Mercurial > prosody-modules
diff mod_s2s_auth_posh/mod_s2s_auth_posh.lua @ 3225:517c7f0333e3
mod_s2s_auth_posh: Add a command for generating the JSON file
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 13 Aug 2018 03:35:42 +0200 |
| parents | 7bfb25111ea6 |
| children | f0e19a77f81e |
line wrap: on
line diff
--- a/mod_s2s_auth_posh/mod_s2s_auth_posh.lua Fri Aug 10 06:12:55 2018 +0200 +++ b/mod_s2s_auth_posh/mod_s2s_auth_posh.lua Mon Aug 13 03:35:42 2018 +0200 @@ -114,3 +114,33 @@ log("debug", "POSH authentication failed!"); end); + +function module.command(arg) + if not arg[1] then + print("Usage: mod_s2s_auth_posh /path/to/cert.pem") + return 1; + end + local jwkset = { fingerprints = { }; expires = 86400; } + + for i, cert_file in ipairs(arg) do + local cert, err = io.open(cert_file); + if not cert then + io.stderr:write(err, "\n"); + return 1; + end + local cert_pem = cert:read("*a"); + local cert_der, typ = pem2der(cert_pem); + if typ == "CERTIFICATE" then + table.insert(jwkset.fingerprints, { ["sha-256"] = base64.encode(hashes.sha256(cert_der)); }); + elseif typ then + io.stderr:write(cert_file, " contained a ", typ:lower(), ", was expecting a certificate\n"); + return 1; + else + io.stderr:write(cert_file, " did not contain a certificate in PEM format\n"); + return 1; + end + end + print(json.encode(jwkset)); + return 0; +end +