prosody
5f466a50e78b
prosodyctl

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

prosodyctl @ 4487:5f466a50e78b

prosodyctl: Add commands for generating certificates and keys
author Kim Alvefur <zash@zash.se>
date Fri, 20 Jan 2012 22:04:28 +0100
parent 4476:53ce21286b8c
child 4815:04e6115e060b
comparison
equal deleted inserted replaced
4486:f04db5e7e90d 4487:5f466a50e78b
234 234
235 local show_message, show_warning = prosodyctl.show_message, prosodyctl.show_warning; 235 local show_message, show_warning = prosodyctl.show_message, prosodyctl.show_warning;
236 local show_usage = prosodyctl.show_usage; 236 local show_usage = prosodyctl.show_usage;
237 local getchar, getpass = prosodyctl.getchar, prosodyctl.getpass; 237 local getchar, getpass = prosodyctl.getchar, prosodyctl.getpass;
238 local show_yesno = prosodyctl.show_yesno; 238 local show_yesno = prosodyctl.show_yesno;
239 local show_prompt = prosodyctl.show_prompt;
239 local read_password = prosodyctl.read_password; 240 local read_password = prosodyctl.read_password;
240 241
241 local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2; 242 local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2;
242 ----------------------- 243 -----------------------
243 local commands = {}; 244 local commands = {};
610 611
611 show_message(error_messages[msg]) 612 show_message(error_messages[msg])
612 return 1; 613 return 1;
613 end 614 end
614 615
616 local x509 = require "util.x509";
617 local genx509san = x509.genx509san;
618 local opensslbaseconf = x509.baseconf;
619 local seralizeopensslbaseconf = x509.serialize_conf;
620
621 local cert_commands = {};
622
623 -- TODO Should this be moved to util.prosodyctl or x509?
624 function cert_commands.config(arg)
625 if #arg >= 1 and arg[1] ~= "--help" then
626 local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf";
627 if os.execute("test -f "..conf_filename) == 0
628 and not show_yesno("Overwrite "..conf_filename .. "?") then
629 return nil, conf_filename;
630 end
631 local conf = opensslbaseconf();
632 conf.subject_alternative_name = genx509san(hosts, config, arg, true)
633 for k, v in pairs(conf.distinguished_name) do
634 local nv;
635 if k == "commonName" then
636 v = arg[1]
637 elseif k == "emailAddress" then
638 v = "xmpp@" .. arg[1];
639 end
640 nv = show_prompt(("%s (%s):"):format(k, nv or v));
641 nv = (not nv or nv == "") and v or nv;
642 conf.distinguished_name[k] = nv ~= "." and nv or nil;
643 end
644 local conf_file = io.open(conf_filename, "w");
645 conf_file:write(seralizeopensslbaseconf(conf));
646 conf_file:close();
647 print("");
648 show_message("Config written to " .. conf_filename);
649 return nil, conf_filename;
650 else
651 show_usage("cert config HOSTNAME", "generates config for OpenSSL")
652 end
653 end
654
655 function cert_commands.key(arg)
656 if #arg >= 1 and arg[1] ~= "--help" then
657 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key";
658 if os.execute("test -f "..key_filename) == 0
659 and not show_yesno("Overwrite "..key_filename .. "?") then
660 return nil, key_filename;
661 end
662 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
663 os.execute(("openssl genrsa -out %s %d"):format(key_filename, tonumber(key_size)));
664 os.execute(("chmod 400 %s"):format(key_filename));
665 show_message("Key written to ".. key_filename);
666 return nil, key_filename;
667 else
668 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key")
669 end
670 end
671
672 function cert_commands.request(arg)
673 if #arg >= 1 and arg[1] ~= "--help" then
674 local req_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".req";
675 if os.execute("test -f "..req_filename) == 0
676 and not show_yesno("Overwrite "..req_filename .. "?") then
677 return nil, req_filename;
678 end
679 local _, key_filename = cert_commands.key({arg[1]});
680 local _, conf_filename = cert_commands.config({arg[1]});
681 os.execute(("openssl req -new -key %s -utf8 -config %s -out %s")
682 :format(key_filename, conf_filename, req_filename));
683 show_message("Certificate request written to ".. req_filename);
684 else
685 show_usage("cert request HOSTNAME", "Generates a certificate request")
686 end
687 end
688
689 function cert_commands.generate(arg)
690 if #arg >= 1 and arg[1] ~= "--help" then
691 local cert_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cert";
692 if os.execute("test -f "..cert_filename) == 0
693 and not show_yesno("Overwrite "..cert_filename .. "?") then
694 return nil, cert_filename;
695 end
696 local _, key_filename = cert_commands.key({arg[1]});
697 local _, conf_filename = cert_commands.config({arg[1]});
698 os.execute(("openssl req -new -x509 -nodes -key %s -days 365 -sha1 -utf8 -config %s -out %s")
699 :format(key_filename, conf_filename, cert_filename));
700 show_message("Certificate written to ".. cert_filename);
701 else
702 show_usage("cert generate HOSTNAME", "Generates a self-signed certificate")
703 end
704 end
705
706 function commands.cert(arg)
707 if #arg >= 1 and arg[1] ~= "--help" then
708 local subcmd = table.remove(arg, 1);
709 if type(cert_commands[subcmd]) == "function" then
710 return cert_commands[subcmd](arg);
711 end
712 end
713 show_usage("cert config|request|generate|key", "Helpers for X.509 certificates.")
714 end
715
615 --------------------- 716 ---------------------
616 717
617 if command and command:match("^mod_") then -- Is a command in a module 718 if command and command:match("^mod_") then -- Is a command in a module
618 local module_name = command:match("^mod_(.+)"); 719 local module_name = command:match("^mod_(.+)");
619 local ret, err = modulemanager.load("*", module_name); 720 local ret, err = modulemanager.load("*", module_name);