Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s_auth_dane/mod_s2s_auth_dane.lua
changeset 1395 33f132c3f4b7
parent 1394 50f986deb3f7
child 1396 cf4e39334ef7
equal deleted inserted replaced
1394:50f986deb3f7 1395:33f132c3f4b7 
    20 local type = type;
 
    20 local type = type;
 
    21 local t_insert = table.insert;
 
    21 local t_insert = table.insert;
 
    22 local set = require"util.set";
 
    22 local set = require"util.set";
 
    23 local dns_lookup = require"net.adns".lookup;
 
    23 local dns_lookup = require"net.adns".lookup;
 
    24 local hashes = require"util.hashes";
 
    24 local hashes = require"util.hashes";
 
    25 local base64 = require"util.encodings".base64;
 
       
    26 local idna_to_ascii = require "util.encodings".idna.to_ascii;
 
    25 local idna_to_ascii = require "util.encodings".idna.to_ascii;
 
    27 local idna_to_unicode = require"util.encodings".idna.to_unicode;
 
    26 local idna_to_unicode = require"util.encodings".idna.to_unicode;
 
    28 local nameprep = require"util.encodings".stringprep.nameprep;
 
    27 local nameprep = require"util.encodings".stringprep.nameprep;
 
    29 local cert_verify_identity = require "util.x509".verify_identity;
 
    28 local cert_verify_identity = require "util.x509".verify_identity;
 
       
    29 local pem2der = require"util.x509".pem2der;
 
    30 
    30 
    31 if not dns_lookup.types or not dns_lookup.types.TLSA then
 
    31 if not dns_lookup.types or not dns_lookup.types.TLSA then
 
    32 	module:log("error", "No TLSA support available, DANE will not be supported");
 
    32 	module:log("error", "No TLSA support available, DANE will not be supported");
 
    33 	return
 
    33 	return
 
    34 end
 
    34 end
 
    35 
    35 
    36 local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n"..
 
       
    37 "([0-9A-Za-z=+/\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-";
 
       
    38 local function pem2der(pem)
 
       
    39 	local typ, data = pem:match(pat);
 
       
    40 	if typ and data then
 
       
    41 		return base64.decode(data), typ;
 
       
    42 	end
 
       
    43 end
 
       
    44 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 }
 
    36 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 }
 
    45 
    37 
    46 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" };
 
    38 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" };
 
    47 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE" });
 
    39 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE" });
 
    48 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end;
 
    40 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end;
prosody-modules