From 09c3496ff14102ff8de7621bd1cdca8e4640cfb3 Mon Sep 17 00:00:00 2001 From: Konstantinos Kallas Date: Mon, 17 Jul 2017 10:48:57 +0300 Subject: [PATCH] Remove httpdir from some function arguments as we now use the built in ejabberd http server for authorizations --- src/acme_challenge.erl | 2 +- src/ejabberd_acme.erl | 36 ++++++++++++++++++------------------ src/ejabberd_admin.erl | 11 +++++------ 3 files changed, 24 insertions(+), 25 deletions(-) diff --git a/src/acme_challenge.erl b/src/acme_challenge.erl index 2638e0ddf..081e10429 100644 --- a/src/acme_challenge.erl +++ b/src/acme_challenge.erl @@ -78,7 +78,7 @@ solve_challenge(ChallengeType, Challenges, Options) -> -spec solve_challenge1(acme_challenge(), {jose_jwk:key(), string()}) -> {ok, url(), bitstring()} | {error, _}. -solve_challenge1(Chal = #challenge{type = <<"http-01">>, token=Tkn}, {Key, HttpDir}) -> +solve_challenge1(Chal = #challenge{type = <<"http-01">>, token=Tkn}, Key) -> KeyAuthz = key_authorization(Tkn, Key), %% save_key_authorization(Chal, Tkn, KeyAuthz, HttpDir); ets_put_key_authorization(Tkn, KeyAuthz), diff --git a/src/ejabberd_acme.erl b/src/ejabberd_acme.erl index 527cef13f..43d9eae29 100644 --- a/src/ejabberd_acme.erl +++ b/src/ejabberd_acme.erl @@ -1,7 +1,7 @@ -module (ejabberd_acme). -export([%% Ejabberdctl Commands - get_certificates/3, + get_certificates/2, %% Command Options Validity is_valid_account_opt/1, %% Misc @@ -45,13 +45,13 @@ is_valid_account_opt(_) -> false. %% %% Needs a hell lot of cleaning --spec get_certificates(url(), string(), account_opt()) -> +-spec get_certificates(url(), account_opt()) -> [{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] | {'error', _}. -get_certificates(CAUrl, HttpDir, NewAccountOpt) -> +get_certificates(CAUrl, NewAccountOpt) -> try ?INFO_MSG("Persistent: ~p~n", [file:read_file_info(persistent_file())]), - get_certificates0(CAUrl, HttpDir, NewAccountOpt) + get_certificates0(CAUrl, NewAccountOpt) catch throw:Throw -> Throw; @@ -60,30 +60,30 @@ get_certificates(CAUrl, HttpDir, NewAccountOpt) -> {error, get_certificates} end. --spec get_certificates0(url(), string(), account_opt()) -> +-spec get_certificates0(url(), account_opt()) -> [{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] | no_return(). -get_certificates0(CAUrl, HttpDir, "old-account") -> +get_certificates0(CAUrl, "old-account") -> %% Get the current account {ok, _AccId, PrivateKey} = ensure_account_exists(), - get_certificates1(CAUrl, HttpDir, PrivateKey); + get_certificates1(CAUrl, PrivateKey); -get_certificates0(CAUrl, HttpDir, "new-account") -> +get_certificates0(CAUrl, "new-account") -> %% Create a new account and save it to disk {ok, _Id, PrivateKey} = create_save_new_account(CAUrl), - get_certificates1(CAUrl, HttpDir, PrivateKey). + get_certificates1(CAUrl, PrivateKey). --spec get_certificates1(url(), string(), jose_jwk:key()) -> +-spec get_certificates1(url(), jose_jwk:key()) -> [{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] | no_return(). -get_certificates1(CAUrl, HttpDir, PrivateKey) -> +get_certificates1(CAUrl, PrivateKey) -> %% Read Config {ok, Hosts} = get_config_hosts(), %% Get a certificate for each host - PemCertKeys = [get_certificate(CAUrl, Host, PrivateKey, HttpDir) || Host <- Hosts], + PemCertKeys = [get_certificate(CAUrl, Host, PrivateKey) || Host <- Hosts], %% Save Certificates SavedCerts = [save_certificate(Cert) || Cert <- PemCertKeys], @@ -92,13 +92,13 @@ get_certificates1(CAUrl, HttpDir, PrivateKey) -> %% Result SavedCerts. --spec get_certificate(url(), bitstring(), jose_jwk:key(), string()) -> +-spec get_certificate(url(), bitstring(), jose_jwk:key()) -> {'ok', bitstring(), pem_certificate()} | {'error', bitstring(), _}. -get_certificate(CAUrl, DomainName, PrivateKey, HttpDir) -> +get_certificate(CAUrl, DomainName, PrivateKey) -> ?INFO_MSG("Getting a Certificate for domain: ~p~n", [DomainName]), try - {ok, _Authz} = create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir), + {ok, _Authz} = create_new_authorization(CAUrl, DomainName, PrivateKey), create_new_certificate(CAUrl, DomainName, PrivateKey) catch throw:Throw -> @@ -147,9 +147,9 @@ create_new_account(CAUrl, Contact, PrivateKey) -> throw({error,create_new_account}) end. --spec create_new_authorization(url(), bitstring(), jose_jwk:key(), bitstring()) -> +-spec create_new_authorization(url(), bitstring(), jose_jwk:key()) -> {'ok', proplist()} | no_return(). -create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir) -> +create_new_authorization(CAUrl, DomainName, PrivateKey) -> try {ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl), Req0 = [{<<"identifier">>, @@ -162,7 +162,7 @@ create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir) -> Challenges = get_challenges(Authz), {ok, ChallengeUrl, KeyAuthz} = - acme_challenge:solve_challenge(<<"http-01">>, Challenges, {PrivateKey, HttpDir}), + acme_challenge:solve_challenge(<<"http-01">>, Challenges, PrivateKey), {ok, ChallengeId} = location_to_id(ChallengeUrl), Req3 = [{<<"type">>, <<"http-01">>},{<<"keyAuthorization">>, KeyAuthz}], {ok, _SolvedChallenge, _Nonce2} = ejabberd_acme_comm:complete_challenge( diff --git a/src/ejabberd_admin.erl b/src/ejabberd_admin.erl index 9b8be03ee..2d255f1e1 100644 --- a/src/ejabberd_admin.erl +++ b/src/ejabberd_admin.erl @@ -45,7 +45,7 @@ %% Migration jabberd1.4 import_file/1, import_dir/1, %% Acme - get_certificate/2, + get_certificate/1, %% Purge DB delete_expired_messages/0, delete_old_messages/1, %% Mnesia @@ -248,9 +248,8 @@ get_commands_spec() -> #ejabberd_commands{name = get_certificate, tags = [acme], desc = "Gets a certificate for the specified domain", module = ?MODULE, function = get_certificate, - args_desc = ["Full path to the http serving directory", - "Whether to create a new account or use the existing one"], - args = [{dir, string}, {option, string}], + args_desc = ["Whether to create a new account or use the existing one"], + args = [{option, string}], result = {certificate, string}}, #ejabberd_commands{name = import_piefxis, tags = [mnesia], @@ -556,10 +555,10 @@ import_dir(Path) -> %%% Acme %%% -get_certificate(HttpDir, UseNewAccount) -> +get_certificate(UseNewAccount) -> case ejabberd_acme:is_valid_account_opt(UseNewAccount) of true -> - ejabberd_acme:get_certificates("http://localhost:4000", HttpDir, UseNewAccount); + ejabberd_acme:get_certificates("http://localhost:4000", UseNewAccount); false -> String = io_lib:format("Invalid account option: ~p", [UseNewAccount]), {invalid_option, String}