diff options
author | Konstantinos Kallas <konstantinos.kallas@hotmail.com> | 2017-07-18 13:28:44 +0300 |
---|---|---|
committer | Konstantinos Kallas <konstantinos.kallas@hotmail.com> | 2017-07-18 13:28:44 +0300 |
commit | 9ce1f12b66b35070ad2b2e9bf745e455f96c79b9 (patch) | |
tree | e9e69c8a799c25ea821df6d22c08f5e29bbbb11a /src/ejabberd_acme.erl | |
parent | Print validity in list-certificates (diff) |
Pretty print list-certificates
Diffstat (limited to 'src/ejabberd_acme.erl')
-rw-r--r-- | src/ejabberd_acme.erl | 67 |
1 files changed, 51 insertions, 16 deletions
diff --git a/src/ejabberd_acme.erl b/src/ejabberd_acme.erl index a70321c7..3ba318bd 100644 --- a/src/ejabberd_acme.erl +++ b/src/ejabberd_acme.erl @@ -54,27 +54,56 @@ list_certificates(Verbose) -> {ok, Certs} = read_certificates_persistent(), case Verbose of "plain" -> - [{Domain, certificate_metadata(PemCert)} || {Domain, PemCert} <- Certs]; + [format_certificate(DataCert) || {_Key, DataCert} <- Certs]; "verbose" -> Certs end. -%% TODO: Make this cleaner and more secure -certificate_metadata(PemCert) -> +%% TODO: Make this cleaner and more robust +format_certificate(DataCert) -> + #data_cert{ + domain = DomainName, + pem = PemCert, + path = Path + } = DataCert, + PemList = public_key:pem_decode(PemCert), PemEntryCert = lists:keyfind('Certificate', 1, PemList), - #'Certificate'{tbsCertificate = #'TBSCertificate'{ - subject = {rdnSequence, SubjectList}, - validity = Validity}} - = public_key:pem_entry_decode(PemEntryCert), - + Certificate = public_key:pem_entry_decode(PemEntryCert), + %% Find the commonName + _CommonName = get_commonName(Certificate), + + %% Find the notAfter date + NotAfter = get_notAfter(Certificate), + + format_certificate1(DomainName, NotAfter, Path). + +format_certificate1(DomainName, NotAfter, Path) -> + Result = lists:flatten(io_lib:format( + " Domain: ~s~n" + " Valid until: ~s UTC~n" + " Path: ~s", + [DomainName, NotAfter, Path])), + Result. + +get_commonName(#'Certificate'{tbsCertificate = TbsCertificate}) -> + #'TBSCertificate'{ + subject = {rdnSequence, SubjectList} + } = TbsCertificate, + %% TODO: Not the best way to find the commonName - ?INFO_MSG("Subject List: ~p", [SubjectList]), ShallowSubjectList = [Attribute || [Attribute] <- SubjectList], {_, _, CommonName} = lists:keyfind(attribute_oid(commonName), 2, ShallowSubjectList), + + %% TODO: Remove the length-encoding from the commonName before returning it + CommonName. + +get_notAfter(#'Certificate'{tbsCertificate = TbsCertificate}) -> + #'TBSCertificate'{ + validity = Validity + } = TbsCertificate, - %% Find the notAfter date %% TODO: Find a library function to decode utc time #'Validity'{notAfter = {utcTime, UtcTime}} = Validity, [Y1,Y2,MO1,MO2,D1,D2,H1,H2,MI1,MI2,S1,S2,$Z] = UtcTime, @@ -82,7 +111,7 @@ certificate_metadata(PemCert) -> true -> "19" ++ [Y1,Y2]; _ -> "20" ++ [Y1,Y2] end, - NotAfter = lists:flatten(io_lib:format("Valid until: ~s-~s-~s ~s:~s:~s", + NotAfter = lists:flatten(io_lib:format("~s-~s-~s ~s:~s:~s", [YEAR, [MO1,MO2], [D1,D2], [H1,H2], [MI1,MI2], [S1,S2]])), @@ -484,9 +513,9 @@ data_set_certificates(Data, NewCerts) -> lists:keystore(certs, 1, Data, {certs, NewCerts}). %% ATM we preserve one certificate for each domain -data_add_certificate(Data, {Domain, PemCert}) -> +data_add_certificate(Data, DataCert = #data_cert{domain=Domain}) -> {ok, Certs} = data_get_certificates(Data), - NewCerts = lists:keystore(Domain, 1, Certs, {Domain, PemCert}), + NewCerts = lists:keystore(Domain, 1, Certs, {Domain, DataCert}), data_set_certificates(Data, NewCerts). @@ -553,11 +582,12 @@ read_certificates_persistent() -> {ok, Data} = read_persistent(), data_get_certificates(Data). -add_certificate_persistent({Domain, PemCert}) -> +add_certificate_persistent(DataCert) -> {ok, Data} = read_persistent(), - NewData = data_add_certificate(Data, {Domain, PemCert}), + NewData = data_add_certificate(Data, DataCert), ok = write_persistent(NewData). + save_certificate({error, _, _} = Error) -> Error; save_certificate({ok, DomainName, Cert}) -> @@ -569,7 +599,12 @@ save_certificate({ok, DomainName, Cert}) -> %% that there is no certificate saved if it cannot be added in %% certificate persistent storage write_cert(CertificateFile, Cert, DomainName), - add_certificate_persistent({DomainName, Cert}), + DataCert = #data_cert{ + domain = DomainName, + pem = Cert, + path = CertificateFile + }, + add_certificate_persistent(DataCert), {ok, DomainName, saved} catch throw:Throw -> |