Mercurial > prosody-modules
comparison mod_s2s_auth_monkeysphere/mod_s2s_auth_monkeysphere.lua @ 3393:8d1141025b43
mod_s2s_auth_monkeysphere: Remove blocking mode (simplifes code) (not tested)
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 01 Dec 2018 16:04:35 +0100 |
parents | a100f4a720cb |
children |
comparison
equal
deleted
inserted
replaced
3392:c8c9c940ec2d | 3393:8d1141025b43 |
---|---|
1 module:set_global(); | 1 module:set_global(); |
2 | 2 |
3 local http_request = require"socket.http".request; | |
4 local ltn12 = require"ltn12"; | |
5 local json = require"util.json"; | 3 local json = require"util.json"; |
6 local json_encode, json_decode = json.encode, json.decode; | 4 local json_encode, json_decode = json.encode, json.decode; |
7 local gettime = require"socket".gettime; | 5 local gettime = require"socket".gettime; |
8 local serialize = require"util.serialization".serialize; | 6 local serialize = require"util.serialization".serialize; |
9 local have_async, async = pcall(require, "util.async"); | 7 local async = require"util.async"; |
8 local http_request = require "net.http".request; | |
10 | 9 |
11 local msva_url = assert(os.getenv"MONKEYSPHERE_VALIDATION_AGENT_SOCKET", | 10 local msva_url = assert(os.getenv"MONKEYSPHERE_VALIDATION_AGENT_SOCKET", |
12 "MONKEYSPHERE_VALIDATION_AGENT_SOCKET is unset, please set it").."/reviewcert"; | 11 "MONKEYSPHERE_VALIDATION_AGENT_SOCKET is unset, please set it").."/reviewcert"; |
13 | 12 |
14 if have_async then | |
15 local _http_request = require "net.http".request; | |
16 function http_request(url, ex) | |
17 local wait, done = async.waiter(); | |
18 local content, code, request, response; | |
19 _http_request(url, ex, function (_content, _code, _request, _response) | |
20 content, code, request, response = _content, _code, _request, _response; | |
21 done(); | |
22 end); | |
23 wait(); | |
24 return content, code, request, response; | |
25 end | |
26 end | |
27 | |
28 local function check_with_monkeysphere(event) | 13 local function check_with_monkeysphere(event) |
29 local session, host, cert = event.session, event.host, event.cert; | 14 local session, host, cert = event.session, event.host, event.cert; |
30 local result = {}; | |
31 local post_body = json_encode { | 15 local post_body = json_encode { |
32 peer = { | 16 peer = { |
33 name = host; | 17 name = host; |
34 type = "peer"; | 18 type = "peer"; |
35 }; | 19 }; |
40 data = cert:pem(); | 24 data = cert:pem(); |
41 }; | 25 }; |
42 } | 26 } |
43 local req = { | 27 local req = { |
44 method = "POST"; | 28 method = "POST"; |
45 url = msva_url; | |
46 headers = { | 29 headers = { |
47 ["Content-Type"] = "application/json"; | 30 ["Content-Type"] = "application/json"; |
48 ["Content-Length"] = tostring(#post_body); | |
49 }; | 31 }; |
50 sink = ltn12.sink.table(result); | 32 body = post_body; |
51 source = ltn12.source.string(post_body); | |
52 }; | 33 }; |
53 session.log("debug", "Asking what Monkeysphere thinks about this certificate"); | 34 session.log("debug", "Asking what Monkeysphere thinks about this certificate"); |
54 local starttime = gettime(); | 35 local starttime = gettime(); |
55 local ok, code = http_request(req); | 36 local wait, done = async.waiter(); |
37 local body, code; | |
38 http_request(msva_url, req, function (_, _code) | |
39 body, code = body, _code; | |
40 done(); | |
41 end); | |
42 wait(); | |
56 module:log("debug", "Request took %fs", gettime() - starttime); | 43 module:log("debug", "Request took %fs", gettime() - starttime); |
57 local body = table.concat(result); | 44 if code == 200 and body then |
58 if ok and code == 200 and body then | |
59 body = json_decode(body); | 45 body = json_decode(body); |
60 if body then | 46 if body then |
61 session.log(body.valid and "info" or "warn", "Monkeysphere thinks the cert is %salid: %s", body.valid and "V" or "Inv", body.message); | 47 session.log(body.valid and "info" or "warn", |
48 "Monkeysphere thinks the cert is %salid: %s", body.valid and "V" or "Inv", body.message); | |
62 if body.valid then | 49 if body.valid then |
63 session.cert_chain_status = "valid"; | 50 session.cert_chain_status = "valid"; |
64 session.cert_identity_status = "valid"; | 51 session.cert_identity_status = "valid"; |
65 return true; | 52 return true; |
66 end | 53 end |