yetangitu/ejabberd
1
0
Fork 0
mirror of https://github.com/processone/ejabberd synced 2025-10-03 09:49:18 +02:00
Code Issues Releases Wiki Activity

Renew certificate now renews all saved certificates that are close to expire

Browse source 
Before this commit renew_certificate only checked the hosts in the config file and renewd the certificates for those. However the user can request certificates apart from the hosts in the config file so he should be able to also renew them.
This commit is contained in:
Konstantinos Kallas 2017-08-10 18:54:26 +03:00
parent c20bfb3422
commit 2b1fea01cd
1 changed files with 15 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

47
src/ejabberd_acme.erl
View file

@ -283,50 +283,35 @@ renew_certificates0(CAUrl) ->
%% Get the current account %% Get the current account
{ok, _AccId, PrivateKey} = ensure_account_exists(), {ok, _AccId, PrivateKey} = ensure_account_exists(),
%% Read Config %% Find all hosts that we have certificates for
Hosts = get_config_hosts(), Certs = read_certificates_persistent(),
%% Get a certificate for each host %% Get a certificate for each host
PemCertKeys = [renew_certificate(CAUrl, Host, PrivateKey) || Host <- Hosts], PemCertKeys = [renew_certificate(CAUrl, Cert, PrivateKey) || Cert <- Certs],
%% Save Certificates %% Save Certificates
SavedCerts = [save_renewed_certificate(Cert) || Cert <- PemCertKeys], SavedCerts = [save_renewed_certificate(Cert) || Cert <- PemCertKeys],
%% Format the result to send back to ejabberdctl %% Format the result to send back to ejabberdctl
%% Result
format_get_certificates_result(SavedCerts). format_get_certificates_result(SavedCerts).
-spec renew_certificate(url(), bitstring(), jose_jwk:key()) -> -spec renew_certificate(url(), data_cert(), jose_jwk:key()) ->
{'ok', bitstring(), _} | {'ok', bitstring(), _} |
{'error', bitstring(), _}. {'error', bitstring(), _}.
renew_certificate(CAUrl, DomainName, PrivateKey) -> renew_certificate(CAUrl, {DomainName, _} = Cert, PrivateKey) ->
case cert_to_expire(DomainName) of case cert_to_expire(Cert) of
true -> true ->
get_certificate(CAUrl, DomainName, PrivateKey); get_certificate(CAUrl, DomainName, PrivateKey);
{false, not_found} -> false ->
{ok, DomainName, not_found}; {ok, DomainName, no_expire}
{false, PemCert} ->
{ok, DomainName, exists}
end. end.
-spec cert_to_expire(bitstring()) -> 'true' |
{'false', pem()} | -spec cert_to_expire(data_cert()) -> boolean().
{'false', not_found}. cert_to_expire({DomainName, #data_cert{pem = Pem}}) ->
cert_to_expire(DomainName) -> Certificate = pem_to_certificate(Pem),
Certs = read_certificates_persistent(), Validity = get_utc_validity(Certificate),
case lists:keyfind(DomainName, 1, Certs) of close_to_expire(Validity).
{DomainName, #data_cert{pem = Pem}} ->
Certificate = pem_to_certificate(Pem),
Validity = get_utc_validity(Certificate),
case close_to_expire(Validity) of
true ->
true;
false ->
{false, Pem}
end;
false ->
{false, not_found}
end.
-spec close_to_expire(string()) -> boolean(). -spec close_to_expire(string()) -> boolean().
close_to_expire(Validity) -> close_to_expire(Validity) ->
@ -933,9 +918,7 @@ save_certificate({ok, DomainName, Cert}) ->
{ok, bitstring(), _} | {error, bitstring(), _}. {ok, bitstring(), _} | {error, bitstring(), _}.
save_renewed_certificate({error, _, _} = Error) -> save_renewed_certificate({error, _, _} = Error) ->
Error; Error;
save_renewed_certificate({ok, _, not_found} = Cert) -> save_renewed_certificate({ok, _, no_expire} = Cert) ->
Cert;
save_renewed_certificate({ok, _, exists} = Cert) ->
Cert; Cert;
save_renewed_certificate({ok, DomainName, Cert}) -> save_renewed_certificate({ok, DomainName, Cert}) ->
save_certificate({ok, DomainName, Cert}). save_certificate({ok, DomainName, Cert}).