mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-22 17:28:25 +01:00
Remove httpdir from some function arguments as we now use the built in ejabberd http server for authorizations
This commit is contained in:
parent
fa3108e6e2
commit
09c3496ff1
@ -78,7 +78,7 @@ solve_challenge(ChallengeType, Challenges, Options) ->
|
|||||||
|
|
||||||
-spec solve_challenge1(acme_challenge(), {jose_jwk:key(), string()}) ->
|
-spec solve_challenge1(acme_challenge(), {jose_jwk:key(), string()}) ->
|
||||||
{ok, url(), bitstring()} | {error, _}.
|
{ok, url(), bitstring()} | {error, _}.
|
||||||
solve_challenge1(Chal = #challenge{type = <<"http-01">>, token=Tkn}, {Key, HttpDir}) ->
|
solve_challenge1(Chal = #challenge{type = <<"http-01">>, token=Tkn}, Key) ->
|
||||||
KeyAuthz = key_authorization(Tkn, Key),
|
KeyAuthz = key_authorization(Tkn, Key),
|
||||||
%% save_key_authorization(Chal, Tkn, KeyAuthz, HttpDir);
|
%% save_key_authorization(Chal, Tkn, KeyAuthz, HttpDir);
|
||||||
ets_put_key_authorization(Tkn, KeyAuthz),
|
ets_put_key_authorization(Tkn, KeyAuthz),
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
-module (ejabberd_acme).
|
-module (ejabberd_acme).
|
||||||
|
|
||||||
-export([%% Ejabberdctl Commands
|
-export([%% Ejabberdctl Commands
|
||||||
get_certificates/3,
|
get_certificates/2,
|
||||||
%% Command Options Validity
|
%% Command Options Validity
|
||||||
is_valid_account_opt/1,
|
is_valid_account_opt/1,
|
||||||
%% Misc
|
%% Misc
|
||||||
@ -45,13 +45,13 @@ is_valid_account_opt(_) -> false.
|
|||||||
%%
|
%%
|
||||||
|
|
||||||
%% Needs a hell lot of cleaning
|
%% Needs a hell lot of cleaning
|
||||||
-spec get_certificates(url(), string(), account_opt()) ->
|
-spec get_certificates(url(), account_opt()) ->
|
||||||
[{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] |
|
[{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] |
|
||||||
{'error', _}.
|
{'error', _}.
|
||||||
get_certificates(CAUrl, HttpDir, NewAccountOpt) ->
|
get_certificates(CAUrl, NewAccountOpt) ->
|
||||||
try
|
try
|
||||||
?INFO_MSG("Persistent: ~p~n", [file:read_file_info(persistent_file())]),
|
?INFO_MSG("Persistent: ~p~n", [file:read_file_info(persistent_file())]),
|
||||||
get_certificates0(CAUrl, HttpDir, NewAccountOpt)
|
get_certificates0(CAUrl, NewAccountOpt)
|
||||||
catch
|
catch
|
||||||
throw:Throw ->
|
throw:Throw ->
|
||||||
Throw;
|
Throw;
|
||||||
@ -60,30 +60,30 @@ get_certificates(CAUrl, HttpDir, NewAccountOpt) ->
|
|||||||
{error, get_certificates}
|
{error, get_certificates}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
-spec get_certificates0(url(), string(), account_opt()) ->
|
-spec get_certificates0(url(), account_opt()) ->
|
||||||
[{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] |
|
[{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] |
|
||||||
no_return().
|
no_return().
|
||||||
get_certificates0(CAUrl, HttpDir, "old-account") ->
|
get_certificates0(CAUrl, "old-account") ->
|
||||||
%% Get the current account
|
%% Get the current account
|
||||||
{ok, _AccId, PrivateKey} = ensure_account_exists(),
|
{ok, _AccId, PrivateKey} = ensure_account_exists(),
|
||||||
|
|
||||||
get_certificates1(CAUrl, HttpDir, PrivateKey);
|
get_certificates1(CAUrl, PrivateKey);
|
||||||
|
|
||||||
get_certificates0(CAUrl, HttpDir, "new-account") ->
|
get_certificates0(CAUrl, "new-account") ->
|
||||||
%% Create a new account and save it to disk
|
%% Create a new account and save it to disk
|
||||||
{ok, _Id, PrivateKey} = create_save_new_account(CAUrl),
|
{ok, _Id, PrivateKey} = create_save_new_account(CAUrl),
|
||||||
|
|
||||||
get_certificates1(CAUrl, HttpDir, PrivateKey).
