Mercurial > prosody-modules
view mod_s2s_auth_monkeysphere/mod_s2s_auth_monkeysphere.lua @ 1626:aed20f9e78c8
mod_s2s_auth_dane: Comments and cleanup
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 16 Mar 2015 16:19:53 +0100 |
parents | cfe360d9d82c |
children | a100f4a720cb |
line wrap: on
line source
module:set_global(); local http_request = require"socket.http".request; local ltn12 = require"ltn12"; local json = require"util.json"; local json_encode, json_decode = json.encode, json.decode; local gettime = require"socket".gettime; local serialize = require"util.serialization".serialize; local msva_url = assert(os.getenv"MONKEYSPHERE_VALIDATION_AGENT_SOCKET", "MONKEYSPHERE_VALIDATION_AGENT_SOCKET is unset, please set it").."/reviewcert"; local function check_with_monkeysphere(event) local session, host, cert = event.session, event.host, event.cert; local result = {}; local post_body = json_encode { peer = { name = host; type = "peer"; }; context = "https"; -- context = "xmpp"; -- Monkeysphere needs to be extended to understand this pkc = { type = "x509pem"; data = cert:pem(); }; } local req = { method = "POST"; url = msva_url; headers = { ["Content-Type"] = "application/json"; ["Content-Length"] = tostring(#post_body); }; sink = ltn12.sink.table(result); source = ltn12.source.string(post_body); }; session.log("debug", "Asking what Monkeysphere thinks about this certificate"); local starttime = gettime(); local ok, code = http_request(req); module:log("debug", "Request took %fs", gettime() - starttime); local body = table.concat(result); if ok and code == 200 and body then body = json_decode(body); if body then session.log(body.valid and "info" or "warn", "Monkeysphere thinks the cert is %salid: %s", body.valid and "V" or "Inv", body.message); if body.valid then session.cert_chain_status = "valid"; session.cert_identity_status = "valid"; return true; end end else module:log("warn", "Request failed: %s, %s", tostring(code), tostring(body)); module:log("debug", serialize(req)); end end module:hook("s2s-check-certificate", check_with_monkeysphere);