Mercurial > prosody-modules
comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1395:33f132c3f4b7
mod_s2s_auth_dane: Use PEM to DER function from util.x509 (0.10+)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 27 Apr 2014 01:40:20 +0200 |
| parents | 50f986deb3f7 |
| children | cf4e39334ef7 |
comparison
equal
deleted
inserted
replaced
| 1394:50f986deb3f7 | 1395:33f132c3f4b7 |
|---|---|
| 20 local type = type; | 20 local type = type; |
| 21 local t_insert = table.insert; | 21 local t_insert = table.insert; |
| 22 local set = require"util.set"; | 22 local set = require"util.set"; |
| 23 local dns_lookup = require"net.adns".lookup; | 23 local dns_lookup = require"net.adns".lookup; |
| 24 local hashes = require"util.hashes"; | 24 local hashes = require"util.hashes"; |
| 25 local base64 = require"util.encodings".base64; | |
| 26 local idna_to_ascii = require "util.encodings".idna.to_ascii; | 25 local idna_to_ascii = require "util.encodings".idna.to_ascii; |
| 27 local idna_to_unicode = require"util.encodings".idna.to_unicode; | 26 local idna_to_unicode = require"util.encodings".idna.to_unicode; |
| 28 local nameprep = require"util.encodings".stringprep.nameprep; | 27 local nameprep = require"util.encodings".stringprep.nameprep; |
| 29 local cert_verify_identity = require "util.x509".verify_identity; | 28 local cert_verify_identity = require "util.x509".verify_identity; |
| 29 local pem2der = require"util.x509".pem2der; | |
| 30 | 30 |
| 31 if not dns_lookup.types or not dns_lookup.types.TLSA then | 31 if not dns_lookup.types or not dns_lookup.types.TLSA then |
| 32 module:log("error", "No TLSA support available, DANE will not be supported"); | 32 module:log("error", "No TLSA support available, DANE will not be supported"); |
| 33 return | 33 return |
| 34 end | 34 end |
| 35 | 35 |
| 36 local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n".. | |
| 37 "([0-9A-Za-z=+/\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-"; | |
| 38 local function pem2der(pem) | |
| 39 local typ, data = pem:match(pat); | |
| 40 if typ and data then | |
| 41 return base64.decode(data), typ; | |
| 42 end | |
| 43 end | |
| 44 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 } | 36 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 } |
| 45 | 37 |
| 46 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" }; | 38 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" }; |
| 47 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE" }); | 39 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE" }); |
| 48 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; | 40 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; |