author | Matthew Wild <mwild1@gmail.com> |
Thu, 06 Oct 2022 11:12:57 +0100 | |
changeset 12745 | 7b3deafb9162 |
parent 8385 | e5d00bf4a4d5 |
child 12788 | 3b9de8dd71a3 |
permissions | -rw-r--r-- |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
local type, tostring, pairs, ipairs = type, tostring, pairs, ipairs; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
local t_insert, t_concat = table.insert, table.concat; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
local s_format = string.format; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
local oid_xmppaddr = "1.3.6.1.5.5.7.8.5"; -- [XMPP-CORE] |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 |
local oid_dnssrv = "1.3.6.1.5.5.7.8.7"; -- [SRV-ID] |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
local idna_to_ascii = require "util.encodings".idna.to_ascii; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
local _M = {}; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
local config = {}; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
_M.config = config; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
local ssl_config = {}; |
7026
c2ccbfe30113
util.openssl: Fix style / whitespace
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
15 |
local ssl_config_mt = { __index = ssl_config }; |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 |
function config.new() |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
return setmetatable({ |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 |
req = { |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 |
distinguished_name = "distinguished_name", |
6905
d2d7ad2563f9
util.openssl: Separate extension sections into one for self-signed certs and one for requests
Kim Alvefur <zash@zash.se>
parents:
5544
diff
changeset
|
21 |
req_extensions = "certrequest", |
d2d7ad2563f9
util.openssl: Separate extension sections into one for self-signed certs and one for requests
Kim Alvefur <zash@zash.se>
parents:
5544
diff
changeset
|
22 |
x509_extensions = "selfsigned", |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
prompt = "no", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
}, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
distinguished_name = { |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
countryName = "GB", |
5544
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
27 |
-- stateOrProvinceName = "", |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
localityName = "The Internet", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
organizationName = "Your Organisation", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
organizationalUnitName = "XMPP Department", |
5544
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
31 |
commonName = "example.com", |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
emailAddress = "xmpp@example.com", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
}, |
6905
d2d7ad2563f9
util.openssl: Separate extension sections into one for self-signed certs and one for requests
Kim Alvefur <zash@zash.se>
parents:
5544
diff
changeset
|
34 |
certrequest = { |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
basicConstraints = "CA:FALSE", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
keyUsage = "digitalSignature,keyEncipherment", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 |
extendedKeyUsage = "serverAuth,clientAuth", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
subjectAltName = "@subject_alternative_name", |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
}, |
6905
d2d7ad2563f9
util.openssl: Separate extension sections into one for self-signed certs and one for requests
Kim Alvefur <zash@zash.se>
parents:
5544
diff
changeset
|
40 |
selfsigned = { |
d2d7ad2563f9
util.openssl: Separate extension sections into one for self-signed certs and one for requests
Kim Alvefur <zash@zash.se>
parents:
5544
diff
changeset
|
41 |
basicConstraints = "CA:TRUE", |
d2d7ad2563f9
util.openssl: Separate extension sections into one for self-signed certs and one for requests
Kim Alvefur <zash@zash.se>
parents:
5544
diff
changeset
|
42 |
subjectAltName = "@subject_alternative_name", |
d2d7ad2563f9
util.openssl: Separate extension sections into one for self-signed certs and one for requests
Kim Alvefur <zash@zash.se>
parents:
5544
diff
changeset
|
43 |
}, |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
subject_alternative_name = { |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
DNS = {}, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
otherName = {}, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 |
}, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
}, ssl_config_mt); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
|
5544
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
51 |
local DN_order = { |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
52 |
"countryName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
53 |
"stateOrProvinceName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
54 |
"localityName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
55 |
"streetAddress"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
56 |
"organizationName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
57 |
"organizationalUnitName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
58 |
"commonName"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
59 |
"emailAddress"; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
60 |
} |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
61 |
_M._DN_order = DN_order; |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
62 |
function ssl_config:serialize() |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
63 |
local s = ""; |
