prosody-modules
1abb8f2a5761
mod_client_certs/mod_client_certs.lua
Software / code / prosody-modules
Comparison
mod_client_certs/mod_client_certs.lua @ 1096:1abb8f2a5761
mod_client_certs: Update for x509 API in LuaSec 0.5
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 30 Jun 2013 01:12:24 +0200 |
| parent | 990:17ba2c59d661 |
| child | 1343:7dbde05b48a9 |
comparison
equal
deleted
inserted
replaced
| 1095:cb21928bca1d | 1096:1abb8f2a5761 |
|---|---|
| 41 module:log("debug", "This certificate is already expired."); | 41 module:log("debug", "This certificate is already expired."); |
| 42 return nil, "This certificate is expired."; | 42 return nil, "This certificate is expired."; |
| 43 end | 43 end |
| 44 --]] | 44 --]] |
| 45 | 45 |
| 46 if not cert:valid_at(os.time()) then | 46 if not cert:validat(os.time()) then |
| 47 module:log("debug", "This certificate is not valid at this moment."); | 47 module:log("debug", "This certificate is not valid at this moment."); |
| 48 end | 48 end |
| 49 | 49 |
| 50 local valid_id_on_xmppAddrs; | 50 local valid_id_on_xmppAddrs; |
| 51 local require_id_on_xmppAddr = true; | 51 local require_id_on_xmppAddr = true; |
| 142 end | 142 end |
| 143 | 143 |
| 144 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; | 144 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; |
| 145 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); | 145 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); |
| 146 | 146 |
| 147 local cert = x509.cert_from_pem( | 147 local cert = x509.load( |
| 148 "-----BEGIN CERTIFICATE-----\n" | 148 "-----BEGIN CERTIFICATE-----\n" |
| 149 .. x509cert .. | 149 .. x509cert .. |
| 150 "\n-----END CERTIFICATE-----\n"); | 150 "\n-----END CERTIFICATE-----\n"); |
| 151 | 151 |
| 152 | 152 |
| 300 end | 300 end |
| 301 | 301 |
| 302 local name = fields.name; | 302 local name = fields.name; |
| 303 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); | 303 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); |
| 304 | 304 |
| 305 local cert = x509.cert_from_pem( | 305 local cert = x509.load( |
| 306 "-----BEGIN CERTIFICATE-----\n" | 306 "-----BEGIN CERTIFICATE-----\n" |
| 307 .. x509cert .. | 307 .. x509cert .. |
| 308 "\n-----END CERTIFICATE-----\n"); | 308 "\n-----END CERTIFICATE-----\n"); |
| 309 | 309 |
| 310 if not cert then | 310 if not cert then |
| 353 if not cert then | 353 if not cert then |
| 354 module:log("error", "No Client Certificate"); | 354 module:log("error", "No Client Certificate"); |
| 355 return | 355 return |
| 356 end | 356 end |
| 357 module:log("info", "Client Certificate: %s", cert:digest(digest_algo)); | 357 module:log("info", "Client Certificate: %s", cert:digest(digest_algo)); |
| 358 if not cert:valid_at(now()) then | 358 if not cert:validat(now()) then |
| 359 module:log("debug", "Client has an expired certificate", cert:digest(digest_algo)); | 359 module:log("debug", "Client has an expired certificate", cert:digest(digest_algo)); |
| 360 return | 360 return |
| 361 end | 361 end |
| 362 module:log("debug", "Stream features:\n%s", tostring(features)); | 362 module:log("debug", "Stream features:\n%s", tostring(features)); |
| 363 local mechs = features:get_child("mechanisms", "urn:ietf:params:xml:ns:xmpp-sasl"); | 363 local mechs = features:get_child("mechanisms", "urn:ietf:params:xml:ns:xmpp-sasl"); |
