673 local openssl; |
673 local openssl; |
674 local lfs; |
674 local lfs; |
675 |
675 |
676 local cert_commands = {}; |
676 local cert_commands = {}; |
677 |
677 |
678 local function ask_overwrite(filename) |
678 -- If a file already exists, ask if the user wants to use it or replace it |
679 return lfs.attributes(filename) and not show_yesno("Overwrite "..filename .. "?"); |
679 -- Backups the old file if replaced |
|
680 local function use_existing(filename) |
|
681 local attrs = lfs.attributes(filename); |
|
682 if attrs then |
|
683 if show_yesno(filename .. " exists, do you want to replace it? [y/n]") then |
|
684 local backup = filename..".bkp~"..os.date("%FT%T", attrs.change); |
|
685 os.rename(filename, backup); |
|
686 show_message(filename.." backed up to "..backup); |
|
687 else |
|
688 -- Use the existing file |
|
689 return true; |
|
690 end |
|
691 end |
680 end |
692 end |
681 |
693 |
682 function cert_commands.config(arg) |
694 function cert_commands.config(arg) |
683 if #arg >= 1 and arg[1] ~= "--help" then |
695 if #arg >= 1 and arg[1] ~= "--help" then |
684 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; |
696 local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; |
685 if ask_overwrite(conf_filename) then |
697 if use_existing(conf_filename) then |
686 return nil, conf_filename; |
698 return nil, conf_filename; |
687 end |
699 end |
688 local conf = openssl.config.new(); |
700 local conf = openssl.config.new(); |
689 conf:from_prosody(hosts, config, arg); |
701 conf:from_prosody(hosts, config, arg); |
690 show_message("Please provide details to include in the certificate config file."); |
702 show_message("Please provide details to include in the certificate config file."); |
728 end |
740 end |
729 |
741 |
730 function cert_commands.key(arg) |
742 function cert_commands.key(arg) |
731 if #arg >= 1 and arg[1] ~= "--help" then |
743 if #arg >= 1 and arg[1] ~= "--help" then |
732 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; |
744 local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; |
733 if ask_overwrite(key_filename) then |
745 if use_existing(key_filename) then |
734 return nil, key_filename; |
746 return nil, key_filename; |
735 end |
747 end |
736 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions |
748 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions |
737 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); |
749 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); |
738 local old_umask = pposix.umask("0377"); |
750 local old_umask = pposix.umask("0377"); |
750 end |
762 end |
751 |
763 |
752 function cert_commands.request(arg) |
764 function cert_commands.request(arg) |
753 if #arg >= 1 and arg[1] ~= "--help" then |
765 if #arg >= 1 and arg[1] ~= "--help" then |
754 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; |
766 local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; |
755 if ask_overwrite(req_filename) then |
767 if use_existing(req_filename) then |
756 return nil, req_filename; |
768 return nil, req_filename; |
757 end |
769 end |
758 local _, key_filename = cert_commands.key({arg[1]}); |
770 local _, key_filename = cert_commands.key({arg[1]}); |
759 local _, conf_filename = cert_commands.config(arg); |
771 local _, conf_filename = cert_commands.config(arg); |
760 if openssl.req{new=true, key=key_filename, utf8=true, sha256=true, config=conf_filename, out=req_filename} then |
772 if openssl.req{new=true, key=key_filename, utf8=true, sha256=true, config=conf_filename, out=req_filename} then |
768 end |
780 end |
769 |
781 |
770 function cert_commands.generate(arg) |
782 function cert_commands.generate(arg) |
771 if #arg >= 1 and arg[1] ~= "--help" then |
783 if #arg >= 1 and arg[1] ~= "--help" then |
772 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; |
784 local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; |
773 if ask_overwrite(cert_filename) then |
785 if use_existing(cert_filename) then |
774 return nil, cert_filename; |
786 return nil, cert_filename; |
775 end |
787 end |
776 local _, key_filename = cert_commands.key({arg[1]}); |
788 local _, key_filename = cert_commands.key({arg[1]}); |
777 local _, conf_filename = cert_commands.config(arg); |
789 local _, conf_filename = cert_commands.config(arg); |
778 local ret; |
790 local ret; |