Comparison

mod_s2s_auth_monkeysphere/mod_s2s_auth_monkeysphere.lua @ 1413:cfe360d9d82c

mod_s2s_auth_monkeysphere: Uses Monkeysphere for certificate validation
author Kim Alvefur <zash@zash.se>
date Mon, 19 May 2014 11:56:49 +0200
child 2186:a100f4a720cb
comparison
equal deleted inserted replaced
1412:d85695be0441 1413:cfe360d9d82c
1 module:set_global();
2
3 local http_request = require"socket.http".request;
4 local ltn12 = require"ltn12";
5 local json = require"util.json";
6 local json_encode, json_decode = json.encode, json.decode;
7 local gettime = require"socket".gettime;
8 local serialize = require"util.serialization".serialize;
9
10 local msva_url = assert(os.getenv"MONKEYSPHERE_VALIDATION_AGENT_SOCKET",
11 "MONKEYSPHERE_VALIDATION_AGENT_SOCKET is unset, please set it").."/reviewcert";
12
13 local function check_with_monkeysphere(event)
14 local session, host, cert = event.session, event.host, event.cert;
15 local result = {};
16 local post_body = json_encode {
17 peer = {
18 name = host;
19 type = "peer";
20 };
21 context = "https";
22 -- context = "xmpp"; -- Monkeysphere needs to be extended to understand this
23 pkc = {
24 type = "x509pem";
25 data = cert:pem();
26 };
27 }
28 local req = {
29 method = "POST";
30 url = msva_url;
31 headers = {
32 ["Content-Type"] = "application/json";
33 ["Content-Length"] = tostring(#post_body);
34 };
35 sink = ltn12.sink.table(result);
36 source = ltn12.source.string(post_body);
37 };
38 session.log("debug", "Asking what Monkeysphere thinks about this certificate");
39 local starttime = gettime();
40 local ok, code = http_request(req);
41 module:log("debug", "Request took %fs", gettime() - starttime);
42 local body = table.concat(result);
43 if ok and code == 200 and body then
44 body = json_decode(body);
45 if body then
46 session.log(body.valid and "info" or "warn", "Monkeysphere thinks the cert is %salid: %s", body.valid and "V" or "Inv", body.message);
47 if body.valid then
48 session.cert_chain_status = "valid";
49 session.cert_identity_status = "valid";
50 return true;
51 end
52 end
53 else
54 module:log("warn", "Request failed: %s, %s", tostring(code), tostring(body));
55 module:log("debug", serialize(req));
56 end
57 end
58
59 module:hook("s2s-check-certificate", check_with_monkeysphere);