diff options
| author | Jonas Schäfer <jonas@wielicki.name> | 2021-12-21 21:20:21 +0100 |
|---|---|---|
| committer | Jonas Schäfer <jonas@wielicki.name> | 2021-12-21 21:20:21 +0100 |
| commit | 7c93370ad564fc9176b97cf981ed7e10e05d8890 (patch) | |
| tree | b63c715519099134c75900e0d7b1f9d7b04070d8 | |
| parent | a7f535e0cf44a188207ad49b88831f449812c8bf (diff) | |
| download | prosody-7c93370ad564fc9176b97cf981ed7e10e05d8890.tar.gz prosody-7c93370ad564fc9176b97cf981ed7e10e05d8890.zip | |
prosodyctl cert: use the indexing functions for better UX
These provide (a) a way to deal with random assortments of certs
and (b) avoid unnecessary error messages and warnings, according
to #1669 anyway, which this fixes.
| -rw-r--r-- | core/certmanager.lua | 20 | ||||
| -rw-r--r-- | util/prosodyctl/cert.lua | 28 |
2 files changed, 29 insertions, 19 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index e2324db5..017271d9 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -167,12 +167,10 @@ end local cert_index; -local function find_host_cert(host) +local function find_cert_in_index(index, host) if not host then return nil; end - if not cert_index then - cert_index = index_certs(resolve_path(config_path, global_certificates)); - end - local certs = cert_index[host]; + if not index then return nil; end + local certs = index[host]; if certs then local cert_filename, services = next(certs); if services["*"] then @@ -183,8 +181,16 @@ local function find_host_cert(host) } end end + return nil +end + +local function find_host_cert(host) + if not host then return nil; end + if not cert_index then + cert_index = index_certs(resolve_path(config_path, global_certificates)); + end - return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); + return find_cert_in_index(cert_index, host) or find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); end local function find_service_cert(service, port) @@ -439,5 +445,7 @@ return { create_context = create_context; reload_ssl_config = reload_ssl_config; find_cert = find_cert; + index_certs = index_certs; find_host_cert = find_host_cert; + find_cert_in_index = find_cert_in_index; }; diff --git a/util/prosodyctl/cert.lua b/util/prosodyctl/cert.lua index 2b96ac5c..d37bb82c 100644 --- a/util/prosodyctl/cert.lua +++ b/util/prosodyctl/cert.lua @@ -216,22 +216,24 @@ function cert_commands.import(arg) group = configmanager.get("*", "prosody_group") or owner; end local cm = require "core.certmanager"; + local files_by_name = {} + for _, dir in ipairs(arg) do + cm.index_certs(dir, files_by_name); + end local imported = {}; for _, host in ipairs(hostnames) do - for _, dir in ipairs(arg) do - local paths = cm.find_cert(dir, host); - if paths then - copy(paths.certificate, cert_basedir .. "/" .. host .. ".crt", nil, owner, group); - copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group); - table.insert(imported, host); - else - -- TODO Say where we looked - pctl.show_warning("No certificate for host "..host.." found :("); - end - -- TODO Additional checks - -- Certificate names matches the hostname - -- Private key matches public key in certificate + local paths = cm.find_cert_in_index(files_by_name, host); + if paths then + copy(paths.certificate, cert_basedir .. "/" .. host .. ".crt", nil, owner, group); + copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group); + table.insert(imported, host); + else + -- TODO Say where we looked + pctl.show_warning("No certificate for host "..host.." found :("); end + -- TODO Additional checks + -- Certificate names matches the hostname + -- Private key matches public key in certificate end if imported[1] then pctl.show_message("Imported certificate and key for hosts %s", table.concat(imported, ", ")); |