25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-30 16:36:29 +01:00
Commit Graph

98 Commits

Author SHA1 Message Date
Konstantinos Kallas
e45f7ddfec Cleanup some comments: 2017-08-19 13:32:13 +03:00
Konstantinos Kallas
7cc7b74f1e Add acme certificates for all configured hosts in ejabberd_pkix 2017-08-19 12:50:40 +03:00
Konstantinos Kallas
ddfe8742c7 Add behaviour ejabberd_config in ejabberd_acme in order to validate the config 2017-08-19 11:35:15 +03:00
Konstantinos Kallas
051e2c639c Change some specs 2017-08-12 18:00:46 +03:00
Konstantinos Kallas
a72a7f830a Add support to revoke a certificate by providing the pem
This is important so that a user can revoke a certificate that is not acquired or logged from our acme client
2017-08-12 17:14:23 +03:00
Konstantinos Kallas
73f0b6707a Move the ca_url to the config file 2017-08-12 15:59:54 +03:00
Konstantinos Kallas
1aadb797b3 Remove the new account option from get certificate. There is no reason for having this 2017-08-11 14:10:55 +03:00
Konstantinos Kallas
7140c8d844 Format expired certificates differently in list_certificates 2017-08-11 13:28:17 +03:00
Konstantinos Kallas
2b1fea01cd Renew certificate now renews all saved certificates that are close to expire
Before this commit renew_certificate only checked the hosts in the config file and renewd the certificates for those. However the user can request certificates apart from the hosts in the config file so he should be able to also renew them.
2017-08-10 18:54:26 +03:00
Konstantinos Kallas
c20bfb3422 Revoke Certificate: Jose Private Key
Instead of signing the jose object with the account private key, it now signs the object using the certificate private key. This is useful in case the user wants to revoke a old certificate whose account key doesn't exist anymore.
2017-08-10 17:23:13 +03:00
Konstantinos Kallas
011b7ac3f2 Support getting certificates for domains not specified in the configuration file 2017-08-10 15:26:35 +03:00
Konstantinos Kallas
97a4d57f2e Remove some debugging functions 2017-08-08 18:00:37 +03:00
Konstantinos Kallas
9756b452d6 Implement renew_certificate command
This command renews the certificates for all domains that already have a certificate that has expired or is close to expiring. It is meant to be run automatically more often than the renewal process because if the certificates are valid nothing happens
2017-08-08 16:38:19 +03:00
Konstantinos Kallas
7fa9a387ae Try catch when formatting certificates 2017-08-08 12:45:57 +03:00
Konstantinos Kallas
48254a1e10 Change certificate notAfter to 90 days
As stated in Let's Encrypt FAQ: https://letsencrypt.org/docs/faq/
2017-08-08 12:23:13 +03:00
Konstantinos Kallas
e6e8e64f84 Improve return format of get_certificates command 2017-08-02 21:10:49 +03:00
Konstantinos Kallas
ac7105d39e Implement verbose list_certificates option 2017-08-02 19:36:11 +03:00
Konstantinos Kallas
3abe3aeeec Finish revoke_certificate and add specs
1. Add a try catch in the final revoke_certificate function
2. Also delete the certificate from persistent memory when it is done revoked
2017-07-29 19:10:06 +03:00
Konstantinos Kallas
cc6f4b90fb Support certificate revocation 2017-07-27 18:25:44 +03:00
Konstantinos Kallas
92e38190aa Encode strings using a library function and not my custom made 2017-07-25 14:13:40 +03:00
Konstantinos Kallas
09918b5912 Add a try catch arounf list certificates 2017-07-23 21:47:22 +03:00
Konstantinos Kallas
9ce1f12b66 Pretty print list-certificates 2017-07-18 13:28:44 +03:00
Konstantinos Kallas
2e18122cd9 Print validity in list-certificates 2017-07-17 13:40:53 +03:00
Konstantinos Kallas
8fe551cc68 Add a stub for the list-certificates command 2017-07-17 11:39:27 +03:00
Konstantinos Kallas
09c3496ff1 Remove httpdir from some function arguments as we now use the built in ejabberd http server for authorizations 2017-07-17 10:48:57 +03:00
Konstantinos Kallas
fa3108e6e2 Save acquired certificates in persistent storage 2017-07-17 10:42:09 +03:00
Konstantinos Kallas
9cf596c67b Change the persistent data structure from a record to a proplist
This is done so that possible future updates to the data structure don't break existing code.
