Comparison

mod_client_certs/mod_client_certs.lua @ 3267:4b43b317e8f5

mod_client_certs: Simplify iq handling by hooking on iq-get/ and iq-set/ instead of iq/.
author Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
date Fri, 24 Aug 2018 20:49:54 +0200
parent 1779:bdf1de953fd9
child 3447:5f2eeebcf899
comparison
equal deleted inserted replaced
3266:ebd78514bbec 3267:4b43b317e8f5
107 107
108 dm_store(username, module.host, dm_table, certs); 108 dm_store(username, module.host, dm_table, certs);
109 return info; 109 return info;
110 end 110 end
111 111
112 module:hook("iq/self/"..xmlns_saslcert..":items", function(event) 112 module:hook("iq-get/self/"..xmlns_saslcert..":items", function(event)
113 local origin, stanza = event.origin, event.stanza; 113 local origin, stanza = event.origin, event.stanza;
114 if stanza.attr.type == "get" then 114 module:log("debug", "%s requested items", origin.full_jid);
115 module:log("debug", "%s requested items", origin.full_jid); 115
116 116 local reply = st.reply(stanza):tag("items", { xmlns = xmlns_saslcert });
117 local reply = st.reply(stanza):tag("items", { xmlns = xmlns_saslcert }); 117 local certs = dm_load(origin.username, module.host, dm_table) or {};
118 local certs = dm_load(origin.username, module.host, dm_table) or {}; 118
119 119 for digest,info in pairs(certs) do
120 for digest,info in pairs(certs) do 120 reply:tag("item")
121 reply:tag("item") 121 :tag("name"):text(info.name):up()
122 :tag("name"):text(info.name):up() 122 :tag("x509cert"):text(info.x509cert):up()
123 :tag("x509cert"):text(info.x509cert):up() 123 :up();
124 :up(); 124 end
125 end 125
126 126 origin.send(reply);
127 origin.send(reply); 127 return true
128 end);
129
130 module:hook("iq-set/self/"..xmlns_saslcert..":append", function(event)
131 local origin, stanza = event.origin, event.stanza;
132 local append = stanza:get_child("append", xmlns_saslcert);
133 local name = append:get_child_text("name", xmlns_saslcert);
134 local x509cert = append:get_child_text("x509cert", xmlns_saslcert);
135
136 if not x509cert or not name then
137 origin.send(st.error_reply(stanza, "cancel", "bad-request", "Missing fields.")); -- cancel? not modify?
128 return true 138 return true
129 end 139 end
130 end); 140
131 141 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil;
132 module:hook("iq/self/"..xmlns_saslcert..":append", function(event) 142 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1");
133 local origin, stanza = event.origin, event.stanza; 143
134 if stanza.attr.type == "set" then 144 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert)));
135 145
136 local append = stanza:get_child("append", xmlns_saslcert); 146 if not cert then
137 local name = append:get_child_text("name", xmlns_saslcert); 147 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate"));
138 local x509cert = append:get_child_text("x509cert", xmlns_saslcert); 148 return true;
139 149 end
140 if not x509cert or not name then 150
141 origin.send(st.error_reply(stanza, "cancel", "bad-request", "Missing fields.")); -- cancel? not modify? 151 local ok, err = enable_cert(origin.username, cert, {
142 return true 152 name = name,
143 end 153 x509cert = x509cert,
144 154 no_cert_management = can_manage,
145 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; 155 });
146 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); 156
147 157 if not ok then
148 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert))); 158 origin.send(st.error_reply(stanza, "cancel", "bad-request", err));
149 159 return true -- REJECT?!
150 if not cert then 160 end
151 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); 161
152 return true; 162 module:log("debug", "%s added certificate named %s", origin.full_jid, name);
153 end 163
154 164 origin.send(st.reply(stanza));
155 local ok, err = enable_cert(origin.username, cert, { 165
156 name = name, 166 return true
157 x509cert = x509cert,
158 no_cert_management = can_manage,
159 });
160
161 if not ok then
162 origin.send(st.error_reply(stanza, "cancel", "bad-request", err));
163 return true -- REJECT?!
164 end
165
166 module:log("debug", "%s added certificate named %s", origin.full_jid, name);
167
168 origin.send(st.reply(stanza));
169
170 return true
171 end
172 end); 167 end);
173 168
174 169
175 local function handle_disable(event) 170 local function handle_disable(event)
176 local origin, stanza = event.origin, event.stanza; 171 local origin, stanza = event.origin, event.stanza;
177 if stanza.attr.type == "set" then 172 local disable = stanza.tags[1];
178 local disable = stanza.tags[1]; 173 module:log("debug", "%s disabled a certificate", origin.full_jid);
179 module:log("debug", "%s disabled a certificate", origin.full_jid); 174
180 175 local name = disable:get_child_text("name");
181 local name = disable:get_child_text("name"); 176
182 177 if not name then
183 if not name then 178 origin.send(st.error_reply(stanza, "cancel", "bad-request", "No key specified."));
184 origin.send(st.error_reply(stanza, "cancel", "bad-request", "No key specified."));
185 return true
186 end
187
188 disable_cert(origin.username, name, disable.name == "revoke");
189
190 origin.send(st.reply(stanza));
191
192 return true 179 return true
193 end 180 end
194 end 181
195 182 disable_cert(origin.username, name, disable.name == "revoke");
196 module:hook("iq/self/"..xmlns_saslcert..":disable", handle_disable); 183
197 module:hook("iq/self/"..xmlns_saslcert..":revoke", handle_disable); 184 origin.send(st.reply(stanza));
185
186 return true
187 end
188
189 module:hook("iq-set/self/"..xmlns_saslcert..":disable", handle_disable);
190 module:hook("iq-set/self/"..xmlns_saslcert..":revoke", handle_disable);
198 191
199 -- Ad-hoc command 192 -- Ad-hoc command
200 local adhoc_new = module:require "adhoc".new; 193 local adhoc_new = module:require "adhoc".new;
201 local dataforms_new = require "util.dataforms".new; 194 local dataforms_new = require "util.dataforms".new;
202 195