Mercurial > prosody-modules
changeset 3267:4b43b317e8f5
mod_client_certs: Simplify iq handling by hooking on iq-get/ and iq-set/ instead of iq/.
author | Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> |
---|---|
date | Fri, 24 Aug 2018 20:49:54 +0200 (2018-08-24) |
parents | ebd78514bbec |
children | 4cdd1ddae72c |
files | mod_client_certs/mod_client_certs.lua |
diffstat | 1 files changed, 58 insertions(+), 65 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_client_certs/mod_client_certs.lua Fri Aug 24 19:51:31 2018 +0200 +++ b/mod_client_certs/mod_client_certs.lua Fri Aug 24 20:49:54 2018 +0200 @@ -109,92 +109,85 @@ return info; end -module:hook("iq/self/"..xmlns_saslcert..":items", function(event) +module:hook("iq-get/self/"..xmlns_saslcert..":items", function(event) local origin, stanza = event.origin, event.stanza; - if stanza.attr.type == "get" then - module:log("debug", "%s requested items", origin.full_jid); + module:log("debug", "%s requested items", origin.full_jid); - local reply = st.reply(stanza):tag("items", { xmlns = xmlns_saslcert }); - local certs = dm_load(origin.username, module.host, dm_table) or {}; + local reply = st.reply(stanza):tag("items", { xmlns = xmlns_saslcert }); + local certs = dm_load(origin.username, module.host, dm_table) or {}; - for digest,info in pairs(certs) do - reply:tag("item") - :tag("name"):text(info.name):up() - :tag("x509cert"):text(info.x509cert):up() - :up(); - end + for digest,info in pairs(certs) do + reply:tag("item") + :tag("name"):text(info.name):up() + :tag("x509cert"):text(info.x509cert):up() + :up(); + end - origin.send(reply); - return true - end + origin.send(reply); + return true end); -module:hook("iq/self/"..xmlns_saslcert..":append", function(event) +module:hook("iq-set/self/"..xmlns_saslcert..":append", function(event) local origin, stanza = event.origin, event.stanza; - if stanza.attr.type == "set" then - - local append = stanza:get_child("append", xmlns_saslcert); - local name = append:get_child_text("name", xmlns_saslcert); - local x509cert = append:get_child_text("x509cert", xmlns_saslcert); - - if not x509cert or not name then - origin.send(st.error_reply(stanza, "cancel", "bad-request", "Missing fields.")); -- cancel? not modify? - return true - end - - local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; - x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); - - local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert))); + local append = stanza:get_child("append", xmlns_saslcert); + local name = append:get_child_text("name", xmlns_saslcert); + local x509cert = append:get_child_text("x509cert", xmlns_saslcert); - if not cert then - origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); - return true; - end - - local ok, err = enable_cert(origin.username, cert, { - name = name, - x509cert = x509cert, - no_cert_management = can_manage, - }); - - if not ok then - origin.send(st.error_reply(stanza, "cancel", "bad-request", err)); - return true -- REJECT?! - end - - module:log("debug", "%s added certificate named %s", origin.full_jid, name); - - origin.send(st.reply(stanza)); - + if not x509cert or not name then + origin.send(st.error_reply(stanza, "cancel", "bad-request", "Missing fields.")); -- cancel? not modify? return true end + + local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; + x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); + + local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert))); + + if not cert then + origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); + return true; + end + + local ok, err = enable_cert(origin.username, cert, { + name = name, + x509cert = x509cert, + no_cert_management = can_manage, + }); + + if not ok then + origin.send(st.error_reply(stanza, "cancel", "bad-request", err)); + return true -- REJECT?! + end + + module:log("debug", "%s added certificate named %s", origin.full_jid, name); + + origin.send(st.reply(stanza)); + + return true end); local function handle_disable(event) local origin, stanza = event.origin, event.stanza; - if stanza.attr.type == "set" then - local disable = stanza.tags[1]; - module:log("debug", "%s disabled a certificate", origin.full_jid); - - local name = disable:get_child_text("name"); + local disable = stanza.tags[1]; + module:log("debug", "%s disabled a certificate", origin.full_jid); - if not name then - origin.send(st.error_reply(stanza, "cancel", "bad-request", "No key specified.")); - return true - end + local name = disable:get_child_text("name"); - disable_cert(origin.username, name, disable.name == "revoke"); - - origin.send(st.reply(stanza)); - + if not name then + origin.send(st.error_reply(stanza, "cancel", "bad-request", "No key specified.")); return true end + + disable_cert(origin.username, name, disable.name == "revoke"); + + origin.send(st.reply(stanza)); + + return true end -module:hook("iq/self/"..xmlns_saslcert..":disable", handle_disable); -module:hook("iq/self/"..xmlns_saslcert..":revoke", handle_disable); +module:hook("iq-set/self/"..xmlns_saslcert..":disable", handle_disable); +module:hook("iq-set/self/"..xmlns_saslcert..":revoke", handle_disable); -- Ad-hoc command local adhoc_new = module:require "adhoc".new;