prosody
73e261ed00a9
prosodyctl
Software / code / prosody
Comparison
prosodyctl @ 4824:73e261ed00a9
prosodyctl: Use util.openssl in certificate helpers. Improve feedback
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 09 May 2012 00:33:55 +0200 |
| parent | 4815:04e6115e060b |
| child | 4826:1c4852da78c8 |
comparison
equal
deleted
inserted
replaced
| 4823:a61e78b4a2b3 | 4824:73e261ed00a9 |
|---|---|
| 611 | 611 |
| 612 show_message(error_messages[msg]) | 612 show_message(error_messages[msg]) |
| 613 return 1; | 613 return 1; |
| 614 end | 614 end |
| 615 | 615 |
| 616 local x509 = require "util.x509"; | 616 local openssl = require "util.openssl"; |
| 617 local genx509san = x509.genx509san; | |
| 618 local opensslbaseconf = x509.baseconf; | |
| 619 local seralizeopensslbaseconf = x509.serialize_conf; | |
| 620 | 617 |
| 621 local cert_commands = {}; | 618 local cert_commands = {}; |
| 622 | 619 |
| 623 -- TODO Should this be moved to util.prosodyctl or x509? | |
| 624 function cert_commands.config(arg) | 620 function cert_commands.config(arg) |
| 625 if #arg >= 1 and arg[1] ~= "--help" then | 621 if #arg >= 1 and arg[1] ~= "--help" then |
| 626 local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf"; | 622 local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf"; |
| 627 if os.execute("test -f "..conf_filename) == 0 | 623 if os.execute("test -f "..conf_filename) == 0 |
| 628 and not show_yesno("Overwrite "..conf_filename .. "?") then | 624 and not show_yesno("Overwrite "..conf_filename .. "?") then |
| 629 return nil, conf_filename; | 625 return nil, conf_filename; |
| 630 end | 626 end |
| 631 local conf = opensslbaseconf(); | 627 local conf = openssl.config.new(); |
| 632 conf.subject_alternative_name = genx509san(hosts, config, arg, true) | 628 conf:from_prosody(hosts, config, arg); |
| 633 for k, v in pairs(conf.distinguished_name) do | 629 for k, v in pairs(conf.distinguished_name) do |
| 634 local nv; | 630 local nv; |
| 635 if k == "commonName" then | 631 if k == "commonName" then |
| 636 v = arg[1] | 632 v = arg[1] |
| 637 elseif k == "emailAddress" then | 633 elseif k == "emailAddress" then |
| 640 nv = show_prompt(("%s (%s):"):format(k, nv or v)); | 636 nv = show_prompt(("%s (%s):"):format(k, nv or v)); |
| 641 nv = (not nv or nv == "") and v or nv; | 637 nv = (not nv or nv == "") and v or nv; |
| 642 conf.distinguished_name[k] = nv ~= "." and nv or nil; | 638 conf.distinguished_name[k] = nv ~= "." and nv or nil; |
| 643 end | 639 end |
| 644 local conf_file = io.open(conf_filename, "w"); | 640 local conf_file = io.open(conf_filename, "w"); |
| 645 conf_file:write(seralizeopensslbaseconf(conf)); | 641 conf_file:write(conf:serialize()); |
| 646 conf_file:close(); | 642 conf_file:close(); |
| 647 print(""); | 643 print(""); |
| 648 show_message("Config written to " .. conf_filename); | 644 show_message("Config written to " .. conf_filename); |
| 649 return nil, conf_filename; | 645 return nil, conf_filename; |
| 650 else | 646 else |
| 653 end | 649 end |
| 654 | 650 |
| 655 function cert_commands.key(arg) | 651 function cert_commands.key(arg) |
| 656 if #arg >= 1 and arg[1] ~= "--help" then | 652 if #arg >= 1 and arg[1] ~= "--help" then |
| 657 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; | 653 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; |
| 658 if os.execute("test -f "..key_filename) == 0 | 654 if os.execute("test -f "..key_filename) == 0 then |
| 659 and not show_yesno("Overwrite "..key_filename .. "?") then | 655 if not show_yesno("Overwrite "..key_filename .. "?") then |
