Comparison

prosodyctl @ 8111:3cbb311f8468

prosodyctl: cert import: Command to copy certificates into prosodys certificate directory (fixes #892)
author Kim Alvefur <zash@zash.se>
date Fri, 21 Apr 2017 15:11:25 +0200
parent 8110:9aeb1c631f62
child 8112:d8ecefcb7c97
child 8117:66d8f6b3c3ef
comparison
equal deleted inserted replaced
8110:9aeb1c631f62 8111:3cbb311f8468
824 else 824 else
825 show_message("There was a problem, see OpenSSL output"); 825 show_message("There was a problem, see OpenSSL output");
826 end 826 end
827 else 827 else
828 show_usage("cert generate HOSTNAME [HOSTNAME+]", "Generates a self-signed certificate for the current hostname(s)") 828 show_usage("cert generate HOSTNAME [HOSTNAME+]", "Generates a self-signed certificate for the current hostname(s)")
829 end
830 end
831
832 local function sh_esc(s)
833 return "'" .. s:gsub("'", "'\\''") .. "'";
834 end
835
836 local function copy(from, to, umask, owner, group)
837 local old_umask = umask and pposix.umask(umask);
838 local attrs = lfs.attributes(to);
839 if attrs then -- Move old file out of the way
840 local backup = to..".bkp~"..os.date("%FT%T", attrs.change);
841 os.rename(to, backup);
842 end
843 -- FIXME friendlier error handling, maybe move above backup back?
844 local input = assert(io.open(from));
845 local output = assert(io.open(to, "w"));
846 local data = input:read(2^11);
847 while data and output:write(data) do
848 data = input:read(2^11);
849 end
850 assert(input:close());
851 assert(output:close());
852 if owner and group then
853 local ok = os.execute(("chown %s.%s %s"):format(sh_esc(owner), sh_esc(group), sh_esc(to)));
854 assert(ok == true or ok == 0, "Failed to change ownership of "..to);
855 end
856 if old_umask then pposix.umask(old_umask); end
857 return true;
858 end
859
860 function cert_commands.import(arg)
861 local hostnames = {};
862 -- Move hostname arguments out of arg, the rest should be a list of paths
863 while arg[1] and prosody.hosts[ arg[1] ] do
864 table.insert(hostnames, table.remove(arg, 1));
865 end
866 if not arg[1] or arg[1] == "--help" then -- Probably forgot the path
867 show_usage("cert import HOSTNAME [HOSTNAME+] /path/to/certs [/other/paths/]+",
868 "Copies certificates to "..cert_basedir);
869 return 1;
870 end
871 local owner, group;
872 if pposix.getuid() == 0 then -- We need root to change ownership
873 owner = config.get("*", "prosody_user") or "prosody";
874 group = config.get("*", "prosody_group") or owner;
875 end
876 for _, host in ipairs(hostnames) do
877 for _, dir in ipairs(arg) do
878 if lfs.attributes(dir .. "/" .. host .. "/fullchain.pem")
879 and lfs.attributes(dir .. "/" .. host .. "/privkey.pem") then
880 copy(dir .. "/" .. host .. "/fullchain.pem", cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
881 copy(dir .. "/" .. host .. "/privkey.pem", cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
882 show_message("Imported certificate and key for "..host);
883 elseif lfs.attributes(dir .. "/" .. host .. ".crt")
884 and lfs.attributes(dir .. "/" .. host .. ".key") then
885 copy(dir .. "/" .. host .. ".crt", cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
886 copy(dir .. "/" .. host .. ".key", cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
887 show_message("Imported certificate and key for "..host);
888 else
889 show_warning("No certificate for host "..host.." found :(");
890 end
891 -- TODO Additional checks
892 -- Certificate names matches the hostname
893 -- Private key matches public key in certificate
894 end
829 end 895 end
830 end 896 end
831 897
832 function commands.cert(arg) 898 function commands.cert(arg)
833 if #arg >= 1 and arg[1] ~= "--help" then 899 if #arg >= 1 and arg[1] ~= "--help" then