prosody-modules: mod_client_certs/mod_client

comparison mod_client_certs/mod_client_certs.lua @ 3267:4b43b317e8f5

mod_client_certs: Simplify iq handling by hooking on iq-get/ and iq-set/ instead of iq/.

author	Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
date	Fri, 24 Aug 2018 20:49:54 +0200
parents	bdf1de953fd9
children	5f2eeebcf899

comparison

equal deleted inserted replaced

-:ebd78514bbec
+:4b43b317e8f5
 	dm_store(username, module.host, dm_table, certs);
 	return info;
 end
-module:hook("iq/self/"..xmlns_saslcert..":items", function(event)
+module:hook("iq-get/self/"..xmlns_saslcert..":items", function(event)
 	local origin, stanza = event.origin, event.stanza;
-	if stanza.attr.type == "get" then
+	module:log("debug", "%s requested items", origin.full_jid);
-		module:log("debug", "%s requested items", origin.full_jid);
+	local reply = st.reply(stanza):tag("items", { xmlns = xmlns_saslcert });
-		local reply = st.reply(stanza):tag("items", { xmlns = xmlns_saslcert });
+	local certs = dm_load(origin.username, module.host, dm_table) or {};
-		local certs = dm_load(origin.username, module.host, dm_table) or {};
+	for digest,info in pairs(certs) do
-		for digest,info in pairs(certs) do
+		reply:tag("item")
-			reply:tag("item")
+			:tag("name"):text(info.name):up()
-				:tag("name"):text(info.name):up()
+			:tag("x509cert"):text(info.x509cert):up()
-				:tag("x509cert"):text(info.x509cert):up()
+		:up();
-			:up();
+	end
-		end
+	origin.send(reply);
-		origin.send(reply);
+	return true
+end);
+module:hook("iq-set/self/"..xmlns_saslcert..":append", function(event)
+	local origin, stanza = event.origin, event.stanza;
+	local append = stanza:get_child("append", xmlns_saslcert);
+	local name = append:get_child_text("name", xmlns_saslcert);
+	local x509cert = append:get_child_text("x509cert", xmlns_saslcert);
+	if not x509cert or not name then
+		origin.send(st.error_reply(stanza, "cancel", "bad-request", "Missing fields.")); -- cancel? not modify?
 		return true
 	end
-end);
+	local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil;
-module:hook("iq/self/"..xmlns_saslcert..":append", function(event)
+	x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1");
-	local origin, stanza = event.origin, event.stanza;
-	if stanza.attr.type == "set" then
+	local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert)));
-		local append = stanza:get_child("append", xmlns_saslcert);
+	if not cert then
-		local name = append:get_child_text("name", xmlns_saslcert);
+		origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate"));
-		local x509cert = append:get_child_text("x509cert", xmlns_saslcert);
+		return true;
+	end
-		if not x509cert or not name then
-			origin.send(st.error_reply(stanza, "cancel", "bad-request", "Missing fields.")); -- cancel? not modify?
+	local ok, err = enable_cert(origin.username, cert, {
-			return true
+		name = name,
-		end
+		x509cert = x509cert,
+		no_cert_management = can_manage,
-		local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil;
+	});
-		x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1");
+	if not ok then
-		local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert)));
+		origin.send(st.error_reply(stanza, "cancel", "bad-request", err));
+		return true -- REJECT?!
-		if not cert then
+	end
-			origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate"));
-			return true;
+	module:log("debug", "%s added certificate named %s", origin.full_jid, name);
-		end
+	origin.send(st.reply(stanza));
-		local ok, err = enable_cert(origin.username, cert, {
-			name = name,
+	return true
-			x509cert = x509cert,
-			no_cert_management = can_manage,
-		});
-		if not ok then
-			origin.send(st.error_reply(stanza, "cancel", "bad-request", err));
-			return true -- REJECT?!
-		end
-		module:log("debug", "%s added certificate named %s", origin.full_jid, name);
-		origin.send(st.reply(stanza));
-		return true
-	end
 end);
 local function handle_disable(event)
 	local origin, stanza = event.origin, event.stanza;
-	if stanza.attr.type == "set" then
+	local disable = stanza.tags[1];
-		local disable = stanza.tags[1];
+	module:log("debug", "%s disabled a certificate", origin.full_jid);
-		module:log("debug", "%s disabled a certificate", origin.full_jid);
+	local name = disable:get_child_text("name");
-		local name = disable:get_child_text("name");
+	if not name then
-		if not name then
+		origin.send(st.error_reply(stanza, "cancel", "bad-request", "No key specified."));
-			origin.send(st.error_reply(stanza, "cancel", "bad-request", "No key specified."));
-			return true
-		end
-		disable_cert(origin.username, name, disable.name == "revoke");
-		origin.send(st.reply(stanza));
 		return true
 	end
-end
+	disable_cert(origin.username, name, disable.name == "revoke");
-module:hook("iq/self/"..xmlns_saslcert..":disable", handle_disable);
-module:hook("iq/self/"..xmlns_saslcert..":revoke", handle_disable);
+	origin.send(st.reply(stanza));
+	return true
+end
+module:hook("iq-set/self/"..xmlns_saslcert..":disable", handle_disable);
+module:hook("iq-set/self/"..xmlns_saslcert..":revoke", handle_disable);
 -- Ad-hoc command
 local adhoc_new = module:require "adhoc".new;
 local dataforms_new = require "util.dataforms".new;

Mercurial > prosody-modules

comparison mod_client_certs/mod_client_certs.lua @ 3267:4b43b317e8f5