Software /
code /
prosody-modules
Comparison
mod_client_certs/mod_client_certs.lua @ 1779:bdf1de953fd9
mod_client_certs: Patch from mathieui fixing invalid results when requesting multiple certs, missing stream feature and problem with PEM decoding.
author | Thijs Alkemade <me@thijsalkema.de> |
---|---|
date | Thu, 13 Aug 2015 18:03:11 +0200 |
parent | 1343:7dbde05b48a9 |
child | 3267:4b43b317e8f5 |
comparison
equal
deleted
inserted
replaced
1778:32604bf33a4c | 1779:bdf1de953fd9 |
---|---|
8 local jid_split = require "util.jid".split; | 8 local jid_split = require "util.jid".split; |
9 local xmlns_saslcert = "urn:xmpp:saslcert:1"; | 9 local xmlns_saslcert = "urn:xmpp:saslcert:1"; |
10 local dm_load = require "util.datamanager".load; | 10 local dm_load = require "util.datamanager".load; |
11 local dm_store = require "util.datamanager".store; | 11 local dm_store = require "util.datamanager".store; |
12 local dm_table = "client_certs"; | 12 local dm_table = "client_certs"; |
13 local x509 = require "ssl.x509"; | 13 local ssl_x509 = require "ssl.x509"; |
14 local util_x509 = require "util.x509"; | |
14 local id_on_xmppAddr = "1.3.6.1.5.5.7.8.5"; | 15 local id_on_xmppAddr = "1.3.6.1.5.5.7.8.5"; |
15 local id_ce_subjectAltName = "2.5.29.17"; | 16 local id_ce_subjectAltName = "2.5.29.17"; |
16 local digest_algo = "sha1"; | 17 local digest_algo = "sha1"; |
17 local base64 = require "util.encodings".base64; | 18 local base64 = require "util.encodings".base64; |
18 | 19 |
117 local certs = dm_load(origin.username, module.host, dm_table) or {}; | 118 local certs = dm_load(origin.username, module.host, dm_table) or {}; |
118 | 119 |
119 for digest,info in pairs(certs) do | 120 for digest,info in pairs(certs) do |
120 reply:tag("item") | 121 reply:tag("item") |
121 :tag("name"):text(info.name):up() | 122 :tag("name"):text(info.name):up() |
122 :tag("x509cert"):text(info.x509cert) | 123 :tag("x509cert"):text(info.x509cert):up() |
123 :up(); | 124 :up(); |
124 end | 125 end |
125 | 126 |
126 origin.send(reply); | 127 origin.send(reply); |
127 return true | 128 return true |
142 end | 143 end |
143 | 144 |
144 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; | 145 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; |
145 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); | 146 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); |
146 | 147 |
147 local cert = x509.load( | 148 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert))); |
148 "-----BEGIN CERTIFICATE-----\n" | |
149 .. x509cert .. | |
150 "\n-----END CERTIFICATE-----\n"); | |
151 | |
152 | 149 |
153 if not cert then | 150 if not cert then |
154 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); | 151 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); |
155 return true; | 152 return true; |
156 end | 153 end |
300 end | 297 end |
301 | 298 |
302 local name = fields.name; | 299 local name = fields.name; |
303 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); | 300 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); |
304 | 301 |
305 local cert = x509.load( | 302 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert))); |
306 "-----BEGIN CERTIFICATE-----\n" | |
307 .. x509cert .. | |
308 "\n-----END CERTIFICATE-----\n"); | |
309 | 303 |
310 if not cert then | 304 if not cert then |
311 return { status = "completed", error = { message = "Could not parse X.509 certificate" } }; | 305 return { status = "completed", error = { message = "Could not parse X.509 certificate" } }; |
312 end | 306 end |
313 | 307 |
425 end | 419 end |
426 return true; | 420 return true; |
427 end | 421 end |
428 end, 1); | 422 end, 1); |
429 | 423 |
424 module:add_feature(xmlns_saslcert); |