prosody-modules: mod_client_certs/mod_client

mod_client_certs: Disconnect every session that was using that cert when revoking a client certificate.

author	Thijs Alkemade <thijsalkemade@gmail.com>
date	Tue, 05 Jun 2012 19:31:03 +0200
parents	f6be46f15b74
children	3a3293f37139

comparison

equal deleted inserted replaced

-:da69b65288e4
+:c3337f62a538
 	local origin, stanza = event.origin, event.stanza;
 	if stanza.attr.type == "set" then
 		local disable = stanza.tags[1];
 		module:log("debug", "%s disabled a certificate", origin.full_jid);
-		if disable.name == "revoke" then
-			module:log("debug", "%s revoked a certificate! Should disconnect all clients that used it", origin.full_jid);
-			-- TODO hosts.sessions[user].sessions.each{close if uses this cert}
-		end
 		local item = disable:get_child("item");
 		local name = item and item.attr.id;
 		if not name then
 			origin.send(st.error_reply(stanza, "cancel", "bad-request", "No key specified."));
 			return true
 		end
-		disable_cert(origin.username, name);
+		local disabled_cert = disable_cert(origin.username, name):pem();
+		if disable.name == "revoke" then
+			module:log("debug", "%s revoked a certificate! Disconnecting all clients that used it", origin.full_jid);
+			local sessions = hosts[module.host].sessions[origin.username].sessions;
+			for _, session in pairs(sessions) do
+				local cert = session.external_auth_cert;
+				if cert and cert == disabled_cert then
+					module:log("debug", "Found a session that should be closed: %s", tostring(session));
+					session:close{ condition = "not-authorized", text = "This client side certificate has been revoked."};
+				end
+			end
+		end
 		origin.send(st.reply(stanza));
 		return true
 	end
 end

Mercurial > prosody-modules