Mercurial > prosody-modules
comparison mod_client_certs/mod_client_certs.lua @ 6027:23c4c61a1068
mod_muc_gateway_optimize: New module to optimize muc presence to remote gateways
Some gateways are happy to receive presence for each participant
in MUCs that they are in only once, to any one of their joined JIDs.
| author | Stephen Paul Weber <singpolyma@singpolyma.net> |
|---|---|
| date | Sun, 17 Nov 2024 22:32:52 -0500 |
| parents | 5f2eeebcf899 |
| children |
comparison
equal
deleted
inserted
replaced
| 6026:d39ddf13ff0a | 6027:23c4c61a1068 |
|---|---|
| 8 local jid_split = require "util.jid".split; | 8 local jid_split = require "util.jid".split; |
| 9 local xmlns_saslcert = "urn:xmpp:saslcert:1"; | 9 local xmlns_saslcert = "urn:xmpp:saslcert:1"; |
| 10 local dm_load = require "util.datamanager".load; | 10 local dm_load = require "util.datamanager".load; |
| 11 local dm_store = require "util.datamanager".store; | 11 local dm_store = require "util.datamanager".store; |
| 12 local dm_table = "client_certs"; | 12 local dm_table = "client_certs"; |
| 13 local ssl_x509 = require "ssl.x509"; | 13 local ssl = require "ssl"; |
| 14 local util_x509 = require "util.x509"; | 14 local util_x509 = require "util.x509"; |
| 15 local id_on_xmppAddr = "1.3.6.1.5.5.7.8.5"; | 15 local id_on_xmppAddr = "1.3.6.1.5.5.7.8.5"; |
| 16 local id_ce_subjectAltName = "2.5.29.17"; | 16 local id_ce_subjectAltName = "2.5.29.17"; |
| 17 local digest_algo = "sha1"; | 17 local digest_algo = "sha1"; |
| 18 local base64 = require "util.encodings".base64; | 18 local base64 = require "util.encodings".base64; |
| 139 end | 139 end |
| 140 | 140 |
| 141 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; | 141 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; |
| 142 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); | 142 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); |
| 143 | 143 |
| 144 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert))); | 144 local cert = ssl.loadcertificate(util_x509.der2pem(base64.decode(x509cert))); |
| 145 | 145 |
| 146 if not cert then | 146 if not cert then |
| 147 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); | 147 origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate")); |
| 148 return true; | 148 return true; |
| 149 end | 149 end |
| 204 local choose_subcmd_layout = dataforms_new { | 204 local choose_subcmd_layout = dataforms_new { |
| 205 title = "Certificate management"; | 205 title = "Certificate management"; |
| 206 instructions = "What action do you want to perform?"; | 206 instructions = "What action do you want to perform?"; |
| 207 | 207 |
| 208 { name = "FORM_TYPE", type = "hidden", value = "http://prosody.im/protocol/certs#subcmd" }; | 208 { name = "FORM_TYPE", type = "hidden", value = "http://prosody.im/protocol/certs#subcmd" }; |
| 209 { name = "subcmd", type = "list-single", label = "Actions", required = true, | 209 { name = "subcmd", type = "list-single", label = "Actions", required = false, |
| 210 value = { {label = "Add certificate", value = "add"}, | 210 options = { {label = "Add certificate", value = "add"}, |
| 211 {label = "List certificates", value = "list"}, | 211 {label = "List certificates", value = "list"}, |
| 212 {label = "Disable certificate", value = "disable"}, | 212 {label = "Disable certificate", value = "disable"}, |
| 213 {label = "Revoke certificate", value = "revoke"}, | 213 {label = "Revoke certificate", value = "revoke"}, |
| 214 }; | 214 }; |
| 215 }; | 215 }; |
| 290 end | 290 end |
| 291 | 291 |
| 292 local name = fields.name; | 292 local name = fields.name; |
| 293 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); | 293 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); |
| 294 | 294 |
| 295 local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert))); | 295 local cert = ssl.loadcertificate(x509cert); |
| 296 | 296 |
| 297 if not cert then | 297 if not cert then |
| 298 return { status = "completed", error = { message = "Could not parse X.509 certificate" } }; | 298 return { status = "completed", error = { message = "Could not parse X.509 certificate" } }; |
| 299 end | 299 end |
| 300 | 300 |
| 325 return { status = "completed", info = "Disabled certificate " .. info.name .. "." }; | 325 return { status = "completed", info = "Disabled certificate " .. info.name .. "." }; |
| 326 end | 326 end |
| 327 end | 327 end |
| 328 end | 328 end |
| 329 | 329 |
| 330 local cmd_desc = adhoc_new("Manage certificates", "http://prosody.im/protocol/certs", adhoc_handler, "user"); | 330 local cmd_desc = adhoc_new("Manage certificates", "http://prosody.im/protocol/certs", adhoc_handler, "any"); |
| 331 module:provides("adhoc", cmd_desc); | 331 module:provides("adhoc", cmd_desc); |
| 332 | 332 |
| 333 -- Here comes the SASL EXTERNAL stuff | 333 -- Here comes the SASL EXTERNAL stuff |
| 334 | 334 |
| 335 local now = os.time; | 335 local now = os.time; |
