Software /
code /
prosody-modules
Comparison
mod_s2s_auth_monkeysphere/mod_s2s_auth_monkeysphere.lua @ 1413:cfe360d9d82c
mod_s2s_auth_monkeysphere: Uses Monkeysphere for certificate validation
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 19 May 2014 11:56:49 +0200 |
child | 2186:a100f4a720cb |
comparison
equal
deleted
inserted
replaced
1412:d85695be0441 | 1413:cfe360d9d82c |
---|---|
1 module:set_global(); | |
2 | |
3 local http_request = require"socket.http".request; | |
4 local ltn12 = require"ltn12"; | |
5 local json = require"util.json"; | |
6 local json_encode, json_decode = json.encode, json.decode; | |
7 local gettime = require"socket".gettime; | |
8 local serialize = require"util.serialization".serialize; | |
9 | |
10 local msva_url = assert(os.getenv"MONKEYSPHERE_VALIDATION_AGENT_SOCKET", | |
11 "MONKEYSPHERE_VALIDATION_AGENT_SOCKET is unset, please set it").."/reviewcert"; | |
12 | |
13 local function check_with_monkeysphere(event) | |
14 local session, host, cert = event.session, event.host, event.cert; | |
15 local result = {}; | |
16 local post_body = json_encode { | |
17 peer = { | |
18 name = host; | |
19 type = "peer"; | |
20 }; | |
21 context = "https"; | |
22 -- context = "xmpp"; -- Monkeysphere needs to be extended to understand this | |
23 pkc = { | |
24 type = "x509pem"; | |
25 data = cert:pem(); | |
26 }; | |
27 } | |
28 local req = { | |
29 method = "POST"; | |
30 url = msva_url; | |
31 headers = { | |
32 ["Content-Type"] = "application/json"; | |
33 ["Content-Length"] = tostring(#post_body); | |
34 }; | |
35 sink = ltn12.sink.table(result); | |
36 source = ltn12.source.string(post_body); | |
37 }; | |
38 session.log("debug", "Asking what Monkeysphere thinks about this certificate"); | |
39 local starttime = gettime(); | |
40 local ok, code = http_request(req); | |
41 module:log("debug", "Request took %fs", gettime() - starttime); | |
42 local body = table.concat(result); | |
43 if ok and code == 200 and body then | |
44 body = json_decode(body); | |
45 if body then | |
46 session.log(body.valid and "info" or "warn", "Monkeysphere thinks the cert is %salid: %s", body.valid and "V" or "Inv", body.message); | |
47 if body.valid then | |
48 session.cert_chain_status = "valid"; | |
49 session.cert_identity_status = "valid"; | |
50 return true; | |
51 end | |
52 end | |
53 else | |
54 module:log("warn", "Request failed: %s, %s", tostring(code), tostring(body)); | |
55 module:log("debug", serialize(req)); | |
56 end | |
57 end | |
58 | |
59 module:hook("s2s-check-certificate", check_with_monkeysphere); |