zextras · aheeva-yuliya · Apr 6, 2023 · Mar 13, 2023 · Mar 13, 2023 · Mar 15, 2023
@@ -5,6 +5,7 @@
 
 package com.zimbra.cs.mailbox;
 
+import com.zimbra.cs.mailclient.smtp.SmtpTransport;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -25,9 +26,11 @@
 
 import javax.mail.Address;
 import javax.mail.MessagingException;
+import javax.mail.NoSuchProviderException;
 import javax.mail.SendFailedException;
 import javax.mail.Session;
 import javax.mail.Transport;
+import javax.mail.URLName;
 import javax.mail.internet.InternetAddress;
 import javax.mail.internet.MimeMessage;
 
@@ -246,6 +249,27 @@ public MailSender setSession(Account account) throws ServiceException {
         return this;
     }
 
+    /**
+     * Sets an alternate JavaMail <tt>Session</tt> and SMTP hosts
+     * that will be used to send the message based on the domain.
+     * The default behavior is to use SMTP settings from
+     * the <tt>Session<tt> on the {@link MimeMessage}.
+     * @throws ServiceException if not able to get SMTP session for the domain
+     *
+     * @author Yuliya Aheeva
+     * @since 23.4.0
+     */
+    public MailSender setSession(Domain domain) throws ServiceException {
+        try {
+            mSession = JMSession.getSmtpSession(domain);
+        } catch (MessagingException e) {
+            throw ServiceException.FAILURE("Unable to get SMTP session for " + domain, e);
+        }
+        mSmtpHosts.clear();
+        mSmtpHosts.addAll(JMSession.getSmtpHosts(domain));
+        return this;
+    }
+
     /**
      * Sets JavaMail <tt>Session</tt> using the SMTP settings associated with the data source.
      * @throws ServiceException
@@ -282,6 +306,16 @@ public MailSender setEnvelopeFrom(String address) {
         return this;
     }
 
+    /**
+     * Returns the current session.
+     * @return mSession
+     * @author Yuliya Aheeva
+     * @since 23.4.0
+     */
+    public Session getCurrentSession() {
+        return this.mSession;
+    }
+
     public static int getSentFolderId(Mailbox mbox, Identity identity) throws ServiceException {
         int folderId = Mailbox.ID_FOLDER_SENT;
         String sentFolder = identity.getAttr(Provisioning.A_zimbraPrefSentMailFolder, null);
@@ -1231,7 +1265,9 @@ private void sendMessageToHost(String hostname, MimeMessage mm, Address[] rcptAd
         }
         ZimbraLog.smtp.debug("Sending message %s to SMTP host %s with properties: %s",
                              mm.getMessageID(), hostname, mSession.getProperties());
-        Transport transport = mSession.getTransport("smtp");
+
+        Transport transport = getTransport();
+
         try {
             transport.connect();
             transport.sendMessage(mm, rcptAddresses);
@@ -1240,6 +1276,21 @@ private void sendMessageToHost(String hostname, MimeMessage mm, Address[] rcptAd
         }
     }
 
+    /**
+     * Initialize a new SMTP transport if not able to get one from the mSession.
+     * @return SMTP transport
+     * @author Yuliya Aheeva
+     * @since 23.4.0
+     */
+    private Transport getTransport() {
+        try {
+            return mSession.getTransport("smtp");
+        } catch (NoSuchProviderException e) {
+            URLName urlName = new URLName("smtp", null, -1, null, null, null);
+            return new SmtpTransport(mSession, urlName);
+        }
+    }
+
     private void checkMTAConnectionToHost(String hostname) throws MessagingException {
         mSession.getProperties().setProperty("mail.smtp.host", hostname);
         if (mEnvelopeFrom != null) {

@@ -973,6 +973,24 @@ public MailSender getMailSender() throws ServiceException {
     return sender;
   }
 
+  /**
+   * Returns a {@link MailSender} object based on specific domain properties
+   * that can be used to send mails.
+   *
+   * @param domain a domain to get needed properties
+   * @return {@link MailSender} object
+   * @throws ServiceException if unable to get SMTP session for the current domain
+   * @author Yuliya Aheeva
+   * @since 23.4.0
+   */
+  public MailSender getMailSender(Domain domain) throws ServiceException {
+    MailSender sender = new MailSender();
+    sender.setTrackBadHosts(true);
+    sender.setSession(domain);
+
+    return sender;
+  }
+
   /**
    * Returns the list of all <code>Mailbox</code> listeners of a given type. Returns all listeners
    * when the passed-in type is <tt>null</tt>.

