Software /
code /
prosody
Comparison
prosodyctl @ 4487:5f466a50e78b
prosodyctl: Add commands for generating certificates and keys
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 20 Jan 2012 22:04:28 +0100 |
parent | 4476:53ce21286b8c |
child | 4815:04e6115e060b |
comparison
equal
deleted
inserted
replaced
4486:f04db5e7e90d | 4487:5f466a50e78b |
---|---|
234 | 234 |
235 local show_message, show_warning = prosodyctl.show_message, prosodyctl.show_warning; | 235 local show_message, show_warning = prosodyctl.show_message, prosodyctl.show_warning; |
236 local show_usage = prosodyctl.show_usage; | 236 local show_usage = prosodyctl.show_usage; |
237 local getchar, getpass = prosodyctl.getchar, prosodyctl.getpass; | 237 local getchar, getpass = prosodyctl.getchar, prosodyctl.getpass; |
238 local show_yesno = prosodyctl.show_yesno; | 238 local show_yesno = prosodyctl.show_yesno; |
239 local show_prompt = prosodyctl.show_prompt; | |
239 local read_password = prosodyctl.read_password; | 240 local read_password = prosodyctl.read_password; |
240 | 241 |
241 local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2; | 242 local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2; |
242 ----------------------- | 243 ----------------------- |
243 local commands = {}; | 244 local commands = {}; |
610 | 611 |
611 show_message(error_messages[msg]) | 612 show_message(error_messages[msg]) |
612 return 1; | 613 return 1; |
613 end | 614 end |
614 | 615 |
616 local x509 = require "util.x509"; | |
617 local genx509san = x509.genx509san; | |
618 local opensslbaseconf = x509.baseconf; | |
619 local seralizeopensslbaseconf = x509.serialize_conf; | |
620 | |
621 local cert_commands = {}; | |
622 | |
623 -- TODO Should this be moved to util.prosodyctl or x509? | |
624 function cert_commands.config(arg) | |
625 if #arg >= 1 and arg[1] ~= "--help" then | |
626 local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf"; | |
627 if os.execute("test -f "..conf_filename) == 0 | |
628 and not show_yesno("Overwrite "..conf_filename .. "?") then | |
629 return nil, conf_filename; | |
630 end | |
631 local conf = opensslbaseconf(); | |
632 conf.subject_alternative_name = genx509san(hosts, config, arg, true) | |
633 for k, v in pairs(conf.distinguished_name) do | |
634 local nv; | |
635 if k == "commonName" then | |
636 v = arg[1] | |
637 elseif k == "emailAddress" then | |
638 v = "xmpp@" .. arg[1]; | |
639 end | |
640 nv = show_prompt(("%s (%s):"):format(k, nv or v)); | |
641 nv = (not nv or nv == "") and v or nv; | |
642 conf.distinguished_name[k] = nv ~= "." and nv or nil; | |
643 end | |
644 local conf_file = io.open(conf_filename, "w"); | |
645 conf_file:write(seralizeopensslbaseconf(conf)); | |
646 conf_file:close(); | |
647 print(""); | |
648 show_message("Config written to " .. conf_filename); | |
649 return nil, conf_filename; | |
650 else | |
651 show_usage("cert config HOSTNAME", "generates config for OpenSSL") | |
652 end | |
653 end | |
654 | |
655 function cert_commands.key(arg) | |
656 if #arg >= 1 and arg[1] ~= "--help" then | |
657 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; | |
658 if os.execute("test -f "..key_filename) == 0 | |
659 and not show_yesno("Overwrite "..key_filename .. "?") then | |
660 return nil, key_filename; | |
661 end | |
662 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); | |
663 os.execute(("openssl genrsa -out %s %d"):format(key_filename, tonumber(key_size))); | |
664 os.execute(("chmod 400 %s"):format(key_filename)); | |
665 show_message("Key written to ".. key_filename); | |
666 return nil, key_filename; | |
667 else | |
668 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key") | |
669 end | |
670 end | |
671 | |
672 function cert_commands.request(arg) | |
673 if #arg >= 1 and arg[1] ~= "--help" then | |
674 local req_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".req"; | |
675 if os.execute("test -f "..req_filename) == 0 | |
676 and not show_yesno("Overwrite "..req_filename .. "?") then | |
677 return nil, req_filename; | |
678 end | |
679 local _, key_filename = cert_commands.key({arg[1]}); | |
680 local _, conf_filename = cert_commands.config({arg[1]}); | |
681 os.execute(("openssl req -new -key %s -utf8 -config %s -out %s") | |
682 :format(key_filename, conf_filename, req_filename)); | |
683 show_message("Certificate request written to ".. req_filename); | |
684 else | |
685 show_usage("cert request HOSTNAME", "Generates a certificate request") | |
686 end | |
687 end | |
688 | |
689 function cert_commands.generate(arg) | |
690 if #arg >= 1 and arg[1] ~= "--help" then | |
691 local cert_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cert"; | |
692 if os.execute("test -f "..cert_filename) == 0 | |
693 and not show_yesno("Overwrite "..cert_filename .. "?") then | |
694 return nil, cert_filename; | |
695 end | |
696 local _, key_filename = cert_commands.key({arg[1]}); | |
697 local _, conf_filename = cert_commands.config({arg[1]}); | |
698 os.execute(("openssl req -new -x509 -nodes -key %s -days 365 -sha1 -utf8 -config %s -out %s") | |
699 :format(key_filename, conf_filename, cert_filename)); | |
700 show_message("Certificate written to ".. cert_filename); | |
701 else | |
702 show_usage("cert generate HOSTNAME", "Generates a self-signed certificate") | |
703 end | |
704 end | |
705 | |
706 function commands.cert(arg) | |
707 if #arg >= 1 and arg[1] ~= "--help" then | |
708 local subcmd = table.remove(arg, 1); | |
709 if type(cert_commands[subcmd]) == "function" then | |
710 return cert_commands[subcmd](arg); | |
711 end | |
712 end | |
713 show_usage("cert config|request|generate|key", "Helpers for X.509 certificates.") | |
714 end | |
715 | |
615 --------------------- | 716 --------------------- |
616 | 717 |
617 if command and command:match("^mod_") then -- Is a command in a module | 718 if command and command:match("^mod_") then -- Is a command in a module |
618 local module_name = command:match("^mod_(.+)"); | 719 local module_name = command:match("^mod_(.+)"); |
619 local ret, err = modulemanager.load("*", module_name); | 720 local ret, err = modulemanager.load("*", module_name); |