mirror of
https://github.com/processone/ejabberd.git
synced 2024-06-12 21:52:07 +02:00
Pretty print list-certificates
This commit is contained in:
parent
2e18122cd9
commit
9ce1f12b66
|
@ -11,6 +11,11 @@
|
||||||
key :: jose_jwk:key()
|
key :: jose_jwk:key()
|
||||||
}).
|
}).
|
||||||
|
|
||||||
|
-record(data_cert, {
|
||||||
|
domain :: list(),
|
||||||
|
pem :: jose_jwk:key(),
|
||||||
|
path :: file:filename()
|
||||||
|
}).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -54,27 +54,56 @@ list_certificates(Verbose) ->
|
||||||
{ok, Certs} = read_certificates_persistent(),
|
{ok, Certs} = read_certificates_persistent(),
|
||||||
case Verbose of
|
case Verbose of
|
||||||
"plain" ->
|
"plain" ->
|
||||||
[{Domain, certificate_metadata(PemCert)} || {Domain, PemCert} <- Certs];
|
[format_certificate(DataCert) || {_Key, DataCert} <- Certs];
|
||||||
"verbose" ->
|
"verbose" ->
|
||||||
Certs
|
Certs
|
||||||
end.
|
end.
|
||||||
|
|
||||||
%% TODO: Make this cleaner and more secure
|
%% TODO: Make this cleaner and more robust
|
||||||
certificate_metadata(PemCert) ->
|
format_certificate(DataCert) ->
|
||||||
|
#data_cert{
|
||||||
|
domain = DomainName,
|
||||||
|
pem = PemCert,
|
||||||
|
path = Path
|
||||||
|
} = DataCert,
|
||||||
|
|
||||||
PemList = public_key:pem_decode(PemCert),
|
PemList = public_key:pem_decode(PemCert),
|
||||||
PemEntryCert = lists:keyfind('Certificate', 1, PemList),
|
PemEntryCert = lists:keyfind('Certificate', 1, PemList),
|
||||||
#'Certificate'{tbsCertificate = #'TBSCertificate'{
|
Certificate = public_key:pem_entry_decode(PemEntryCert),
|
||||||
subject = {rdnSequence, SubjectList},
|
|
||||||
validity = Validity}}
|
|
||||||
= public_key:pem_entry_decode(PemEntryCert),
|
|
||||||
|
|
||||||
%% Find the commonName
|
%% Find the commonName
|
||||||
|
_CommonName = get_commonName(Certificate),
|
||||||
|
|
||||||
|
%% Find the notAfter date
|
||||||
|
NotAfter = get_notAfter(Certificate),
|
||||||
|
|
||||||
|
format_certificate1(DomainName, NotAfter, Path).
|
||||||
|
|
||||||
|
format_certificate1(DomainName, NotAfter, Path) ->
|
||||||
|
Result = lists:flatten(io_lib:format(
|
||||||
|
" Domain: ~s~n"
|
||||||
|
" Valid until: ~s UTC~n"
|
||||||
|
" Path: ~s",
|
||||||
|
[DomainName, NotAfter, Path])),
|
||||||
|
Result.
|
||||||
|
|
||||||
|
get_commonName(#'Certificate'{tbsCertificate = TbsCertificate}) ->
|
||||||
|
#'TBSCertificate'{
|
||||||
|
subject = {rdnSequence, SubjectList}
|
||||||
|
} = TbsCertificate,
|
||||||
|
|
||||||
%% TODO: Not the best way to find the commonName
|
%% TODO: Not the best way to find the commonName
|
||||||
?INFO_MSG("Subject List: ~p", [SubjectList]),
|
|
||||||
ShallowSubjectList = [Attribute || [Attribute] <- SubjectList],
|
ShallowSubjectList = [Attribute || [Attribute] <- SubjectList],
|
||||||
{_, _, CommonName} = lists:keyfind(attribute_oid(commonName), 2, ShallowSubjectList),
|
{_, _, CommonName} = lists:keyfind(attribute_oid(commonName), 2, ShallowSubjectList),
|
||||||
|
|
||||||
%% Find the notAfter date
|
%% TODO: Remove the length-encoding from the commonName before returning it
|
||||||
|
CommonName.