@@ -1,8 +1,23 @@
 package com.zimbra.cs.rmgmt;
 
+import com.zimbra.common.account.Key.AccountBy;
 import com.zimbra.common.service.ServiceException;
+import com.zimbra.common.util.ZimbraLog;
+import com.zimbra.cs.account.Account;
+import com.zimbra.cs.account.Domain;
+import com.zimbra.cs.account.Provisioning;
+import com.zimbra.cs.mailbox.MailSender;
+import com.zimbra.cs.mailbox.Mailbox;
+import com.zimbra.cs.mailbox.OperationContext;
 import java.nio.charset.StandardCharsets;
 import java.util.Objects;
+import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
+import javax.mail.Address;
+import javax.mail.Message.RecipientType;
+import javax.mail.internet.AddressException;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeMessage;
 
 /**
  * RemoteCertbot class interacts with "Certbot" - an acme client for managing Let’s Encrypt
@@ -36,21 +51,27 @@ public RemoteCertbot(RemoteManager remoteManager) {
 
   /**
    * Creates a command to be executed by the Certbot acme client.
-   * E.g. certbot certonly --agree-tos --email admin@test.com -n --webroot -w /opt/zextras
+   *
+   * <p>E.g. certbot certonly --agree-tos --email admin@test.com -n --webroot -w /opt/zextras
    * --cert-name demo.zextras.io -d acme.demo.zextras.io -d webmail-acme.demo.zextras.io
    *
    * @param remoteCommand {@link com.zimbra.cs.rmgmt.RemoteCommands}
-   * @param email domain admin email who tries to execute a command (should be agreed to the
-   *  ACME server's Subscriber Agreement)
+   * @param email domain admin email who tries to execute a command (should be agreed to the ACME
+   *     server's Subscriber Agreement)
    * @param chain long (default) or short (should be specified by domain admin in {@link
-   *  com.zimbra.soap.admin.message.IssueCertRequest} request with the key word "short")
+   *     com.zimbra.soap.admin.message.IssueCertRequest} request with the key word "short")
    * @param domainName a value of domain attribute zimbraDomainName
    * @param publicServiceHostName a value of domain attribute zimbraPublicServiceHostname
    * @param virtualHosts a value/ values of domain attribute zimbraVirtualHostname
    * @return created command
    */
-  public String createCommand(String remoteCommand, String email, String chain,
-      String domainName, String publicServiceHostName, String[] virtualHosts) {
+  public String createCommand(
+      String remoteCommand,
+      String email,
+      String chain,
+      String domainName,
+      String publicServiceHostName,
+      String[] virtualHosts) {
 
     this.stringBuilder = new StringBuilder();
 
@@ -69,13 +90,27 @@ public String createCommand(String remoteCommand, String email, String chain,
     return stringBuilder.toString();
   }
 
+  /**
+   * Executes a command asynchronously and notifies domain recipients about the command execution.
+   *
+   * @param domain domain
+   * @param command a command to be executed
+   * @author Yuliya Aheeva
+   * @since 23.4.0
+   */
+  public void supplyAsync(Mailbox mbox, Domain domain, String command) {
+    CompletableFuture.supplyAsync(() -> execute(command))
+        .thenAccept(message -> notify(mbox, domain, message));
+  }
+
   /**
    * Executes a command using {@link com.zimbra.cs.rmgmt.RemoteManager}.
+   *
    * @param command a command to be executed
-   * @return a sting message of successful remote execution or detailed exception message
-   * in case of failure.
+   * @return a sting message of successful remote execution or detailed exception message in case of
+   *     failure.
    */
-  public String execute(String command) {
+  private String execute(String command) {
     try {
       RemoteResult remoteResult = remoteManager.execute(command);
       return new String(remoteResult.getMStdout(), StandardCharsets.UTF_8);
@@ -84,9 +119,67 @@ public String execute(String command) {
     }
   }
 
