Comparison

prosodyctl @ 6837:13b44929ae49

prosodyctl: Move files out of the way when generating new cert or key
author Kim Alvefur <zash@zash.se>
date Sat, 19 Sep 2015 17:46:46 +0200
parent 6784:4da860edc27c
child 6844:8946052e12d2
comparison
equal deleted inserted replaced
6834:750a97b45f88 6837:13b44929ae49
673 local openssl; 673 local openssl;
674 local lfs; 674 local lfs;
675 675
676 local cert_commands = {}; 676 local cert_commands = {};
677 677
678 local function ask_overwrite(filename) 678 -- If a file already exists, ask if the user wants to use it or replace it
679 return lfs.attributes(filename) and not show_yesno("Overwrite "..filename .. "?"); 679 -- Backups the old file if replaced
680 local function use_existing(filename)
681 local attrs = lfs.attributes(filename);
682 if attrs then
683 if show_yesno(filename .. " exists, do you want to replace it? [y/n]") then
684 local backup = filename..".bkp~"..os.date("%FT%T", attrs.change);
685 os.rename(filename, backup);
686 show_message(filename.." backed up to "..backup);
687 else
688 -- Use the existing file
689 return true;
690 end
691 end
680 end 692 end
681 693
682 function cert_commands.config(arg) 694 function cert_commands.config(arg)
683 if #arg >= 1 and arg[1] ~= "--help" then 695 if #arg >= 1 and arg[1] ~= "--help" then
684 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; 696 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf";
685 if ask_overwrite(conf_filename) then 697 if use_existing(conf_filename) then
686 return nil, conf_filename; 698 return nil, conf_filename;
687 end 699 end
688 local conf = openssl.config.new(); 700 local conf = openssl.config.new();
689 conf:from_prosody(hosts, config, arg); 701 conf:from_prosody(hosts, config, arg);
690 show_message("Please provide details to include in the certificate config file."); 702 show_message("Please provide details to include in the certificate config file.");
728 end 740 end
729 741
730 function cert_commands.key(arg) 742 function cert_commands.key(arg)
731 if #arg >= 1 and arg[1] ~= "--help" then 743 if #arg >= 1 and arg[1] ~= "--help" then
732 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; 744 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key";
733 if ask_overwrite(key_filename) then 745 if use_existing(key_filename) then
734 return nil, key_filename; 746 return nil, key_filename;
735 end 747 end
736 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions 748 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
737 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); 749 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
738 local old_umask = pposix.umask("0377"); 750 local old_umask = pposix.umask("0377");
750 end 762 end
751 763
752 function cert_commands.request(arg) 764 function cert_commands.request(arg)
753 if #arg >= 1 and arg[1] ~= "--help" then 765 if #arg >= 1 and arg[1] ~= "--help" then
754 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; 766 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req";
755 if ask_overwrite(req_filename) then 767 if use_existing(req_filename) then
756 return nil, req_filename; 768 return nil, req_filename;
757 end 769 end
758 local _, key_filename = cert_commands.key({arg[1]}); 770 local _, key_filename = cert_commands.key({arg[1]});
759 local _, conf_filename = cert_commands.config(arg); 771 local _, conf_filename = cert_commands.config(arg);
760 if openssl.req{new=true, key=key_filename, utf8=true, sha256=true, config=conf_filename, out=req_filename} then 772 if openssl.req{new=true, key=key_filename, utf8=true, sha256=true, config=conf_filename, out=req_filename} then
768 end 780 end
769 781
770 function cert_commands.generate(arg) 782 function cert_commands.generate(arg)
771 if #arg >= 1 and arg[1] ~= "--help" then 783 if #arg >= 1 and arg[1] ~= "--help" then
772 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; 784 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt";
773 if ask_overwrite(cert_filename) then 785 if use_existing(cert_filename) then
774 return nil, cert_filename; 786 return nil, cert_filename;
775 end 787 end
776 local _, key_filename = cert_commands.key({arg[1]}); 788 local _, key_filename = cert_commands.key({arg[1]});
777 local _, conf_filename = cert_commands.config(arg); 789 local _, conf_filename = cert_commands.config(arg);
778 local ret; 790 local ret;