7532
bdaff978c790
util.openssl: rename variable to not collide with other 'k's [luacheck]
Anton Shestakov <av6@dwimlabs.net>
parents:
7485
diff
changeset
|
64 |
for section, t in pairs(self) do |
bdaff978c790
util.openssl: rename variable to not collide with other 'k's [luacheck]
Anton Shestakov <av6@dwimlabs.net>
parents:
7485
diff
changeset
|
65 |
s = s .. ("[%s]\n"):format(section); |
bdaff978c790
util.openssl: rename variable to not collide with other 'k's [luacheck]
Anton Shestakov <av6@dwimlabs.net>
parents:
7485
diff
changeset
|
66 |
if section == "subject_alternative_name" then |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
67 |
for san, n in pairs(t) do |
7026
c2ccbfe30113
util.openssl: Fix style / whitespace
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
68 |
for i = 1, #n do |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
69 |
s = s .. s_format("%s.%d = %s\n", san, i -1, n[i]); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
70 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
71 |
end |
7532
bdaff978c790
util.openssl: rename variable to not collide with other 'k's [luacheck]
Anton Shestakov <av6@dwimlabs.net>
parents:
7485
diff
changeset
|
72 |
elseif section == "distinguished_name" then |
7485
88a92ba697bf
util.openssl: remove unused one-letter loop variable [luacheck]
Anton Shestakov <av6@dwimlabs.net>
parents:
7461
diff
changeset
|
73 |
for _, k in ipairs(t[1] and t or DN_order) do |
5544
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
74 |
local v = t[k]; |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
75 |
if v then |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
76 |
s = s .. ("%s = %s\n"):format(k, v); |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
77 |
end |
d911d9fb3929
util.openssl: Write the distinguished_name part of the config in a consistent order
Kim Alvefur <zash@zash.se>
parents:
5379
diff
changeset
|
78 |
end |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
79 |
else |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
80 |
for k, v in pairs(t) do |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
81 |
s = s .. ("%s = %s\n"):format(k, v); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
82 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
83 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
84 |
s = s .. "\n"; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
85 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
86 |
return s; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
87 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
88 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
89 |
local function utf8string(s) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 |
-- This is how we tell openssl not to encode UTF-8 strings as fake Latin1 |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
91 |
return s_format("FORMAT:UTF8,UTF8:%s", s); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
92 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
93 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
94 |
local function ia5string(s) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
95 |
return s_format("IA5STRING:%s", s); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
96 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
97 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
98 |
_M.util = { |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
99 |
utf8string = utf8string, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
100 |
ia5string = ia5string, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
101 |
}; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
102 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
103 |
function ssl_config:add_dNSName(host) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
104 |
t_insert(self.subject_alternative_name.DNS, idna_to_ascii(host)); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
105 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
106 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
107 |
function ssl_config:add_sRVName(host, service) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
108 |
t_insert(self.subject_alternative_name.otherName, |
7026
c2ccbfe30113
util.openssl: Fix style / whitespace
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
109 |
s_format("%s;%s", oid_dnssrv, ia5string("_" .. service .. "." .. idna_to_ascii(host)))); |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
110 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
111 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
112 |
function ssl_config:add_xmppAddr(host) |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
113 |
t_insert(self.subject_alternative_name.otherName, |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
114 |
s_format("%s;%s", oid_xmppaddr, utf8string(host))); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
115 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
116 |
|
8385
e5d00bf4a4d5
util: Various minor changes to please [luacheck]
Kim Alvefur <zash@zash.se>
parents:
7532
diff
changeset
|
117 |
function ssl_config:from_prosody(hosts, config, certhosts) -- luacheck: ignore 431/config |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
118 |
-- TODO Decide if this should go elsewhere |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
119 |
local found_matching_hosts = false; |
7026
c2ccbfe30113
util.openssl: Fix style / whitespace
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
120 |
for i = 1, #certhosts do |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
121 |
local certhost = certhosts[i]; |
5290
befb1923527d
util.openssl: Cleanup; remove some unused variables.