|
||||||
|
|
||||||
|
get_notAfter(#'Certificate'{tbsCertificate = TbsCertificate}) ->
|
||||||
|
#'TBSCertificate'{
|
||||||
|
validity = Validity
|
||||||
|
} = TbsCertificate,
|
||||||
|
|
||||||
%% TODO: Find a library function to decode utc time
|
%% TODO: Find a library function to decode utc time
|
||||||
#'Validity'{notAfter = {utcTime, UtcTime}} = Validity,
|
#'Validity'{notAfter = {utcTime, UtcTime}} = Validity,
|
||||||
[Y1,Y2,MO1,MO2,D1,D2,H1,H2,MI1,MI2,S1,S2,$Z] = UtcTime,
|
[Y1,Y2,MO1,MO2,D1,D2,H1,H2,MI1,MI2,S1,S2,$Z] = UtcTime,
|
||||||
|
@ -82,7 +111,7 @@ certificate_metadata(PemCert) ->
|
||||||
true -> "19" ++ [Y1,Y2];
|
true -> "19" ++ [Y1,Y2];
|
||||||
_ -> "20" ++ [Y1,Y2]
|
_ -> "20" ++ [Y1,Y2]
|
||||||
end,
|
end,
|
||||||
NotAfter = lists:flatten(io_lib:format("Valid until: ~s-~s-~s ~s:~s:~s",
|
NotAfter = lists:flatten(io_lib:format("~s-~s-~s ~s:~s:~s",
|
||||||
[YEAR, [MO1,MO2], [D1,D2],
|
[YEAR, [MO1,MO2], [D1,D2],
|
||||||
[H1,H2], [MI1,MI2], [S1,S2]])),
|
[H1,H2], [MI1,MI2], [S1,S2]])),
|
||||||
|
|
||||||
|
@ -484,9 +513,9 @@ data_set_certificates(Data, NewCerts) ->
|
||||||
lists:keystore(certs, 1, Data, {certs, NewCerts}).
|
lists:keystore(certs, 1, Data, {certs, NewCerts}).
|
||||||
|
|
||||||
%% ATM we preserve one certificate for each domain
|
%% ATM we preserve one certificate for each domain
|
||||||
data_add_certificate(Data, {Domain, PemCert}) ->
|
data_add_certificate(Data, DataCert = #data_cert{domain=Domain}) ->
|
||||||
{ok, Certs} = data_get_certificates(Data),
|
{ok, Certs} = data_get_certificates(Data),
|
||||||
NewCerts = lists:keystore(Domain, 1, Certs, {Domain, PemCert}),
|
NewCerts = lists:keystore(Domain, 1, Certs, {Domain, DataCert}),
|
||||||
data_set_certificates(Data, NewCerts).
|
data_set_certificates(Data, NewCerts).
|
||||||
|
|
||||||
|
|
||||||
|
@ -553,11 +582,12 @@ read_certificates_persistent() ->
|
||||||
{ok, Data} = read_persistent(),
|
{ok, Data} = read_persistent(),
|
||||||
data_get_certificates(Data).
|
data_get_certificates(Data).
|
||||||
|
|
||||||
add_certificate_persistent({Domain, PemCert}) ->
|
add_certificate_persistent(DataCert) ->
|
||||||
{ok, Data} = read_persistent(),
|
{ok, Data} = read_persistent(),
|
||||||
NewData = data_add_certificate(Data, {Domain, PemCert}),
|
NewData = data_add_certificate(Data, DataCert),
|
||||||
ok = write_persistent(NewData).
|
ok = write_persistent(NewData).
|
||||||
|
|
||||||
|
|
||||||
save_certificate({error, _, _} = Error) ->
|
save_certificate({error, _, _} = Error) ->
|
||||||
Error;
|
Error;
|
||||||
save_certificate({ok, DomainName, Cert}) ->
|
save_certificate({ok, DomainName, Cert}) ->
|
||||||
|
@ -569,7 +599,12 @@ save_certificate({ok, DomainName, Cert}) ->
|
||||||
%% that there is no certificate saved if it cannot be added in
|
%% that there is no certificate saved if it cannot be added in
|
||||||
%% certificate persistent storage
|
%% certificate persistent storage
|
||||||
write_cert(CertificateFile, Cert, DomainName),
|
write_cert(CertificateFile, Cert, DomainName),
|
||||||
add_certificate_persistent({DomainName, Cert}),
|
DataCert = #data_cert{
|
||||||
|
domain = DomainName,
|
||||||
|
pem = Cert,
|
||||||
|
path = CertificateFile
|
||||||
|
},
|
||||||
|
add_certificate_persistent(DataCert),
|
||||||
{ok, DomainName, saved}
|
{ok, DomainName, saved}
|
||||||
catch
|
catch
|
||||||
throw:Throw ->
|
throw:Throw ->
|
||||||
|
|
|
@ -257,10 +257,7 @@ get_commands_spec() ->
|
||||||
module = ?MODULE, function = list_certificates,
|
module = ?MODULE, function = list_certificates,
|
||||||
args_desc = ["Whether to print the whole certificate or just some metadata. Possible values: plain | verbose"],
|
args_desc = ["Whether to print the whole certificate or just some metadata. Possible values: plain | verbose"],
|
||||||
args = [{option, string}],
|
args = [{option, string}],
|
||||||
result = {certificates, {list,
|
result = {certificates, {list,{certificate, string}}}},
|
||||||
{certificate, {tuple,
|
|
||||||
[{domain, string},
|
|
||||||
{cert, string}]}}}}},
|
|
||||||
|
|
||||||
#ejabberd_commands{name = import_piefxis, tags = [mnesia],
|
#ejabberd_commands{name = import_piefxis, tags = [mnesia],
|
||||||
desc = "Import users data from a PIEFXIS file (XEP-0227)",
|
desc = "Import users data from a PIEFXIS file (XEP-0227)",
|
||||||
|
|
Loading…
Reference in New Issue
Block a user