mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-26 16:26:24 +01:00
Remove some debugging functions
This commit is contained in:
parent
9756b452d6
commit
97a4d57f2e
@ -10,11 +10,7 @@
|
|||||||
is_valid_verbose_opt/1,
|
is_valid_verbose_opt/1,
|
||||||
%% Misc
|
%% Misc
|
||||||
generate_key/0,
|
generate_key/0,
|
||||||
to_public/1,
|
to_public/1
|
||||||
%% Debugging Scenarios
|
|
||||||
scenario/3,
|
|
||||||
scenario0/2,
|
|
||||||
new_user_scenario/2
|
|
||||||
]).
|
]).
|
||||||
|
|
||||||
-include("ejabberd.hrl").
|
-include("ejabberd.hrl").
|
||||||
@ -945,152 +941,6 @@ get_config_cert_dir() ->
|
|||||||
CertDir
|
CertDir
|
||||||
end.
|
end.
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Transaction Fun
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
transaction([{Fun, Rollback} | Rest]) ->
|
|
||||||
try
|
|
||||||
{ok, Result} = Fun(),
|
|
||||||
[Result | transaction(Rest)]
|
|
||||||
catch Type:Reason ->
|
|
||||||
Rollback(),
|
|
||||||
erlang:raise(Type, Reason, erlang:get_stacktrace())
|
|
||||||
end;
|
|
||||||
transaction([Fun | Rest]) ->
|
|
||||||
% not every action require cleanup on error
|
|
||||||
transaction([{Fun, fun () -> ok end} | Rest]);
|
|
||||||
transaction([]) -> [].
|
|
||||||
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
%%
|
|
||||||
%% Debugging Funcs -- They are only used for the development phase
|
|
||||||
%%
|
|
||||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
||||||
|
|
||||||
%% A typical acme workflow
|
|
||||||
scenario(CAUrl, AccId, PrivateKey) ->
|
|
||||||
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl),
|
|
||||||
|
|
||||||
{ok, {_TOS, Account}, Nonce1} =
|
|
||||||
ejabberd_acme_comm:get_account({CAUrl, AccId}, PrivateKey, Nonce0),
|
|
||||||
?INFO_MSG("Account: ~p~n", [Account]),
|
|
||||||
|
|
||||||
Req =
|
|
||||||
[{<<"identifier">>,
|
|
||||||
{[{<<"type">>, <<"dns">>},
|
|
||||||
{<<"value">>, <<"my-acme-test-ejabberd.com">>}]}},
|
|
||||||
{<<"existing">>, <<"accept">>}
|
|
||||||
],
|
|
||||||
{ok, Authz, Nonce2} = ejabberd_acme_comm:new_authz(Dirs, PrivateKey, Req, Nonce1),
|
|
||||||
|
|
||||||
{Account, Authz, PrivateKey}.
|
|
||||||
|
|
||||||
|
|
||||||
new_user_scenario(CAUrl, HttpDir) ->
|
|
||||||
PrivateKey = generate_key(),
|
|
||||||
|
|
||||||
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(CAUrl),
|
|
||||||
%% ?INFO_MSG("Directories: ~p", [Dirs]),
|
|
||||||
|
|
||||||
Req0 = [{ <<"contact">>, [<<"mailto:cert-example-admin@example2.com">>]}],
|
|
||||||
{ok, {TOS, Account}, Nonce1} = ejabberd_acme_comm:new_account(Dirs, PrivateKey, Req0, Nonce0),
|
|
||||||
|
|
||||||
{_, AccIdInt} = proplists:lookup(<<"id">>, Account),
|
|
||||||
AccId = integer_to_list(AccIdInt),
|
|
||||||
{ok, {_TOS, Account1}, Nonce2} =
|
|
||||||
ejabberd_acme_comm:get_account({CAUrl, AccId}, PrivateKey, Nonce1),
|
|
||||||
%% ?INFO_MSG("Old account: ~p~n", [Account1]),
|
|
||||||
|
|
||||||
Req1 = [{ <<"agreement">>, list_to_bitstring(TOS)}],
|
|
||||||
{ok, Account2, Nonce3} =
|
|
||||||
ejabberd_acme_comm:update_account({CAUrl, AccId}, PrivateKey, Req1, Nonce2),
|
|
||||||
|
|
||||||
%% NewKey = generate_key(),
|
|
||||||
%% KeyChangeUrl = CAUrl ++ "/acme/key-change/",
|
|
||||||
%% {ok, Account3, Nonce4} = key_roll_over(KeyChangeUrl, AccURL, PrivateKey, NewKey, Nonce3),
|
|
||||||
%% ?INFO_MSG("Changed key: ~p~n", [Account3]),
|
|
||||||
|
|
||||||
%% {ok, {_TOS, Account4}, Nonce5} = get_account(AccURL, NewKey, Nonce4),
|
|
||||||
%% ?INFO_MSG("New account:~p~n", [Account4]),
|
|
||||||
%% {Account4, PrivateKey}.