Kim Alvefur <zash@zash.se>
parents:
4823
diff
changeset
|
122 |
for name in pairs(hosts) do |
7026
c2ccbfe30113
util.openssl: Fix style / whitespace
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
123 |
if name == certhost or name:sub(-1-#certhost) == "." .. certhost then |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
124 |
found_matching_hosts = true; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
125 |
self:add_dNSName(name); |
5379
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
126 |
--print(name .. "#component_module: " .. (config.get(name, "component_module") or "nil")); |
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
127 |
if config.get(name, "component_module") == nil then |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
128 |
self:add_sRVName(name, "xmpp-client"); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
129 |
end |
5379
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
130 |
--print(name .. "#anonymous_login: " .. tostring(config.get(name, "anonymous_login"))); |
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
131 |
if not (config.get(name, "anonymous_login") or |
27de7cc94111
util.{prosodyctl,openssl}: More use of config sections removed
Kim Alvefur <zash@zash.se>
parents:
5290
diff
changeset
|
132 |
config.get(name, "authentication") == "anonymous") then |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
133 |
self:add_sRVName(name, "xmpp-server"); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
134 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
135 |
self:add_xmppAddr(name); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
136 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
137 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
138 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
139 |
if not found_matching_hosts then |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
140 |
return nil, "no-matching-hosts"; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
141 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
142 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
143 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
144 |
do -- Lua to shell calls. |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
145 |
local function shell_escape(s) |
7024
f436446661ca
util.openssl: Move quoting and tostring call into escape function
Kim Alvefur <zash@zash.se>
parents:
6905
diff
changeset
|
146 |
return "'" .. tostring(s):gsub("'",[['\'']]) .. "'"; |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
147 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
148 |
|
7025
3252c107c91a
util.openssl: Rename variables for readability
Kim Alvefur <zash@zash.se>
parents:
7024
diff
changeset
|
149 |
local function serialize(command, args) |
3252c107c91a
util.openssl: Rename variables for readability
Kim Alvefur <zash@zash.se>
parents:
7024
diff
changeset
|
150 |
local commandline = { "openssl", command }; |
3252c107c91a
util.openssl: Rename variables for readability
Kim Alvefur <zash@zash.se>
parents:
7024
diff
changeset
|
151 |
for k, v in pairs(args) do |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
152 |
if type(k) == "string" then |
7025
3252c107c91a
util.openssl: Rename variables for readability
Kim Alvefur <zash@zash.se>
parents:
7024
diff
changeset
|
153 |
t_insert(commandline, ("-%s"):format(k)); |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
154 |
if v ~= true then |
7025
3252c107c91a
util.openssl: Rename variables for readability
Kim Alvefur <zash@zash.se>
parents:
7024
diff
changeset
|
155 |
t_insert(commandline, shell_escape(v)); |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
156 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
157 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
158 |
end |
7025
3252c107c91a
util.openssl: Rename variables for readability
Kim Alvefur <zash@zash.se>
parents:
7024
diff
changeset
|
159 |
for _, v in ipairs(args) do |
3252c107c91a
util.openssl: Rename variables for readability
Kim Alvefur <zash@zash.se>
parents:
7024
diff
changeset
|
160 |
t_insert(commandline, shell_escape(v)); |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
161 |
end |
7025
3252c107c91a
util.openssl: Rename variables for readability
Kim Alvefur <zash@zash.se>
parents:
7024
diff
changeset
|
162 |
return t_concat(commandline, " "); |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
163 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
164 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
165 |
local os_execute = os.execute; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
166 |
setmetatable(_M, { |
7026
c2ccbfe30113
util.openssl: Fix style / whitespace
Kim Alvefur <zash@zash.se>
parents:
7025
diff
changeset
|
167 |
__index = function(_, command) |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
168 |
return function(opts) |
7461
82710f8c1fe6
util.openssl: Handle return value from os.execute being true in Lua 5.2
Kim Alvefur <zash@zash.se>
parents:
7195
diff
changeset
|
169 |
local ret = os_execute(serialize(command, type(opts) == "table" and opts or {})); |
82710f8c1fe6
util.openssl: Handle return value from os.execute being true in Lua 5.2
Kim Alvefur <zash@zash.se>
parents:
7195
diff
changeset
|
170 |
return ret == true or ret == 0; |
4823
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
171 |
end; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
172 |
end; |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
173 |
}); |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
174 |
end |
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
175 |
|
a61e78b4a2b3
util.openssl: Add wrapper for the openssl cli tool and move certificate config logic from util.x509 into it.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
176 |
return _M; |