With this change it will be possible to update the data structure and keep the same old persistent data file, which will still have the expected list format but with more properties
2017-07-17 09:59:38 +03:00
Konstantinos Kallas
478a12637d Separate the persistent data structure functions 2017-07-17 09:40:36 +03:00
Konstantinos Kallas
4d977535f2 Make some persistent data wrapper functions 2017-07-17 09:35:37 +03:00
Konstantinos Kallas
77a96b0ec6 Solve acme challenges using built in http server 2017-07-12 19:23:52 +03:00
Konstantinos Kallas
5199ede4a2 Changle acme file permissions
Also changed some specs
2017-07-11 11:11:00 +03:00
Konstantinos Kallas
c50f6c218f Clean up code by adding throws instead of passing the error value 2017-07-07 18:32:07 +03:00
Konstantinos Kallas
5866124138 Clean up get_certificate code 2017-07-07 17:37:44 +03:00
Konstantinos Kallas
56fc0efbc8 Split ACME module into two
1. A communications module that handles all requets/responses and other low level stuff that have to do with the ACME CA
2. A head module that will do all the useful stuff
2017-07-04 11:44:22 +03:00
Konstantinos Kallas
d3c477646f Add support for command get_certificates, very crude 2017-07-03 13:37:32 +03:00
Konstantinos Kallas
637d9b054b Support get-cert, revoke-cert. Also cleaned some typespecs 2017-06-26 19:03:21 +03:00
Konstantinos Kallas
330456bcf0 Indent using Emacs 2017-06-22 14:47:56 +03:00
Konstantinos Kallas
396bd5eb3d Removed some ?INFO_MSG 2017-06-22 11:38:40 +03:00
Konstantinos Kallas
dd79dea81d Support new_cert, make certificate request 2017-06-22 11:31:50 +03:00
Konstantinos Kallas
dc4c00a78c Add support for solving http-01 challenge 2017-06-18 13:20:47 +03:00
Konstantinos Kallas
1d1250b056 Cleanup acme_challenge.erl, move types and records in ejabberd_acme.hrl 2017-06-17 19:06:39 +03:00
Konstantinos Kallas
133d2ae6d5 Derive the alg field of the JWS object using a erlang-jose library function rather than hardcoding 2017-06-15 11:47:29 +03:00
Konstantinos Kallas
032ce9e53c Refactor get requests, Implement authorization handling functions 2017-06-14 12:12:43 +03:00
Konstantinos Kallas
4b1c59e199 Major Refactoring, Separated Logic from Requests 2017-06-12 21:35:43 +03:00
Konstantinos Kallas
c25aa8378f Add new-authz, refactor the http requests that all used the same code 2017-06-12 15:31:48 +03:00
Konstantinos Kallas
911b8188d2 Refactor the http response handlers.
Encapsulate some dangerous calls with try catch.
2017-06-09 19:47:50 +03:00
Konstantinos Kallas
167edacb5f Make Stylistic Changes in order to conform to guidelines:
1. Remove trailing whitespace
2. Remove Macros
3. Handle all erroneous response codes the same way
4. Add specs
Also don't return nonces anymore when the http response is negative.
2017-06-09 18:53:54 +03:00
Konstantinos Kallas
53d47483c8 Implement some basic account handling functions 2017-06-09 15:49:27 +03:00