|
|
||||||
|
|
||||||
AccIdBin = list_to_bitstring(integer_to_list(AccIdInt)),
|
|
||||||
DomainName = << <<"my-acme-test-ejabberd">>/binary, AccIdBin/binary, <<".com">>/binary >>,
|
|
||||||
Req2 =
|
|
||||||
[{<<"identifier">>,
|
|
||||||
{[{<<"type">>, <<"dns">>},
|
|
||||||
{<<"value">>, DomainName}]}},
|
|
||||||
{<<"existing">>, <<"accept">>}
|
|
||||||
],
|
|
||||||
{ok, {AuthzUrl, Authz}, Nonce4} =
|
|
||||||
ejabberd_acme_comm:new_authz(Dirs, PrivateKey, Req2, Nonce3),
|
|
||||||
|
|
||||||
{ok, AuthzId} = location_to_id(AuthzUrl),
|
|
||||||
{ok, Authz2, Nonce5} = ejabberd_acme_comm:get_authz({CAUrl, AuthzId}),
|
|
||||||
?INFO_MSG("AuthzUrl: ~p~n", [AuthzUrl]),
|
|
||||||
|
|
||||||
Challenges = get_challenges(Authz2),
|
|
||||||
?INFO_MSG("Challenges: ~p~n", [Challenges]),
|
|
||||||
|
|
||||||
{ok, ChallengeUrl, KeyAuthz} =
|
|
||||||
acme_challenge:solve_challenge(<<"http-01">>, Challenges, {PrivateKey, HttpDir}),
|
|
||||||
?INFO_MSG("File for http-01 challenge written correctly", []),
|
|
||||||
|
|
||||||
{ok, ChallengeId} = location_to_id(ChallengeUrl),
|
|
||||||
Req3 =
|
|
||||||
[ {<<"type">>, <<"http-01">>}
|
|
||||||
, {<<"keyAuthorization">>, KeyAuthz}
|
|
||||||
],
|
|
||||||
{ok, SolvedChallenge, Nonce6} = ejabberd_acme_comm:complete_challenge(
|
|
||||||
{CAUrl, AuthzId, ChallengeId}, PrivateKey, Req3, Nonce5),
|
|
||||||
%% ?INFO_MSG("SolvedChallenge: ~p~n", [SolvedChallenge]),
|
|
||||||
|
|
||||||
%% timer:sleep(2000),
|
|
||||||
{ok, Authz3, Nonce7} = ejabberd_acme_comm:get_authz_until_valid({CAUrl, AuthzId}),
|
|
||||||
|
|
||||||
#{"new-cert" := NewCert} = Dirs,
|
|
||||||
CSRSubject = [{commonName, bitstring_to_list(DomainName)}],
|
|
||||||
{CSR, CSRKey} = make_csr(CSRSubject),
|
|
||||||
{MegS, Sec, MicS} = erlang:timestamp(),
|
|
||||||
NotBefore = xmpp_util:encode_timestamp({MegS-1, Sec, MicS}),
|
|
||||||
NotAfter = xmpp_util:encode_timestamp({MegS+1, Sec, MicS}),
|
|
||||||
Req4 =
|
|
||||||
[{<<"csr">>, CSR},
|
|
||||||
{<<"notBefore">>, NotBefore},
|
|
||||||
{<<"NotAfter">>, NotAfter}
|
|
||||||
],
|
|
||||||
{ok, {CertUrl, Certificate}, Nonce8} =
|
|
||||||
ejabberd_acme_comm:new_cert(Dirs, PrivateKey, Req4, Nonce7),
|
|
||||||
?INFO_MSG("CertUrl: ~p~n", [CertUrl]),
|
|
||||||
|
|
||||||
{ok, CertId} = location_to_id(CertUrl),
|
|
||||||
{ok, Certificate2, Nonce9} = ejabberd_acme_comm:get_cert({CAUrl, CertId}),
|
|
||||||
|
|
||||||
DecodedCert = public_key:pkix_decode_cert(list_to_binary(Certificate2), plain),
|
|
||||||
%% ?INFO_MSG("DecodedCert: ~p~n", [DecodedCert]),
|
|
||||||
PemEntryCert = public_key:pem_entry_encode('Certificate', DecodedCert),
|
|
||||||
%% ?INFO_MSG("PemEntryCert: ~p~n", [PemEntryCert]),
|
|
||||||
|
|
||||||
{_, CSRKeyKey} = jose_jwk:to_key(CSRKey),
|
|
||||||
PemEntryKey = public_key:pem_entry_encode('ECPrivateKey', CSRKeyKey),
|
|
||||||
%% ?INFO_MSG("PemKey: ~p~n", [jose_jwk:to_pem(CSRKey)]),
|
|
||||||
%% ?INFO_MSG("PemEntryKey: ~p~n", [PemEntryKey]),
|
|
||||||
|
|
||||||
PemCert = public_key:pem_encode([PemEntryKey, PemEntryCert]),
|
|
||||||
%% ?INFO_MSG("PemCert: ~p~n", [PemCert]),
|
|
||||||
|
|
||||||
ok = file:write_file(HttpDir ++ "/my_server.pem", PemCert),
|
|
||||||
|
|
||||||
Base64Cert = base64url:encode(Certificate2),
|
|
||||||
Req5 = [{<<"certificate">>, Base64Cert}],
|
|
||||||
{ok, [], Nonce10} = ejabberd_acme_comm:revoke_cert(Dirs, PrivateKey, Req5, Nonce9),
|
|
||||||
|
|
||||||
{ok, Certificate3, Nonce11} = ejabberd_acme_comm:get_cert({CAUrl, CertId}),
|
|
||||||
|
|
||||||
{Account2, Authz3, CSR, Certificate, PrivateKey}.
