prosody
f26debcae34e
util/openssl.lua
Software / code / prosody
Comparison
util/openssl.lua @ 7036:f26debcae34e
Merge 0.10->trunk
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 27 Dec 2015 12:29:28 +0100 |
| parent | 7023:c2ccbfe30113 |
| child | 7192:18a13a7b4bac |
comparison
equal
deleted
inserted
replaced
| 7015:17e275e8bd79 | 7036:f26debcae34e |
|---|---|
| 10 local _M = {}; | 10 local _M = {}; |
| 11 local config = {}; | 11 local config = {}; |
| 12 _M.config = config; | 12 _M.config = config; |
| 13 | 13 |
| 14 local ssl_config = {}; | 14 local ssl_config = {}; |
| 15 local ssl_config_mt = {__index=ssl_config}; | 15 local ssl_config_mt = { __index = ssl_config }; |
| 16 | 16 |
| 17 function config.new() | 17 function config.new() |
| 18 return setmetatable({ | 18 return setmetatable({ |
| 19 req = { | 19 req = { |
| 20 distinguished_name = "distinguished_name", | 20 distinguished_name = "distinguished_name", |
| 63 local s = ""; | 63 local s = ""; |
| 64 for k, t in pairs(self) do | 64 for k, t in pairs(self) do |
| 65 s = s .. ("[%s]\n"):format(k); | 65 s = s .. ("[%s]\n"):format(k); |
| 66 if k == "subject_alternative_name" then | 66 if k == "subject_alternative_name" then |
| 67 for san, n in pairs(t) do | 67 for san, n in pairs(t) do |
| 68 for i = 1,#n do | 68 for i = 1, #n do |
| 69 s = s .. s_format("%s.%d = %s\n", san, i -1, n[i]); | 69 s = s .. s_format("%s.%d = %s\n", san, i -1, n[i]); |
| 70 end | 70 end |
| 71 end | 71 end |
| 72 elseif k == "distinguished_name" then | 72 elseif k == "distinguished_name" then |
| 73 for i=1,#DN_order do | 73 for i=1, #DN_order do |
| 74 local k = DN_order[i] | 74 local k = DN_order[i] |
| 75 local v = t[k]; | 75 local v = t[k]; |
| 76 if v then | 76 if v then |
| 77 s = s .. ("%s = %s\n"):format(k, v); | 77 s = s .. ("%s = %s\n"):format(k, v); |
| 78 end | 78 end |
| 105 t_insert(self.subject_alternative_name.DNS, idna_to_ascii(host)); | 105 t_insert(self.subject_alternative_name.DNS, idna_to_ascii(host)); |
| 106 end | 106 end |
| 107 | 107 |
| 108 function ssl_config:add_sRVName(host, service) | 108 function ssl_config:add_sRVName(host, service) |
| 109 t_insert(self.subject_alternative_name.otherName, | 109 t_insert(self.subject_alternative_name.otherName, |
| 110 s_format("%s;%s", oid_dnssrv, ia5string("_" .. service .."." .. idna_to_ascii(host)))); | 110 s_format("%s;%s", oid_dnssrv, ia5string("_" .. service .. "." .. idna_to_ascii(host)))); |
| 111 end | 111 end |
| 112 | 112 |
| 113 function ssl_config:add_xmppAddr(host) | 113 function ssl_config:add_xmppAddr(host) |
| 114 t_insert(self.subject_alternative_name.otherName, | 114 t_insert(self.subject_alternative_name.otherName, |
| 115 s_format("%s;%s", oid_xmppaddr, utf8string(host))); | 115 s_format("%s;%s", oid_xmppaddr, utf8string(host))); |
| 116 end | 116 end |
| 117 | 117 |
| 118 function ssl_config:from_prosody(hosts, config, certhosts) | 118 function ssl_config:from_prosody(hosts, config, certhosts) |
| 119 -- TODO Decide if this should go elsewhere | 119 -- TODO Decide if this should go elsewhere |
| 120 local found_matching_hosts = false; | 120 local found_matching_hosts = false; |
| 121 for i = 1,#certhosts do | 121 for i = 1, #certhosts do |
| 122 local certhost = certhosts[i]; | 122 local certhost = certhosts[i]; |
| 123 for name in pairs(hosts) do | 123 for name in pairs(hosts) do |
| 124 if name == certhost or name:sub(-1-#certhost) == "."..certhost then | 124 if name == certhost or name:sub(-1-#certhost) == "." .. certhost then |
| 125 found_matching_hosts = true; | 125 found_matching_hosts = true; |
| 126 self:add_dNSName(name); | 126 self:add_dNSName(name); |
| 127 --print(name .. "#component_module: " .. (config.get(name, "component_module") or "nil")); | 127 --print(name .. "#component_module: " .. (config.get(name, "component_module") or "nil")); |
| 128 if config.get(name, "component_module") == nil then | 128 if config.get(name, "component_module") == nil then |
| 129 self:add_sRVName(name, "xmpp-client"); | 129 self:add_sRVName(name, "xmpp-client"); |
| 142 end | 142 end |
| 143 end | 143 end |
| 144 | 144 |
| 145 do -- Lua to shell calls. | 145 do -- Lua to shell calls. |
| 146 local function shell_escape(s) | 146 local function shell_escape(s) |
| 147 return s:gsub("'",[['\'']]); | 147 return "'" .. tostring(s):gsub("'",[['\'']]) .. "'"; |
| 148 end | 148 end |
| 149 | 149 |
| 150 local function serialize(f,o) | 150 local function serialize(command, args) |
| 151 local r = {"openssl", f}; | 151 local commandline = { "openssl", command }; |
| 152 for k,v in pairs(o) do | 152 for k, v in pairs(args) do |
| 153 if type(k) == "string" then | 153 if type(k) == "string" then |
| 154 t_insert(r, ("-%s"):format(k)); | 154 t_insert(commandline, ("-%s"):format(k)); |
| 155 if v ~= true then | 155 if v ~= true then |
| 156 t_insert(r, ("'%s'"):format(shell_escape(tostring(v)))); | 156 t_insert(commandline, shell_escape(v)); |
| 157 end | 157 end |
| 158 end | 158 end |
| 159 end | 159 end |
| 160 for _,v in ipairs(o) do | 160 for _, v in ipairs(args) do |
| 161 t_insert(r, ("'%s'"):format(shell_escape(tostring(v)))); | 161 t_insert(commandline, shell_escape(v)); |
| 162 end | 162 end |
| 163 return t_concat(r, " "); | 163 return t_concat(commandline, " "); |
| 164 end | 164 end |
| 165 | 165 |
| 166 local os_execute = os.execute; | 166 local os_execute = os.execute; |
| 167 setmetatable(_M, { | 167 setmetatable(_M, { |
| 168 __index=function(_,f) | 168 __index = function(_, command) |
| 169 return function(opts) | 169 return function(opts) |
| 170 return 0 == os_execute(serialize(f, type(opts) == "table" and opts or {})); | 170 return 0 == os_execute(serialize(command, type(opts) == "table" and opts or {})); |
| 171 end; | 171 end; |
| 172 end; | 172 end; |
| 173 }); | 173 }); |
| 174 end | 174 end |
| 175 | 175 |
