate = "/etc/prosody/certs/example.com.crt"|certificate = "/etc/ssl/certs/xmpp.crt"|g' /etc/prosody/prosody.cfg.lua
+    fi
     sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
 
     systemctl restart prosody

src/freedombone-config

@@ -190,10 +190,11 @@ function choose_default_domain_name {
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Your main domain name" \
-                       --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 12 55 4 \
+                       --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 13 55 5 \
                        $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
                        $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
                        $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
+                       $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
                        2> $data
                 sel=$?
                 case $sel in
@@ -203,6 +204,7 @@ function choose_default_domain_name {
                 DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
                 DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
                 EMAIL_DOMAIN_CODE=$(cat $data | sed -n 2p)
+                XMPP_DOMAIN_CODE=$(cat $data | sed -n 2p)
                 if [ $DEFAULT_DOMAIN_NAME ]; then
                     validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
@@ -216,6 +218,13 @@ function choose_default_domain_name {
                         EMAIL_DOMAIN_CODE=
                     fi
                 fi
+                if [ $XMPP_DOMAIN_CODE ]; then
+                    validate_freedns_code "$XMPP_DOMAIN_CODE"
+                    if [ ! $VALID_CODE ]; then
+                        DEFAULT_DOMAIN_NAME=
+                        XMPP_DOMAIN_CODE=
+                    fi
+                fi
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \

src/freedombone-utils-config

@@ -48,6 +48,7 @@ configuration_variables=(FRIENDS_MIRRORS_SERVER
                          DEFAULT_DOMAIN_NAME
                          DEFAULT_DOMAIN_CODE
                          EMAIL_DOMAIN_CODE
+                         XMPP_DOMAIN_CODE
                          NAMESERVER1
                          NAMESERVER2
                          GET_IP_ADDRESS_URL