Software /
code /
prosody
Comparison
prosodyctl @ 6837:13b44929ae49
prosodyctl: Move files out of the way when generating new cert or key
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 19 Sep 2015 17:46:46 +0200 |
parent | 6784:4da860edc27c |
child | 6844:8946052e12d2 |
comparison
equal
deleted
inserted
replaced
6834:750a97b45f88 | 6837:13b44929ae49 |
---|---|
673 local openssl; | 673 local openssl; |
674 local lfs; | 674 local lfs; |
675 | 675 |
676 local cert_commands = {}; | 676 local cert_commands = {}; |
677 | 677 |
678 local function ask_overwrite(filename) | 678 -- If a file already exists, ask if the user wants to use it or replace it |
679 return lfs.attributes(filename) and not show_yesno("Overwrite "..filename .. "?"); | 679 -- Backups the old file if replaced |
680 local function use_existing(filename) | |
681 local attrs = lfs.attributes(filename); | |
682 if attrs then | |
683 if show_yesno(filename .. " exists, do you want to replace it? [y/n]") then | |
684 local backup = filename..".bkp~"..os.date("%FT%T", attrs.change); | |
685 os.rename(filename, backup); | |
686 show_message(filename.." backed up to "..backup); | |
687 else | |
688 -- Use the existing file | |
689 return true; | |
690 end | |
691 end | |
680 end | 692 end |
681 | 693 |
682 function cert_commands.config(arg) | 694 function cert_commands.config(arg) |
683 if #arg >= 1 and arg[1] ~= "--help" then | 695 if #arg >= 1 and arg[1] ~= "--help" then |
684 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; | 696 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; |
685 if ask_overwrite(conf_filename) then | 697 if use_existing(conf_filename) then |
686 return nil, conf_filename; | 698 return nil, conf_filename; |
687 end | 699 end |
688 local conf = openssl.config.new(); | 700 local conf = openssl.config.new(); |
689 conf:from_prosody(hosts, config, arg); | 701 conf:from_prosody(hosts, config, arg); |
690 show_message("Please provide details to include in the certificate config file."); | 702 show_message("Please provide details to include in the certificate config file."); |
728 end | 740 end |
729 | 741 |
730 function cert_commands.key(arg) | 742 function cert_commands.key(arg) |
731 if #arg >= 1 and arg[1] ~= "--help" then | 743 if #arg >= 1 and arg[1] ~= "--help" then |
732 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; | 744 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; |
733 if ask_overwrite(key_filename) then | 745 if use_existing(key_filename) then |
734 return nil, key_filename; | 746 return nil, key_filename; |
735 end | 747 end |
736 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions | 748 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions |
737 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); | 749 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); |
738 local old_umask = pposix.umask("0377"); | 750 local old_umask = pposix.umask("0377"); |
750 end | 762 end |
751 | 763 |
752 function cert_commands.request(arg) | 764 function cert_commands.request(arg) |
753 if #arg >= 1 and arg[1] ~= "--help" then | 765 if #arg >= 1 and arg[1] ~= "--help" then |
754 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; | 766 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; |
755 if ask_overwrite(req_filename) then | 767 if use_existing(req_filename) then |
756 return nil, req_filename; | 768 return nil, req_filename; |
757 end | 769 end |
758 local _, key_filename = cert_commands.key({arg[1]}); | 770 local _, key_filename = cert_commands.key({arg[1]}); |
759 local _, conf_filename = cert_commands.config(arg); | 771 local _, conf_filename = cert_commands.config(arg); |
760 if openssl.req{new=true, key=key_filename, utf8=true, sha256=true, config=conf_filename, out=req_filename} then | 772 if openssl.req{new=true, key=key_filename, utf8=true, sha256=true, config=conf_filename, out=req_filename} then |
768 end | 780 end |
769 | 781 |
770 function cert_commands.generate(arg) | 782 function cert_commands.generate(arg) |
771 if #arg >= 1 and arg[1] ~= "--help" then | 783 if #arg >= 1 and arg[1] ~= "--help" then |
772 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; | 784 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; |
773 if ask_overwrite(cert_filename) then | 785 if use_existing(cert_filename) then |
774 return nil, cert_filename; | 786 return nil, cert_filename; |
775 end | 787 end |
776 local _, key_filename = cert_commands.key({arg[1]}); | 788 local _, key_filename = cert_commands.key({arg[1]}); |
777 local _, conf_filename = cert_commands.config(arg); | 789 local _, conf_filename = cert_commands.config(arg); |
778 local ret; | 790 local ret; |