Mercurial > prosody-modules
comparison mod_s2s_auth_monkeysphere/mod_s2s_auth_monkeysphere.lua @ 1413:cfe360d9d82c
mod_s2s_auth_monkeysphere: Uses Monkeysphere for certificate validation
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 19 May 2014 11:56:49 +0200 |
| parents | |
| children | a100f4a720cb |
comparison
equal
deleted
inserted
replaced
| 1412:d85695be0441 | 1413:cfe360d9d82c |
|---|---|
| 1 module:set_global(); | |
| 2 | |
| 3 local http_request = require"socket.http".request; | |
| 4 local ltn12 = require"ltn12"; | |
| 5 local json = require"util.json"; | |
| 6 local json_encode, json_decode = json.encode, json.decode; | |
| 7 local gettime = require"socket".gettime; | |
| 8 local serialize = require"util.serialization".serialize; | |
| 9 | |
| 10 local msva_url = assert(os.getenv"MONKEYSPHERE_VALIDATION_AGENT_SOCKET", | |
| 11 "MONKEYSPHERE_VALIDATION_AGENT_SOCKET is unset, please set it").."/reviewcert"; | |
| 12 | |
| 13 local function check_with_monkeysphere(event) | |
| 14 local session, host, cert = event.session, event.host, event.cert; | |
| 15 local result = {}; | |
| 16 local post_body = json_encode { | |
| 17 peer = { | |
| 18 name = host; | |
| 19 type = "peer"; | |
| 20 }; | |
| 21 context = "https"; | |
| 22 -- context = "xmpp"; -- Monkeysphere needs to be extended to understand this | |
| 23 pkc = { | |
| 24 type = "x509pem"; | |
| 25 data = cert:pem(); | |
| 26 }; | |
| 27 } | |
| 28 local req = { | |
| 29 method = "POST"; | |
| 30 url = msva_url; | |
| 31 headers = { | |
| 32 ["Content-Type"] = "application/json"; | |
| 33 ["Content-Length"] = tostring(#post_body); | |
| 34 }; | |
| 35 sink = ltn12.sink.table(result); | |
| 36 source = ltn12.source.string(post_body); | |
| 37 }; | |
| 38 session.log("debug", "Asking what Monkeysphere thinks about this certificate"); | |
| 39 local starttime = gettime(); | |
| 40 local ok, code = http_request(req); | |
| 41 module:log("debug", "Request took %fs", gettime() - starttime); | |
| 42 local body = table.concat(result); | |
| 43 if ok and code == 200 and body then | |
| 44 body = json_decode(body); | |
| 45 if body then | |
| 46 session.log(body.valid and "info" or "warn", "Monkeysphere thinks the cert is %salid: %s", body.valid and "V" or "Inv", body.message); | |
| 47 if body.valid then | |
| 48 session.cert_chain_status = "valid"; | |
| 49 session.cert_identity_status = "valid"; | |
| 50 return true; | |
| 51 end | |
| 52 end | |
| 53 else | |
| 54 module:log("warn", "Request failed: %s, %s", tostring(code), tostring(body)); | |
| 55 module:log("debug", serialize(req)); | |
| 56 end | |
| 57 end | |
| 58 | |
| 59 module:hook("s2s-check-certificate", check_with_monkeysphere); |