changeset 697:c3337f62a538

mod_client_certs: Disconnect every session that was using that cert when revoking a client certificate.
author Thijs Alkemade <thijsalkemade@gmail.com>
date Tue, 05 Jun 2012 19:31:03 +0200
parents da69b65288e4
children 3a3293f37139
files mod_client_certs/mod_client_certs.lua
diffstat 1 files changed, 14 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/mod_client_certs/mod_client_certs.lua	Tue Jun 05 19:17:28 2012 +0200
+++ b/mod_client_certs/mod_client_certs.lua	Tue Jun 05 19:31:03 2012 +0200
@@ -167,10 +167,6 @@
 		local disable = stanza.tags[1];
 		module:log("debug", "%s disabled a certificate", origin.full_jid);
 
-		if disable.name == "revoke" then
-			module:log("debug", "%s revoked a certificate! Should disconnect all clients that used it", origin.full_jid);
-			-- TODO hosts.sessions[user].sessions.each{close if uses this cert}
-		end
 		local item = disable:get_child("item");
 		local name = item and item.attr.id;
 
@@ -179,8 +175,21 @@
 			return true
 		end
 
-		disable_cert(origin.username, name);
+		local disabled_cert = disable_cert(origin.username, name):pem();
+
+		if disable.name == "revoke" then
+			module:log("debug", "%s revoked a certificate! Disconnecting all clients that used it", origin.full_jid);
+			local sessions = hosts[module.host].sessions[origin.username].sessions;
 
+			for _, session in pairs(sessions) do
+				local cert = session.external_auth_cert;
+				
+				if cert and cert == disabled_cert then
+					module:log("debug", "Found a session that should be closed: %s", tostring(session));
+					session:close{ condition = "not-authorized", text = "This client side certificate has been revoked."};
+				end
+			end
+		end
 		origin.send(st.reply(stanza));
 
 		return true