25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00

Remove httpdir from some function arguments as we now use the built in ejabberd http server for authorizations

This commit is contained in:
Konstantinos Kallas 2017-07-17 10:48:57 +03:00
parent fa3108e6e2
commit 09c3496ff1
3 changed files with 24 additions and 25 deletions

View File

@ -78,7 +78,7 @@ solve_challenge(ChallengeType, Challenges, Options) ->
-spec solve_challenge1(acme_challenge(), {jose_jwk:key(), string()}) -> -spec solve_challenge1(acme_challenge(), {jose_jwk:key(), string()}) ->
{ok, url(), bitstring()} | {error, _}. {ok, url(), bitstring()} | {error, _}.
solve_challenge1(Chal = #challenge{type = <<"http-01">>, token=Tkn}, {Key, HttpDir}) -> solve_challenge1(Chal = #challenge{type = <<"http-01">>, token=Tkn}, Key) ->
KeyAuthz = key_authorization(Tkn, Key), KeyAuthz = key_authorization(Tkn, Key),
%% save_key_authorization(Chal, Tkn, KeyAuthz, HttpDir); %% save_key_authorization(Chal, Tkn, KeyAuthz, HttpDir);
ets_put_key_authorization(Tkn, KeyAuthz), ets_put_key_authorization(Tkn, KeyAuthz),

View File

@ -1,7 +1,7 @@
-module (ejabberd_acme). -module (ejabberd_acme).
-export([%% Ejabberdctl Commands -export([%% Ejabberdctl Commands
get_certificates/3, get_certificates/2,
%% Command Options Validity %% Command Options Validity
is_valid_account_opt/1, is_valid_account_opt/1,
%% Misc %% Misc
@ -45,13 +45,13 @@ is_valid_account_opt(_) -> false.
%% %%
%% Needs a hell lot of cleaning %% Needs a hell lot of cleaning
-spec get_certificates(url(), string(), account_opt()) -> -spec get_certificates(url(), account_opt()) ->
[{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] | [{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] |
{'error', _}. {'error', _}.
get_certificates(CAUrl, HttpDir, NewAccountOpt) -> get_certificates(CAUrl, NewAccountOpt) ->
try try
?INFO_MSG("Persistent: ~p~n", [file:read_file_info(persistent_file())]), ?INFO_MSG("Persistent: ~p~n", [file:read_file_info(persistent_file())]),
get_certificates0(CAUrl, HttpDir, NewAccountOpt) get_certificates0(CAUrl, NewAccountOpt)
catch catch
throw:Throw -> throw:Throw ->
Throw; Throw;
@ -60,30 +60,30 @@ get_certificates(CAUrl, HttpDir, NewAccountOpt) ->
{error, get_certificates} {error, get_certificates}
end. end.
-spec get_certificates0(url(), string(), account_opt()) -> -spec get_certificates0(url(), account_opt()) ->
[{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] | [{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] |
no_return(). no_return().
get_certificates0(CAUrl, HttpDir, "old-account") -> get_certificates0(CAUrl, "old-account") ->
%% Get the current account %% Get the current account
{ok, _AccId, PrivateKey} = ensure_account_exists(), {ok, _AccId, PrivateKey} = ensure_account_exists(),
get_certificates1(CAUrl, HttpDir, PrivateKey); get_certificates1(CAUrl, PrivateKey);
get_certificates0(CAUrl, HttpDir, "new-account") -> get_certificates0(CAUrl, "new-account") ->
%% Create a new account and save it to disk %% Create a new account and save it to disk
{ok, _Id, PrivateKey} = create_save_new_account(CAUrl), {ok, _Id, PrivateKey} = create_save_new_account(CAUrl),
get_certificates1(CAUrl, HttpDir, PrivateKey). get_certificates1(CAUrl, PrivateKey).
-spec get_certificates1(url(), string(), jose_jwk:key()) -> -spec get_certificates1(url(), jose_jwk:key()) ->
[{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] | [{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] |
no_return(). no_return().
get_certificates1(CAUrl, HttpDir, PrivateKey) -> get_certificates1(CAUrl, PrivateKey) ->
%% Read Config %% Read Config
{ok, Hosts} = get_config_hosts(), {ok, Hosts} = get_config_hosts(),
%% Get a certificate for each host %% Get a certificate for each host
PemCertKeys = [get_certificate(CAUrl, Host, PrivateKey, HttpDir) || Host <- Hosts], PemCertKeys = [get_certificate(CAUrl, Host, PrivateKey) || Host <- Hosts],
%% Save Certificates %% Save Certificates
SavedCerts = [save_certificate(Cert) || Cert <- PemCertKeys], SavedCerts = [save_certificate(Cert) || Cert <- PemCertKeys],
@ -92,13 +92,13 @@ get_certificates1(CAUrl, HttpDir, PrivateKey) ->
%% Result %% Result
SavedCerts. SavedCerts.
-spec get_certificate(url(), bitstring(), jose_jwk:key(), string()) -> -spec get_certificate(url(), bitstring(), jose_jwk:key()) ->
{'ok', bitstring(), pem_certificate()} | {'ok', bitstring(), pem_certificate()} |
{'error', bitstring(), _}. {'error', bitstring(), _}.
get_certificate(CAUrl, DomainName, PrivateKey, HttpDir) -> get_certificate(CAUrl, DomainName, PrivateKey) ->
?INFO_MSG("Getting a Certificate for domain: ~p~n", [DomainName]), ?INFO_MSG("Getting a Certificate for domain: ~p~n", [DomainName]),
try try
{ok, _Authz} = create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir), {ok, _Authz} = create_new_authorization(CAUrl, DomainName, PrivateKey),
create_new_certificate(CAUrl, DomainName, PrivateKey) create_new_certificate(CAUrl, DomainName, PrivateKey)
catch catch
throw:Throw -> throw:Throw ->
@ -147,9 +147,9 @@ create_new_account(CAUrl, Contact, PrivateKey) ->
throw({error,create_new_account}) throw({error,create_new_account})
end. end.
-spec create_new_authorization(url(), bitstring(), jose_jwk:key(), bitstring()) -> -spec create_new_authorization(url(), bitstring(), jose_jwk:key()) ->
{'ok', proplist()} | no_return(). {'ok', proplist()} | no_return().
create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir) -> create_new_authorization(CAUrl, DomainName, PrivateKey) ->
try try
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl), {ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl),
Req0 = [{<<"identifier">>, Req0 = [{<<"identifier">>,
@ -162,7 +162,7 @@ create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir) ->
Challenges = get_challenges(Authz), Challenges = get_challenges(Authz),
{ok, ChallengeUrl, KeyAuthz} = {ok, ChallengeUrl, KeyAuthz} =
acme_challenge:solve_challenge(<<"http-01">>, Challenges, {PrivateKey, HttpDir}), acme_challenge:solve_challenge(<<"http-01">>, Challenges, PrivateKey),
{ok, ChallengeId} = location_to_id(ChallengeUrl), {ok, ChallengeId} = location_to_id(ChallengeUrl),
Req3 = [{<<"type">>, <<"http-01">>},{<<"keyAuthorization">>, KeyAuthz}], Req3 = [{<<"type">>, <<"http-01">>},{<<"keyAuthorization">>, KeyAuthz}],
{ok, _SolvedChallenge, _Nonce2} = ejabberd_acme_comm:complete_challenge( {ok, _SolvedChallenge, _Nonce2} = ejabberd_acme_comm:complete_challenge(

