Comparison

mod_client_certs/mod_client_certs.lua @ 1779:bdf1de953fd9

mod_client_certs: Patch from mathieui fixing invalid results when requesting multiple certs, missing stream feature and problem with PEM decoding.
author Thijs Alkemade <me@thijsalkema.de>
date Thu, 13 Aug 2015 18:03:11 +0200
parent 1343:7dbde05b48a9
child 3267:4b43b317e8f5
comparison
equal deleted inserted replaced
1778:32604bf33a4c 1779:bdf1de953fd9
8 local jid_split = require "util.jid".split; 8 local jid_split = require "util.jid".split;
9 local xmlns_saslcert = "urn:xmpp:saslcert:1"; 9 local xmlns_saslcert = "urn:xmpp:saslcert:1";
10 local dm_load = require "util.datamanager".load; 10 local dm_load = require "util.datamanager".load;
11 local dm_store = require "util.datamanager".store; 11 local dm_store = require "util.datamanager".store;
12 local dm_table = "client_certs"; 12 local dm_table = "client_certs";
13 local x509 = require "ssl.x509"; 13 local ssl_x509 = require "ssl.x509";
14 local util_x509 = require "util.x509";
14 local id_on_xmppAddr = "1.3.6.1.5.5.7.8.5"; 15 local id_on_xmppAddr = "1.3.6.1.5.5.7.8.5";
15 local id_ce_subjectAltName = "2.5.29.17"; 16 local id_ce_subjectAltName = "2.5.29.17";
16 local digest_algo = "sha1"; 17 local digest_algo = "sha1";
17 local base64 = require "util.encodings".base64; 18 local base64 = require "util.encodings".base64;
18 19
117 local certs = dm_load(origin.username, module.host, dm_table) or {}; 118 local certs = dm_load(origin.username, module.host, dm_table) or {};
118 119
119 for digest,info in pairs(certs) do 120 for digest,info in pairs(certs) do
120 reply:tag("item") 121 reply:tag("item")
121 :tag("name"):text(info.name):up() 122 :tag("name"):text(info.name):up()
122 :tag("x509cert"):text(info.x509cert) 123 :tag("x509cert"):text(info.x509cert):up()
123 :up(); 124 :up();
124 end 125 end
125 126
126 origin.send(reply); 127 origin.send(reply);
127 return true 128 return true
142 end 143 end
143 144
144 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; 145 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil;
145 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); 146 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1");
146 147
147 local cert = x509.load( 148 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert)));
148 "-----BEGIN CERTIFICATE-----\n"
149 .. x509cert ..
150 "\n-----END CERTIFICATE-----\n");
151
152 149
153 if not cert then 150 if not cert then
154 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); 151 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate"));
155 return true; 152 return true;
156 end 153 end
300 end 297 end
301 298
302 local name = fields.name; 299 local name = fields.name;
303 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); 300 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1");
304 301
305 local cert = x509.load( 302 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert)));
306 "-----BEGIN CERTIFICATE-----\n"
307 .. x509cert ..
308 "\n-----END CERTIFICATE-----\n");
309 303
310 if not cert then 304 if not cert then
311 return { status = "completed", error = { message = "Could not parse X.509 certificate" } }; 305 return { status = "completed", error = { message = "Could not parse X.509 certificate" } };
312 end 306 end
313 307
425 end 419 end
426 return true; 420 return true;
427 end 421 end
428 end, 1); 422 end, 1);
429 423
424 module:add_feature(xmlns_saslcert);