diff options
Diffstat (limited to '')
-rw-r--r-- | src/ejabberd_acme.erl | 95 | ||||
-rw-r--r-- | src/ejabberd_admin.erl | 63 |
2 files changed, 73 insertions, 85 deletions
diff --git a/src/ejabberd_acme.erl b/src/ejabberd_acme.erl index e0a881d25..5cb15dcc5 100644 --- a/src/ejabberd_acme.erl +++ b/src/ejabberd_acme.erl @@ -22,7 +22,7 @@ -include("ejabberd.hrl"). -include("logger.hrl"). -include("xmpp.hrl"). - +-include("ejabberd_commands.hrl"). -include("ejabberd_acme.hrl"). -include_lib("public_key/include/public_key.hrl"). @@ -40,6 +40,7 @@ start_link() -> init([]) -> case filelib:ensure_dir(filename:join(acme_certs_dir(), "foo")) of ok -> + ejabberd_commands:register_commands(get_commands_spec()), register_certfiles(), {ok, #state{}}; {error, Why} -> @@ -60,7 +61,7 @@ handle_info(_Info, State) -> {noreply, State}. terminate(_Reason, _State) -> - ok. + ejabberd_commands:unregister_commands(get_commands_spec()). code_change(_OldVsn, State, _Extra) -> {ok, State}. @@ -101,23 +102,58 @@ is_valid_revoke_cert(DomainOrFile) -> lists:prefix("file:", DomainOrFile) orelse lists:prefix("domain:", DomainOrFile). - +%% Commands +get_commands_spec() -> + [#ejabberd_commands{name = get_certificates, tags = [acme], + desc = "Gets certificates for all or the specified " + "domains {all|domain1;domain2;...}.", + module = ?MODULE, function = get_certificates, + args_desc = ["Domains for which to acquire a certificate"], + args_example = ["all | www.example.com;www.example1.net"], + args = [{domains, string}], + result = {certificates, string}}, + #ejabberd_commands{name = renew_certificate, tags = [acme], + desc = "Renews all certificates that are close to expiring", + module = ?MODULE, function = renew_certificate, + args = [], + result = {certificates, string}}, + #ejabberd_commands{name = list_certificates, tags = [acme], + desc = "Lists all curently handled certificates and " + "their respective domains in {plain|verbose} format", + module = ?MODULE, function = list_certificates, + args_desc = ["Whether to print the whole certificate " + "or just some metadata. " + "Possible values: plain | verbose"], + args = [{option, string}], + result = {certificates, {list, {certificate, string}}}}, + #ejabberd_commands{name = revoke_certificate, tags = [acme], + desc = "Revokes the selected certificate", + module = ?MODULE, function = revoke_certificate, + args_desc = ["The domain or file (in pem format) of " + "the certificate in question " + "{domain:Domain | file:File}"], + args = [{domain_or_file, string}], + result = {res, restuple}}]. %% %% Get Certificate %% - -spec get_certificates(domains_opt()) -> string() | {'error', _}. get_certificates(Domains) -> - try - CAUrl = get_config_ca_url(), - get_certificates0(CAUrl, Domains) - catch - throw:Throw -> - Throw; - E:R -> - ?ERROR_MSG("Unknown ~p:~p, ~p", [E, R, erlang:get_stacktrace()]), - {error, get_certificates} + case is_valid_domain_opt(Domains) of + true -> + try + CAUrl = get_config_ca_url(), + get_certificates0(CAUrl, Domains) + catch + throw:Throw -> + Throw; + E:R -> + ?ERROR_MSG("Unknown ~p:~p, ~p", [E, R, erlang:get_stacktrace()]), + {error, get_certificates} + end; + false -> + io_lib:format("Invalid domains: ~p", [Domains]) end. -spec get_certificates0(url(), domains_opt()) -> string(). @@ -397,14 +433,20 @@ close_to_expire(Validity, Days) -> %% -spec list_certificates(verbose_opt()) -> [string()] | [any()] | {error, _}. list_certificates(Verbose) -> - try - list_certificates0(Verbose) - catch - throw:Throw -> - Throw; - E:R -> - ?ERROR_MSG("Unknown ~p:~p, ~p", [E, R, erlang:get_stacktrace()]), - {error, list_certificates} + case is_valid_verbose_opt(Verbose) of + true -> + try + list_certificates0(Verbose) + catch + throw:Throw -> + Throw; + E:R -> + ?ERROR_MSG("Unknown ~p:~p, ~p", [E, R, erlang:get_stacktrace()]), + {error, list_certificates} + end; + false -> + String = io_lib:format("Invalid verbose option: ~p", [Verbose]), + {invalid_option, String} end. -spec list_certificates0(verbose_opt()) -> [string()] | [any()]. @@ -548,8 +590,17 @@ get_utc_validity(#'Certificate'{tbsCertificate = TbsCertificate}) -> %% Revoke Certificate %% --spec revoke_certificate(string()) -> {ok, deleted} | {error, _}. revoke_certificate(DomainOrFile) -> + case is_valid_revoke_cert(DomainOrFile) of + true -> + revoke_certificates(DomainOrFile); + false -> + String = io_lib:format("Bad argument: ~s", [DomainOrFile]), + {invalid_argument, String} + end. + +-spec revoke_certificates(string()) -> {ok, deleted} | {error, _}. +revoke_certificates(DomainOrFile) -> try CAUrl = get_config_ca_url(), revoke_certificate0(CAUrl, DomainOrFile) diff --git a/src/ejabberd_admin.erl b/src/ejabberd_admin.erl index 368c7fe53..5824687e0 100644 --- a/src/ejabberd_admin.erl +++ b/src/ejabberd_admin.erl @@ -44,11 +44,6 @@ registered_users/1, %% Migration jabberd1.4 import_file/1, import_dir/1, - %% Acme - get_certificate/1, - renew_certificate/0, - list_certificates/1, - revoke_certificate/1, %% Purge DB delete_expired_messages/0, delete_old_messages/1, %% Mnesia @@ -247,31 +242,6 @@ get_commands_spec() -> args_example = ["/var/lib/ejabberd/jabberd14/"], args = [{file, string}], result = {res, restuple}}, - #ejabberd_commands{name = get_certificate, tags = [acme], - desc = "Gets a certificate for all or the specified domains {all|domain1;domain2;...}.", - module = ?MODULE, function = get_certificate, - args_desc = ["Domains for which to acquire a certificate"], - args_example = ["all | www.example.com;www.example1.net"], - args = [{domains, string}], - result = {certificates, string}}, - #ejabberd_commands{name = renew_certificate, tags = [acme], - desc = "Renews all certificates that are close to expiring", - module = ?MODULE, function = renew_certificate, - args = [], - result = {certificates, string}}, - #ejabberd_commands{name = list_certificates, tags = [acme], - desc = "Lists all curently handled certificates and their respective domains in {plain|verbose} format", - module = ?MODULE, function = list_certificates, - args_desc = ["Whether to print the whole certificate or just some metadata. Possible values: plain | verbose"], - args = [{option, string}], - result = {certificates, {list, {certificate, string}}}}, - #ejabberd_commands{name = revoke_certificate, tags = [acme], - desc = "Revokes the selected certificate", - module = ?MODULE, function = revoke_certificate, - args_desc = ["The domain or file (in pem format) of the certificate in question {domain:Domain | file:File}"], - args = [{domain_or_file, string}], - result = {res, restuple}}, - #ejabberd_commands{name = import_piefxis, tags = [mnesia], desc = "Import users data from a PIEFXIS file (XEP-0227)", module = ejabberd_piefxis, function = import_file, @@ -572,39 +542,6 @@ import_dir(Path) -> end. %%% -%%% Acme -%%% - -get_certificate(Domains) -> - case ejabberd_acme:is_valid_domain_opt(Domains) of - true -> - ejabberd_acme:get_certificates(Domains); - false -> - io_lib:format("Invalid domains: ~p", [Domains]) - end. - -renew_certificate() -> - ejabberd_acme:renew_certificates(). - -list_certificates(Verbose) -> - case ejabberd_acme:is_valid_verbose_opt(Verbose) of - true -> - ejabberd_acme:list_certificates(Verbose); - false -> - String = io_lib:format("Invalid verbose option: ~p", [Verbose]), - {invalid_option, String} - end. - -revoke_certificate(DomainOrFile) -> - case ejabberd_acme:is_valid_revoke_cert(DomainOrFile) of - true -> - ejabberd_acme:revoke_certificate(DomainOrFile); - false -> - String = io_lib:format("Bad argument: ~s", [DomainOrFile]), - {invalid_argument, String} - end. - -%%% %%% Purge DB %%% |