+  /**
+   * Notifies domain recipients about certificate generation result.
+   *
+   * @param mbox object of {@link com.zimbra.cs.mailbox.Mailbox} needed for {@link
+   *     com.zimbra.cs.mailbox.MailSender} in order to send message
+   * @param domain object of {@link com.zimbra.cs.account.Domain} needed to get {@link
+   *     com.zimbra.common.account.ZAttrProvisioning} attributes A_carbonioNotificationRecipients
+   *     and A_carbonioNotificationFrom
+   * @param message a message returned by Certbot acme client
+   * @author Yuliya Aheeva
+   * @since 23.4.0
+   */
+  private void notify(Mailbox mbox, Domain domain, String message) {
+    String domainName = domain.getName();
+
+    ZimbraLog.rmgmt.info("Issuing LetsEncrypt cert command for domain " + domainName
+        + " was finished with the following result: " + message);
+
+    try {
+      String from = Optional.ofNullable(domain.getCarbonioNotificationFrom()).orElseThrow(
+          () -> ServiceException.FAILURE("CarbonioNotificationFrom attribute for the domain "
+              + domainName + " is not present.", null));
+      String[] to = Optional.ofNullable(domain.getCarbonioNotificationRecipients()).orElseThrow(
+          () -> ServiceException.FAILURE("CarbonioNotificationRecipients attribute for the domain "
+              + domainName + " is not present.", null));
+
+      String subject = "Let's Encrypt Certificate generation result for " + domainName;
+
+      Provisioning prov = Provisioning.getInstance();
+      Account account = prov.get(AccountBy.name, from);
+      OperationContext operationContext = new OperationContext(account);
+
+      MailSender sender = mbox.getMailSender(domain);
+      sender.setEnvelopeFrom(from);
+
+      MimeMessage mm = new MimeMessage(sender.getCurrentSession());
+      mm.addFrom(convert(from));
+      mm.addRecipients(RecipientType.TO, convert(to));
+      mm.setSubject(subject);
+      mm.setText(message);
+      mm.saveChanges();
+
+      sender.sendMimeMessage(operationContext, mbox, mm);
+
+      ZimbraLog.rmgmt.info("Notifications about LetsEncrypt certificate generation were sent "
+          + "for the " + domainName + " recipients.");
+
+    } catch (Exception e) {
+      ZimbraLog.rmgmt.info("Notifications about LetsEncrypt certificate generation weren't sent "
+          + "for the " + domainName + " recipients. Sending failure: " + e.getMessage());
+    }
+  }
+
   private void addSubCommand(String delimiter, String... params) {
     for (String param : params) {
       this.stringBuilder.append(delimiter).append(param);
     }
   }
+
+  private Address[] convert(String... addresses) throws AddressException {
+    String addressList = String.join(", ", addresses);
+    return InternetAddress.parse(addressList);
+  }
 }
@@ -9,6 +9,7 @@
 import com.zimbra.cs.account.Provisioning;
 import com.zimbra.cs.account.Server;
 import com.zimbra.cs.account.accesscontrol.generated.AdminRights;
+import com.zimbra.cs.mailbox.Mailbox;
 import com.zimbra.cs.rmgmt.RemoteCertbot;
 import com.zimbra.cs.rmgmt.RemoteCommands;
 import com.zimbra.cs.rmgmt.RemoteManager;
@@ -95,19 +96,22 @@ public Element handle(final Element request, final Map<String, Object> context)
             domainName,
             publicServiceHostname,
             virtualHostNames);
-    String result = certbot.execute(command);
 
-    ZimbraLog.rmgmt.info(
-        "Issuing LetsEncrypt cert command for domain " + domainName
-            + " was finished with the following result: " + result);
+    Mailbox mbox = getRequestedMailbox(zsc);
+
+    certbot.supplyAsync(mbox, domain, command);
 
     Element response = zsc.createElement(AdminConstants.ISSUE_CERT_RESPONSE);
 
     Element responseMessageElement =
         response
             .addNonUniqueElement(AdminConstants.E_MESSAGE)
             .addAttribute(AdminConstants.A_DOMAIN, domainName);
-    responseMessageElement.setText(result);
+
+    responseMessageElement.setText(
+        "Your request for the certificate generation has been "
+            + "taken and will be processed. Notification recipients would be notified."
+    );
 
     return response;
   }

@@ -15,7 +15,6 @@
 import com.zimbra.common.service.ServiceException;
 import com.zimbra.common.soap.Element;
 import com.zimbra.cs.account.Account;
-import com.zimbra.cs.account.AuthToken;
 import com.zimbra.cs.mailbox.Mailbox;
 import com.zimbra.cs.mailbox.MailboxManager;
 

@@ -93,7 +93,7 @@ public class ProxyConfGen {
   private static Provisioning mProv = null;
   private static boolean mGenConfPerVhn = false;
   private static boolean hasCustomTemplateLocationArg = false;
-  private static final String CERTBOT_WORKING_DIR = "/common/etc/letsencrypt/live/";
+  private static final String CERTBOT_WORKING_DIR = "/common/certbot/etc/letsencrypt/live/";
   private static final String CERT = "/fullchain.pem";
   private static final String KEY = "/privkey.pem";
 
@@ -2482,7 +2482,7 @@ private static void updateCertificateKeyPair(final DomainAttrItem entry)
         attrs.put(Provisioning.A_zimbraSSLCertificate, certificate);
         attrs.put(Provisioning.A_zimbraSSLPrivateKey, privateKey);
 
-        LOG.info("Saving " + domainName + " Let's Encrypt certificate/key pair to LDAP.");
+        LOG.info("Saving " + domainName + " Let's Encrypt certificate/key pair to LDAP");
         mProv.modifyAttrs(domain, attrs, true);
 
         entry.sslCertificate = certificate;