|
get_certificates1(CAUrl, PrivateKey).
|
||||||
|
|
||||||
-spec get_certificates1(url(), string(), jose_jwk:key()) ->
|
-spec get_certificates1(url(), jose_jwk:key()) ->
|
||||||
[{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] |
|
[{'ok', bitstring(), 'saved'} | {'error', bitstring(), _}] |
|
||||||
no_return().
|
no_return().
|
||||||
get_certificates1(CAUrl, HttpDir, PrivateKey) ->
|
get_certificates1(CAUrl, PrivateKey) ->
|
||||||
%% Read Config
|
%% Read Config
|
||||||
{ok, Hosts} = get_config_hosts(),
|
{ok, Hosts} = get_config_hosts(),
|
||||||
|
|
||||||
%% Get a certificate for each host
|
%% Get a certificate for each host
|
||||||
PemCertKeys = [get_certificate(CAUrl, Host, PrivateKey, HttpDir) || Host <- Hosts],
|
PemCertKeys = [get_certificate(CAUrl, Host, PrivateKey) || Host <- Hosts],
|
||||||
|
|
||||||
%% Save Certificates
|
%% Save Certificates
|
||||||
SavedCerts = [save_certificate(Cert) || Cert <- PemCertKeys],
|
SavedCerts = [save_certificate(Cert) || Cert <- PemCertKeys],
|
||||||
@ -92,13 +92,13 @@ get_certificates1(CAUrl, HttpDir, PrivateKey) ->
|
|||||||
%% Result
|
%% Result
|
||||||
SavedCerts.
|
SavedCerts.
|
||||||
|
|
||||||
-spec get_certificate(url(), bitstring(), jose_jwk:key(), string()) ->
|
-spec get_certificate(url(), bitstring(), jose_jwk:key()) ->
|
||||||
{'ok', bitstring(), pem_certificate()} |
|
{'ok', bitstring(), pem_certificate()} |
|
||||||
{'error', bitstring(), _}.
|
{'error', bitstring(), _}.
|
||||||
get_certificate(CAUrl, DomainName, PrivateKey, HttpDir) ->
|
get_certificate(CAUrl, DomainName, PrivateKey) ->
|
||||||
?INFO_MSG("Getting a Certificate for domain: ~p~n", [DomainName]),
|
?INFO_MSG("Getting a Certificate for domain: ~p~n", [DomainName]),
|
||||||
try
|
try
|
||||||
{ok, _Authz} = create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir),
|
{ok, _Authz} = create_new_authorization(CAUrl, DomainName, PrivateKey),
|
||||||
create_new_certificate(CAUrl, DomainName, PrivateKey)
|
create_new_certificate(CAUrl, DomainName, PrivateKey)
|
||||||
catch
|
catch
|
||||||
throw:Throw ->
|
throw:Throw ->
|
||||||
@ -147,9 +147,9 @@ create_new_account(CAUrl, Contact, PrivateKey) ->
|
|||||||
throw({error,create_new_account})
|
throw({error,create_new_account})
|
||||||
end.
|
end.
|
||||||
|
|
||||||
-spec create_new_authorization(url(), bitstring(), jose_jwk:key(), bitstring()) ->
|
-spec create_new_authorization(url(), bitstring(), jose_jwk:key()) ->
|
||||||
{'ok', proplist()} | no_return().
|
{'ok', proplist()} | no_return().