|
|
||||||
|
|
||||||
-ifdef(GENERATE_RSA_KEY).
|
-ifdef(GENERATE_RSA_KEY).
|
||||||
generate_key() ->
|
generate_key() ->
|
||||||
@ -1105,63 +955,3 @@ generate_key() ->
|
|||||||
jose_jwk:generate_key({ec, secp256r1}).
|
jose_jwk:generate_key({ec, secp256r1}).
|
||||||
-endif.
|
-endif.
|
||||||
|
|
||||||
|
|
||||||
scenario3() ->
|
|
||||||
CSRSubject = [{commonName, "my-acme-test-ejabberd.com"},
|
|
||||||
{organizationName, "Example Corp"}],
|
|
||||||
{CSR, CSRKey} = make_csr(CSRSubject).
|
|
||||||
|
|
||||||
|
|
||||||
%% It doesn't seem to work, The user can get a new authorization even though the account has been deleted
|
|
||||||
delete_account_scenario(CAUrl) ->
|
|
||||||
PrivateKey = generate_key(),
|
|
||||||
|
|
||||||
DirURL = CAUrl ++ "/directory",
|
|
||||||
{ok, Dirs, Nonce0} = ejabberd_acme_comm:directory(DirURL),
|
|
||||||
%% ?INFO_MSG("Directories: ~p", [Dirs]),
|
|
||||||
|
|
||||||
Req0 = [{ <<"contact">>, [<<"mailto:cert-example-admin@example2.com">>]}],
|
|
||||||
{ok, {TOS, Account}, Nonce1} = ejabberd_acme_comm:new_account(Dirs, PrivateKey, Req0, Nonce0),
|
|
||||||
|
|
||||||
{_, AccIdInt} = proplists:lookup(<<"id">>, Account),
|
|
||||||
AccId = integer_to_list(AccIdInt),
|
|
||||||
{ok, {_TOS, Account1}, Nonce2} =
|
|
||||||
ejabberd_acme_comm:get_account({CAUrl, AccId}, PrivateKey, Nonce1),
|
|
||||||
%% ?INFO_MSG("Old account: ~p~n", [Account1]),
|
|
||||||
|
|
||||||
Req1 = [{ <<"agreement">>, list_to_bitstring(TOS)}],
|
|
||||||
{ok, Account2, Nonce3} =
|
|
||||||
ejabberd_acme_comm:update_account({CAUrl, AccId}, PrivateKey, Req1, Nonce2),
|
|
||||||
|
|
||||||
%% Delete account
|
|
||||||
{ok, Account3, Nonce4} =
|
|
||||||
ejabberd_acme_comm:delete_account({CAUrl, AccId}, PrivateKey, Nonce3),
|
|
||||||
|
|
||||||
timer:sleep(3000),
|
|
||||||
|
|
||||||
{ok, {_TOS, Account4}, Nonce5} =
|
|
||||||
ejabberd_acme_comm:get_account({CAUrl, AccId}, PrivateKey, Nonce4),
|
|
||||||
?INFO_MSG("New account: ~p~n", [Account4]),
|
|
||||||
|
|
||||||
AccIdBin = list_to_bitstring(integer_to_list(AccIdInt)),
|
|
||||||
DomainName = << <<"my-acme-test-ejabberd">>/binary, AccIdBin/binary, <<".com">>/binary >>,
|
|
||||||
Req2 =
|
|
||||||
[{<<"identifier">>,
|
|
||||||
{[{<<"type">>, <<"dns">>},
|
|
||||||
{<<"value">>, DomainName}]}},
|
|
||||||
{<<"existing">>, <<"accept">>}
|
|
||||||
],
|
|
||||||
{ok, {AuthzUrl, Authz}, Nonce6} =
|
|
||||||
ejabberd_acme_comm:new_authz(Dirs, PrivateKey, Req2, Nonce5),
|
|
||||||
|
|
||||||
{ok, Account1, Account3, Authz}.
|
|
||||||
|
|
||||||
%% Just a test
|
|
||||||
scenario0(KeyFile, HttpDir) ->
|
|
||||||
PrivateKey = jose_jwk:from_file(KeyFile),
|
|
||||||
%% scenario("http://localhost:4000", "2", PrivateKey).
|
|
||||||
%% delete_account_scenario("http://localhost:4000").
|
|
||||||
new_user_scenario("http://localhost:4000", HttpDir).
|
|
||||||
|
|
||||||
%% scenario3().
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user