| 656 return nil, key_filename; | |
| 657 end | |
| 658 os.remove(key_filename); -- We chmod this file to not have write permissions | |
| 659 end | |
| 660 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); | |
| 661 if openssl.genrsa{out=key_filename, key_size} then | |
| 662 os.execute(("chmod 400 '%s'"):format(key_filename)); | |
| 663 show_message("Key written to ".. key_filename); | |
| 660 return nil, key_filename; | 664 return nil, key_filename; |
| 661 end | 665 end |
| 662 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); | 666 show_message("There was a problem, see OpenSSL output"); |
| 663 os.execute(("openssl genrsa -out %s %d"):format(key_filename, tonumber(key_size))); | |
| 664 os.execute(("chmod 400 %s"):format(key_filename)); | |
| 665 show_message("Key written to ".. key_filename); | |
| 666 return nil, key_filename; | |
| 667 else | 667 else |
| 668 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key") | 668 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key") |
| 669 end | 669 end |
| 670 end | 670 end |
| 671 | 671 |
| 676 and not show_yesno("Overwrite "..req_filename .. "?") then | 676 and not show_yesno("Overwrite "..req_filename .. "?") then |
| 677 return nil, req_filename; | 677 return nil, req_filename; |
| 678 end | 678 end |
| 679 local _, key_filename = cert_commands.key({arg[1]}); | 679 local _, key_filename = cert_commands.key({arg[1]}); |
| 680 local _, conf_filename = cert_commands.config({arg[1]}); | 680 local _, conf_filename = cert_commands.config({arg[1]}); |
| 681 os.execute(("openssl req -new -key %s -utf8 -config %s -out %s") | 681 if openssl.req{new=true, key=key_filename, utf8=true, config=conf_filename, out=req_filename} then |
| 682 :format(key_filename, conf_filename, req_filename)); | 682 show_message("Certificate request written to ".. req_filename); |
| 683 show_message("Certificate request written to ".. req_filename); | 683 else |
| 684 show_message("There was a problem, see OpenSSL output"); | |
| 685 end | |
| 684 else | 686 else |
| 685 show_usage("cert request HOSTNAME", "Generates a certificate request") | 687 show_usage("cert request HOSTNAME", "Generates a certificate request") |
| 686 end | 688 end |
| 687 end | 689 end |
| 688 | 690 |
| 693 and not show_yesno("Overwrite "..cert_filename .. "?") then | 695 and not show_yesno("Overwrite "..cert_filename .. "?") then |
| 694 return nil, cert_filename; | 696 return nil, cert_filename; |
| 695 end | 697 end |
| 696 local _, key_filename = cert_commands.key({arg[1]}); | 698 local _, key_filename = cert_commands.key({arg[1]}); |
| 697 local _, conf_filename = cert_commands.config({arg[1]}); | 699 local _, conf_filename = cert_commands.config({arg[1]}); |
| 698 os.execute(("openssl req -new -x509 -nodes -key %s -days 365 -sha1 -utf8 -config %s -out %s") | 700 local ret; |
| 699 :format(key_filename, conf_filename, cert_filename)); | 701 if key_filename and conf_filename and cert_filename |
| 700 show_message("Certificate written to ".. cert_filename); | 702 and openssl.req{new=true, x509=true, nodes=true, key=key_filename, |
| 703 days=365, sha1=true, utf8=true, config=conf_filename, out=cert_filename} then | |
| 704 show_message("Certificate written to ".. cert_filename); | |
| 705 else | |
| 706 show_message("There was a problem, see OpenSSL output"); | |
| 707 end | |
| 701 else | 708 else |
| 702 show_usage("cert generate HOSTNAME", "Generates a self-signed certificate") | 709 show_usage("cert generate HOSTNAME", "Generates a self-signed certificate") |
| 703 end | 710 end |
| 704 end | 711 end |
| 705 | 712 |
