mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-24 17:29:28 +01:00
Changle acme file permissions
Also changed some specs
This commit is contained in:
parent
b4b4e247dd
commit
5199ede4a2
@ -49,6 +49,7 @@ is_valid_account_opt(_) -> false.
|
|||||||
{'error', _}.
|
{'error', _}.
|
||||||
get_certificates(CAUrl, HttpDir, NewAccountOpt) ->
|
get_certificates(CAUrl, HttpDir, NewAccountOpt) ->
|
||||||
try
|
try
|
||||||
|
?INFO_MSG("Persistent: ~p~n", [file:read_file_info(persistent_file())]),
|
||||||
get_certificates0(CAUrl, HttpDir, NewAccountOpt)
|
get_certificates0(CAUrl, HttpDir, NewAccountOpt)
|
||||||
catch
|
catch
|
||||||
throw:Throw ->
|
throw:Throw ->
|
||||||
@ -67,21 +68,12 @@ get_certificates0(CAUrl, HttpDir, "old-account") ->
|
|||||||
|
|
||||||
%% Get the current account
|
%% Get the current account
|
||||||
{ok, _AccId, PrivateKey} = ensure_account_exists(Data),
|
{ok, _AccId, PrivateKey} = ensure_account_exists(Data),
|
||||||
|
|
||||||
get_certificates1(CAUrl, HttpDir, PrivateKey);
|
get_certificates1(CAUrl, HttpDir, PrivateKey);
|
||||||
|
|
||||||
get_certificates0(CAUrl, HttpDir, "new-account") ->
|
get_certificates0(CAUrl, HttpDir, "new-account") ->
|
||||||
%% Get contact from configuration file
|
%% Create a new account and save it to disk
|
||||||
{ok, Contact} = get_config_contact(),
|
{ok, _Id, PrivateKey} = create_save_new_account(CAUrl),
|
||||||
|
|
||||||
%% Generate a Key
|
|
||||||
PrivateKey = generate_key(),
|
|
||||||
|
|
||||||
%% Create a new account
|
|
||||||
{ok, Id} = create_new_account(CAUrl, Contact, PrivateKey),
|
|
||||||
|
|
||||||
%% Write Persistent Data
|
|
||||||
{ok, Data} = read_persistent(),
|
|
||||||
NewData = set_account_persistent(Data, {Id, PrivateKey}),
|
|
||||||
ok = write_persistent(NewData),
|
|
||||||
|
|
||||||
get_certificates1(CAUrl, HttpDir, PrivateKey).
|
get_certificates1(CAUrl, HttpDir, PrivateKey).
|
||||||
|
|
||||||
@ -118,8 +110,28 @@ get_certificate(CAUrl, DomainName, PrivateKey, HttpDir) ->
|
|||||||
{error, DomainName, get_certificate}
|
{error, DomainName, get_certificate}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
|
-spec create_save_new_account(url()) -> {'ok', string(), jose_jwk:key()} | no_return().
|
||||||
|
create_save_new_account(CAUrl) ->
|
||||||
|
%% Get contact from configuration file
|
||||||
|
{ok, Contact} = get_config_contact(),
|
||||||
|
|
||||||
|
%% Generate a Key
|
||||||
|
PrivateKey = generate_key(),
|
||||||
|
|
||||||
|
%% Create a new account
|
||||||
|
{ok, Id} = create_new_account(CAUrl, Contact, PrivateKey),
|
||||||
|
|
||||||
|
%% Write Persistent Data
|
||||||
|
{ok, Data} = read_persistent(),
|
||||||
|
NewData = set_account_persistent(Data, {Id, PrivateKey}),
|
||||||
|
ok = write_persistent(NewData),
|
||||||
|
|
||||||
|
{ok, Id, PrivateKey}.
|
||||||
|
|
||||||
%% TODO:
|
%% TODO:
|
||||||
%% Find a way to ask the user if he accepts the TOS
|
%% Find a way to ask the user if he accepts the TOS
|
||||||
|
-spec create_new_account(url(), bitstring(), jose_jwk:key()) -> {'ok', string()} |
|
||||||
|
no_return().
|
||||||
create_new_account(CAUrl, Contact, PrivateKey) ->
|
create_new_account(CAUrl, Contact, PrivateKey) ->
|
||||||
try
|
try
|
||||||
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl),
|
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl),
|
||||||
@ -139,7 +151,8 @@ create_new_account(CAUrl, Contact, PrivateKey) ->
|
|||||||
throw({error,create_new_account})
|
throw({error,create_new_account})
|
||||||
end.
|
end.
|
||||||
|
|
||||||
|
-spec create_new_authorization(url(), bitstring(), jose_jwk:key(), bitstring()) ->
|
||||||
|
{'ok', proplist()} | no_return().
|
||||||
create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir) ->
|
create_new_authorization(CAUrl, DomainName, PrivateKey, HttpDir) ->
|
||||||
try
|
try
|
||||||
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl),
|
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl),
|
||||||
@ -396,11 +409,16 @@ persistent_file() ->
|
|||||||
MnesiaDir = mnesia:system_info(directory),
|
MnesiaDir = mnesia:system_info(directory),
|
||||||
filename:join(MnesiaDir, "acme.DAT").
|
filename:join(MnesiaDir, "acme.DAT").
|
||||||
|
|
||||||
|
%% The persistent file should be rread and written only by its owner
|
||||||
|
persistent_file_mode() ->
|
||||||
|
8#400 + 8#200.
|
||||||
|
|
||||||
read_persistent() ->
|
read_persistent() ->
|
||||||
case file:read_file(persistent_file()) of
|
case file:read_file(persistent_file()) of
|
||||||
{ok, Binary} ->
|
{ok, Binary} ->
|
||||||
{ok, binary_to_term(Binary)};
|
{ok, binary_to_term(Binary)};
|
||||||
{error, enoent} ->
|
{error, enoent} ->
|
||||||
|
create_persistent(),
|
||||||
{ok, #data{}};
|
{ok, #data{}};
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?ERROR_MSG("Error: ~p reading acme data file", [Reason]),
|
?ERROR_MSG("Error: ~p reading acme data file", [Reason]),
|
||||||
@ -416,6 +434,21 @@ write_persistent(Data) ->
|
|||||||
throw({error, Reason})
|
throw({error, Reason})
|
||||||
end.
|
end.
|
||||||
|
|
||||||
|
create_persistent() ->
|
||||||
|
Binary = term_to_binary(#data{}),
|
||||||
|
case file:write_file(persistent_file(), Binary) of
|
||||||
|
ok ->
|
||||||
|
case file:change_mode(persistent_file(), persistent_file_mode()) of
|
||||||
|
ok -> ok;
|
||||||
|
{error, Reason} ->
|
||||||
|
?ERROR_MSG("Error: ~p changing acme data file mode", [Reason]),
|
||||||
|
throw({error, Reason})
|
||||||
|
end;
|
||||||
|
{error, Reason} ->
|
||||||
|
?ERROR_MSG("Error: ~p creating acme data file", [Reason]),
|
||||||
|
throw({error, Reason})
|
||||||
|
end.
|
||||||
|
|
||||||
get_account_persistent(#data{account = Account}) ->
|
get_account_persistent(#data{account = Account}) ->
|
||||||
case Account of
|
case Account of
|
||||||
#data_acc{id = AccId, key = PrivateKey} ->
|
#data_acc{id = AccId, key = PrivateKey} ->
|
||||||
|
Loading…
Reference in New Issue
Block a user