|
||||||
create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir) ->
|
create_new_authorization(CAUrl, DomainName, PrivateKey) ->
|
||||||
try
|
try
|
||||||
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl),
|
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl),
|
||||||
Req0 = [{<<"identifier">>,
|
Req0 = [{<<"identifier">>,
|
||||||
@ -162,7 +162,7 @@ create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir) ->
|
|||||||
|
|
||||||
Challenges = get_challenges(Authz),
|
Challenges = get_challenges(Authz),
|
||||||
{ok, ChallengeUrl, KeyAuthz} =
|
{ok, ChallengeUrl, KeyAuthz} =
|
||||||
acme_challenge:solve_challenge(<<"http-01">>, Challenges, {PrivateKey, HttpDir}),
|
acme_challenge:solve_challenge(<<"http-01">>, Challenges, PrivateKey),
|
||||||
{ok, ChallengeId} = location_to_id(ChallengeUrl),
|
{ok, ChallengeId} = location_to_id(ChallengeUrl),
|
||||||
Req3 = [{<<"type">>, <<"http-01">>},{<<"keyAuthorization">>, KeyAuthz}],
|
Req3 = [{<<"type">>, <<"http-01">>},{<<"keyAuthorization">>, KeyAuthz}],
|
||||||
{ok, _SolvedChallenge, _Nonce2} = ejabberd_acme_comm:complete_challenge(
|
{ok, _SolvedChallenge, _Nonce2} = ejabberd_acme_comm:complete_challenge(
|
||||||
|
@ -45,7 +45,7 @@
|
|||||||
%% Migration jabberd1.4
|
%% Migration jabberd1.4
|
||||||
import_file/1, import_dir/1,
|
import_file/1, import_dir/1,
|
||||||
%% Acme
|
%% Acme
|
||||||
get_certificate/2,
|
get_certificate/1,
|
||||||
%% Purge DB
|
%% Purge DB
|
||||||
delete_expired_messages/0, delete_old_messages/1,
|
delete_expired_messages/0, delete_old_messages/1,
|
||||||
%% Mnesia
|
%% Mnesia
|
||||||
@ -248,9 +248,8 @@ get_commands_spec() ->
|
|||||||
#ejabberd_commands{name = get_certificate, tags = [acme],
|
#ejabberd_commands{name = get_certificate, tags = [acme],
|
||||||
desc = "Gets a certificate for the specified domain",
|
desc = "Gets a certificate for the specified domain",
|
||||||
module = ?MODULE, function = get_certificate,
|
module = ?MODULE, function = get_certificate,
|
||||||
args_desc = ["Full path to the http serving directory",
|
args_desc = ["Whether to create a new account or use the existing one"],
|
||||||
"Whether to create a new account or use the existing one"],
|
args = [{option, string}],
|
||||||
args = [{dir, string}, {option, string}],
|
|
||||||
result = {certificate, string}},
|
result = {certificate, string}},
|
||||||
|
|
||||||
#ejabberd_commands{name = import_piefxis, tags = [mnesia],
|
#ejabberd_commands{name = import_piefxis, tags = [mnesia],
|
||||||
@ -556,10 +555,10 @@ import_dir(Path) ->
|
|||||||
%%% Acme
|
%%% Acme
|
||||||
%%%
|
%%%
|
||||||
|
|
||||||
get_certificate(HttpDir, UseNewAccount) ->
|
get_certificate(UseNewAccount) ->
|
||||||
case ejabberd_acme:is_valid_account_opt(UseNewAccount) of
|
case ejabberd_acme:is_valid_account_opt(UseNewAccount) of
|
||||||
true ->
|
true ->
|
||||||
ejabberd_acme:get_certificates("http://localhost:4000", HttpDir, UseNewAccount);
|
ejabberd_acme:get_certificates("http://localhost:4000", UseNewAccount);
|
||||||
false ->
|
false ->
|
||||||
String = io_lib:format("Invalid account option: ~p", [UseNewAccount]),
|
String = io_lib:format("Invalid account option: ~p", [UseNewAccount]),
|
||||||
{invalid_option, String}
|
{invalid_option, String}
|
||||||
|
Loading…
Reference in New Issue
Block a user