also expose pem cert uid in certificate.call function
This commit is contained in:
Elvin Efendi
parent
4bb9106be2
commit
ad78425852
2 changed files with 23 additions and 16 deletions
|
|
@ -1,11 +1,13 @@
|
||||||
local ssl = require("ngx.ssl")
|
local ssl = require("ngx.ssl")
|
||||||
local configuration = require("configuration")
|
|
||||||
local re_sub = ngx.re.sub
|
local re_sub = ngx.re.sub
|
||||||
|
|
||||||
local _M = {}
|
local _M = {}
|
||||||
|
|
||||||
local DEFAULT_CERT_HOSTNAME = "_"
|
local DEFAULT_CERT_HOSTNAME = "_"
|
||||||
|
|
||||||
|
local certificate_data = ngx.shared.certificate_data
|
||||||
|
local certificate_servers = ngx.shared.certificate_servers
|
||||||
|
|
||||||
local function get_der_cert_and_priv_key(pem_cert_key)
|
local function get_der_cert_and_priv_key(pem_cert_key)
|
||||||
local der_cert, der_cert_err = ssl.cert_pem_to_der(pem_cert_key)
|
local der_cert, der_cert_err = ssl.cert_pem_to_der(pem_cert_key)
|
||||||
if not der_cert then
|
if not der_cert then
|
||||||
|
|
@ -32,24 +34,25 @@ local function set_der_cert_and_key(der_cert, der_priv_key)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
local function get_pem_cert_key(raw_hostname)
|
local function get_pem_cert_uid(raw_hostname)
|
||||||
local hostname = re_sub(raw_hostname, "\\.$", "", "jo")
|
local hostname = re_sub(raw_hostname, "\\.$", "", "jo")
|
||||||
|
|
||||||
local pem_cert_key = configuration.get_pem_cert_key(hostname)
|
local uid = certificate_servers:get(hostname)
|
||||||
if pem_cert_key then
|
if uid then
|
||||||
return pem_cert_key
|
return uid
|
||||||
end
|
end
|
||||||
|
|
||||||
local wildcard_hosatname, _, err = re_sub(hostname, "^[^\\.]+\\.", "*.", "jo")
|
local wildcard_hosatname, _, err = re_sub(hostname, "^[^\\.]+\\.", "*.", "jo")
|
||||||
if err then
|
if err then
|
||||||
ngx.log(ngx.ERR, "error: ", err)
|
ngx.log(ngx.ERR, "error: ", err)
|
||||||
return pem_cert_key
|
return uid
|
||||||
end
|
end
|
||||||
|
|
||||||
if wildcard_hosatname then
|
if wildcard_hosatname then
|
||||||
pem_cert_key = configuration.get_pem_cert_key(wildcard_hosatname)
|
uid = ngx.shared.certificate_servers:get(wildcard_hosatname)
|
||||||
end
|
end
|
||||||
return pem_cert_key
|
|
||||||
|
return uid
|
||||||
end
|
end
|
||||||
|
|
||||||
function _M.configured_for_current_request()
|
function _M.configured_for_current_request()
|
||||||
|
|
@ -57,7 +60,7 @@ function _M.configured_for_current_request()
|
||||||
return ngx.ctx.configured_for_current_request
|
return ngx.ctx.configured_for_current_request
|
||||||
end
|
end
|
||||||
|
|
||||||
ngx.ctx.configured_for_current_request = get_pem_cert_key(ngx.var.host) ~= nil
|
ngx.ctx.configured_for_current_request = get_pem_cert_uid(ngx.var.host) ~= nil
|
||||||
|
|
||||||
return ngx.ctx.configured_for_current_request
|
return ngx.ctx.configured_for_current_request
|
||||||
end
|
end
|
||||||
|
|
@ -73,11 +76,15 @@ function _M.call()
|
||||||
hostname = DEFAULT_CERT_HOSTNAME
|
hostname = DEFAULT_CERT_HOSTNAME
|
||||||
end
|
end
|
||||||
|
|
||||||
local pem_cert_key = get_pem_cert_key(hostname)
|
local pem_cert
|
||||||
if not pem_cert_key then
|
local pem_cert_uid = get_pem_cert_uid(hostname)
|
||||||
pem_cert_key = get_pem_cert_key(DEFAULT_CERT_HOSTNAME)
|
if not pem_cert_uid then
|
||||||
|
pem_cert_uid = get_pem_cert_uid(DEFAULT_CERT_HOSTNAME)
|
||||||
end
|
end
|
||||||
if not pem_cert_key then
|
if pem_cert_uid then
|
||||||
|
pem_cert = certificate_data:get(pem_cert_uid)
|
||||||
|
end
|
||||||
|
if not pem_cert then
|
||||||
ngx.log(ngx.ERR, "certificate not found, falling back to fake certificate for hostname: " .. tostring(hostname))
|
ngx.log(ngx.ERR, "certificate not found, falling back to fake certificate for hostname: " .. tostring(hostname))
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
@ -88,7 +95,7 @@ function _M.call()
|
||||||
return ngx.exit(ngx.ERROR)
|
return ngx.exit(ngx.ERROR)
|
||||||
end
|
end
|
||||||
|
|
||||||
local der_cert, der_priv_key, der_err = get_der_cert_and_priv_key(pem_cert_key)
|
local der_cert, der_priv_key, der_err = get_der_cert_and_priv_key(pem_cert)
|
||||||
if der_err then
|
if der_err then
|
||||||
ngx.log(ngx.ERR, der_err)
|
ngx.log(ngx.ERR, der_err)
|
||||||
return ngx.exit(ngx.ERROR)
|
return ngx.exit(ngx.ERROR)
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@ local function fetch_request_body()
|
||||||
return body
|
return body
|
||||||
end
|
end
|
||||||
|
|
||||||
function _M.get_pem_cert_key(hostname)
|
local function get_pem_cert(hostname)
|
||||||
local uid = certificate_servers:get(hostname)
|
local uid = certificate_servers:get(hostname)
|
||||||
if not uid then
|
if not uid then
|
||||||
return nil
|
return nil
|
||||||
|
|
@ -143,7 +143,7 @@ local function handle_certs()
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
local key = _M.get_pem_cert_key(query["hostname"])
|
local key = get_pem_cert(query["hostname"])
|
||||||
if key then
|
if key then
|
||||||
ngx.status = ngx.HTTP_OK
|
ngx.status = ngx.HTTP_OK
|
||||||
ngx.print(key)
|
ngx.print(key)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue