Mercurial > prosody-modules
comparison mod_client_certs/mod_client_certs.lua @ 1779:bdf1de953fd9
mod_client_certs: Patch from mathieui fixing invalid results when requesting multiple certs, missing stream feature and problem with PEM decoding.
| author | Thijs Alkemade <me@thijsalkema.de> |
|---|---|
| date | Thu, 13 Aug 2015 18:03:11 +0200 |
| parents | 7dbde05b48a9 |
| children | 4b43b317e8f5 |
comparison
equal
deleted
inserted
replaced
| 1778:32604bf33a4c | 1779:bdf1de953fd9 |
|---|---|
| 8 local jid_split = require "util.jid".split; | 8 local jid_split = require "util.jid".split; |
| 9 local xmlns_saslcert = "urn:xmpp:saslcert:1"; | 9 local xmlns_saslcert = "urn:xmpp:saslcert:1"; |
| 10 local dm_load = require "util.datamanager".load; | 10 local dm_load = require "util.datamanager".load; |
| 11 local dm_store = require "util.datamanager".store; | 11 local dm_store = require "util.datamanager".store; |
| 12 local dm_table = "client_certs"; | 12 local dm_table = "client_certs"; |
| 13 local x509 = require "ssl.x509"; | 13 local ssl_x509 = require "ssl.x509"; |
| 14 local util_x509 = require "util.x509"; | |
| 14 local id_on_xmppAddr = "1.3.6.1.5.5.7.8.5"; | 15 local id_on_xmppAddr = "1.3.6.1.5.5.7.8.5"; |
| 15 local id_ce_subjectAltName = "2.5.29.17"; | 16 local id_ce_subjectAltName = "2.5.29.17"; |
| 16 local digest_algo = "sha1"; | 17 local digest_algo = "sha1"; |
| 17 local base64 = require "util.encodings".base64; | 18 local base64 = require "util.encodings".base64; |
| 18 | 19 |
| 117 local certs = dm_load(origin.username, module.host, dm_table) or {}; | 118 local certs = dm_load(origin.username, module.host, dm_table) or {}; |
| 118 | 119 |
| 119 for digest,info in pairs(certs) do | 120 for digest,info in pairs(certs) do |
| 120 reply:tag("item") | 121 reply:tag("item") |
| 121 :tag("name"):text(info.name):up() | 122 :tag("name"):text(info.name):up() |
| 122 :tag("x509cert"):text(info.x509cert) | 123 :tag("x509cert"):text(info.x509cert):up() |
| 123 :up(); | 124 :up(); |
| 124 end | 125 end |
| 125 | 126 |
| 126 origin.send(reply); | 127 origin.send(reply); |
| 127 return true | 128 return true |
| 142 end | 143 end |
| 143 | 144 |
| 144 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; | 145 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; |
| 145 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); | 146 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); |
| 146 | 147 |
| 147 local cert = x509.load( | 148 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert))); |
| 148 "-----BEGIN CERTIFICATE-----\n" | |
| 149 .. x509cert .. | |
| 150 "\n-----END CERTIFICATE-----\n"); | |
| 151 | |
| 152 | 149 |
| 153 if not cert then | 150 if not cert then |
| 154 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); | 151 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); |
| 155 return true; | 152 return true; |
| 156 end | 153 end |
| 300 end | 297 end |
| 301 | 298 |
| 302 local name = fields.name; | 299 local name = fields.name; |
| 303 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); | 300 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); |
| 304 | 301 |
| 305 local cert = x509.load( | 302 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert))); |
| 306 "-----BEGIN CERTIFICATE-----\n" | |
| 307 .. x509cert .. | |
| 308 "\n-----END CERTIFICATE-----\n"); | |
| 309 | 303 |
| 310 if not cert then | 304 if not cert then |
| 311 return { status = "completed", error = { message = "Could not parse X.509 certificate" } }; | 305 return { status = "completed", error = { message = "Could not parse X.509 certificate" } }; |
| 312 end | 306 end |
| 313 | 307 |
| 425 end | 419 end |
| 426 return true; | 420 return true; |
| 427 end | 421 end |
| 428 end, 1); | 422 end, 1); |
| 429 | 423 |
| 424 module:add_feature(xmlns_saslcert); |