View File

@ -45,7 +45,7 @@
%% Migration jabberd1.4 %% Migration jabberd1.4
import_file/1, import_dir/1, import_file/1, import_dir/1,
%% Acme %% Acme
get_certificate/2, get_certificate/1,
%% Purge DB %% Purge DB
delete_expired_messages/0, delete_old_messages/1, delete_expired_messages/0, delete_old_messages/1,
%% Mnesia %% Mnesia
@ -248,9 +248,8 @@ get_commands_spec() ->
#ejabberd_commands{name = get_certificate, tags = [acme], #ejabberd_commands{name = get_certificate, tags = [acme],
desc = "Gets a certificate for the specified domain", desc = "Gets a certificate for the specified domain",
module = ?MODULE, function = get_certificate, module = ?MODULE, function = get_certificate,
args_desc = ["Full path to the http serving directory", args_desc = ["Whether to create a new account or use the existing one"],
"Whether to create a new account or use the existing one"], args = [{option, string}],
args = [{dir, string}, {option, string}],
result = {certificate, string}}, result = {certificate, string}},
#ejabberd_commands{name = import_piefxis, tags = [mnesia], #ejabberd_commands{name = import_piefxis, tags = [mnesia],
@ -556,10 +555,10 @@ import_dir(Path) ->
%%% Acme %%% Acme
%%% %%%
get_certificate(HttpDir, UseNewAccount) -> get_certificate(UseNewAccount) ->
case ejabberd_acme:is_valid_account_opt(UseNewAccount) of case ejabberd_acme:is_valid_account_opt(UseNewAccount) of
true -> true ->
ejabberd_acme:get_certificates("http://localhost:4000", HttpDir, UseNewAccount); ejabberd_acme:get_certificates("http://localhost:4000", UseNewAccount);
false -> false ->
String = io_lib:format("Invalid account option: ~p", [UseNewAccount]), String = io_lib:format("Invalid account option: ~p", [UseNewAccount]),
{invalid_option, String} {invalid_option, String}