prosody
1c0104a56321
prosodyctl
Software / code / prosody
Comparison
prosodyctl @ 7193:1c0104a56321
prosodyctl: Allow a DN path to be given to 'cert generate' command (fixes #349)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 25 Feb 2016 15:35:44 +0100 |
| parent | 7190:7a14ea196db3 |
| child | 7195:39b7ea9141c0 |
| child | 7208:f666d50cc32b |
comparison
equal
deleted
inserted
replaced
| 7192:18a13a7b4bac | 7193:1c0104a56321 |
|---|---|
| 696 if #arg >= 1 and arg[1] ~= "--help" then | 696 if #arg >= 1 and arg[1] ~= "--help" then |
| 697 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; | 697 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; |
| 698 if use_existing(conf_filename) then | 698 if use_existing(conf_filename) then |
| 699 return nil, conf_filename; | 699 return nil, conf_filename; |
| 700 end | 700 end |
| 701 local distinguished_name; | |
| 702 if arg[#arg]:find("^/") then | |
| 703 distinguished_name = table.remove(arg); | |
| 704 end | |
| 701 local conf = openssl.config.new(); | 705 local conf = openssl.config.new(); |
| 702 conf:from_prosody(hosts, config, arg); | 706 conf:from_prosody(hosts, config, arg); |
| 703 show_message("Please provide details to include in the certificate config file."); | 707 if distinguished_name then |
| 704 show_message("Leave the field empty to use the default value or '.' to exclude the field.") | 708 local dn = {}; |
| 705 for i, k in ipairs(openssl._DN_order) do | 709 for k, v in distinguished_name:gmatch("/([^=/]+)=([^/]+)") do |
| 706 local v = conf.distinguished_name[k]; | 710 table.insert(dn, k); |
| 707 if v then | 711 dn[k] = v; |
| 708 local nv; | 712 end |
| 709 if k == "commonName" then | 713 conf.distinguished_name = dn; |
| 710 v = arg[1] | 714 else |
| 711 elseif k == "emailAddress" then | 715 show_message("Please provide details to include in the certificate config file."); |
| 712 v = "xmpp@" .. arg[1]; | 716 show_message("Leave the field empty to use the default value or '.' to exclude the field.") |
| 713 elseif k == "countryName" then | 717 for i, k in ipairs(openssl._DN_order) do |
| 714 local tld = arg[1]:match"%.([a-z]+)$"; | 718 local v = conf.distinguished_name[k]; |
| 715 if tld and #tld == 2 and tld ~= "uk" then | 719 if v then |
| 716 v = tld:upper(); | 720 local nv; |
| 721 if k == "commonName" then | |
| 722 v = arg[1] | |
| 723 elseif k == "emailAddress" then | |
| 724 v = "xmpp@" .. arg[1]; | |
| 725 elseif k == "countryName" then | |
| 726 local tld = arg[1]:match"%.([a-z]+)$"; | |
| 727 if tld and #tld == 2 and tld ~= "uk" then | |
| 728 v = tld:upper(); | |
| 729 end | |
| 717 end | 730 end |
| 718 end | 731 nv = show_prompt(("%s (%s):"):format(k, nv or v)); |
| 719 nv = show_prompt(("%s (%s):"):format(k, nv or v)); | 732 nv = (not nv or nv == "") and v or nv; |
| 720 nv = (not nv or nv == "") and v or nv; | 733 if nv:find"[\192-\252][\128-\191]+" then |
| 721 if nv:find"[\192-\252][\128-\191]+" then | 734 conf.req.string_mask = "utf8only" |
| 722 conf.req.string_mask = "utf8only" | 735 end |
| 723 end | 736 conf.distinguished_name[k] = nv ~= "." and nv or nil; |
| 724 conf.distinguished_name[k] = nv ~= "." and nv or nil; | 737 end |
| 725 end | 738 end |
| 726 end | 739 end |
| 727 local conf_file, err = io.open(conf_filename, "w"); | 740 local conf_file, err = io.open(conf_filename, "w"); |
| 728 if not conf_file then | 741 if not conf_file then |
| 729 show_warning("Could not open OpenSSL config file for writing"); | 742 show_warning("Could not open OpenSSL config file for writing"); |
