prosodyctl: Use util.openssl in certificate helpers. Improve feedback

diff --git a/prosodyctl b/prosodyctl
index afd06b8868fc94410771918131a23a9ea4371849..1c4d84cd6e3856d659d6c239f77b8b277a429ec5 100755 (executable)
--- a/prosodyctl
+++ b/prosodyctl
@@ -613,14 +613,10 @@ function commands.unregister(arg)
        return 1;
 end
 
-local x509 = require "util.x509";
-local genx509san = x509.genx509san;
-local opensslbaseconf = x509.baseconf;
-local seralizeopensslbaseconf = x509.serialize_conf;
+local openssl = require "util.openssl";
 
 local cert_commands = {};
 
--- TODO Should this be moved to util.prosodyctl or x509?
 function cert_commands.config(arg)
        if #arg >= 1 and arg[1] ~= "--help" then
                local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf";
@@ -628,8 +624,8 @@ function cert_commands.config(arg)
                        and not show_yesno("Overwrite "..conf_filename .. "?") then
                        return nil, conf_filename;
                end
-               local conf = opensslbaseconf();
-               conf.subject_alternative_name = genx509san(hosts, config, arg, true)
+               local conf = openssl.config.new();
+               conf:from_prosody(hosts, config, arg);
                for k, v in pairs(conf.distinguished_name) do
                        local nv;
                        if k == "commonName" then 
@@ -642,7 +638,7 @@ function cert_commands.config(arg)
                        conf.distinguished_name[k] = nv ~= "." and nv or nil;
                end
                local conf_file = io.open(conf_filename, "w");
-               conf_file:write(seralizeopensslbaseconf(conf));
+               conf_file:write(conf:serialize());
                conf_file:close();
                print("");
                show_message("Config written to " .. conf_filename);
@@ -655,15 +651,19 @@ end
 function cert_commands.key(arg)
        if #arg >= 1 and arg[1] ~= "--help" then
                local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key";
-               if os.execute("test -f "..key_filename) == 0
-                       and not show_yesno("Overwrite "..key_filename .. "?") then
-                       return nil, key_filename;
+               if os.execute("test -f "..key_filename) == 0 then
+                       if not show_yesno("Overwrite "..key_filename .. "?") then
+                               return nil, key_filename;
+                       end
+                       os.remove(key_filename); -- We chmod this file to not have write permissions
                end
                local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
-               os.execute(("openssl genrsa -out %s %d"):format(key_filename, tonumber(key_size)));
-               os.execute(("chmod 400 %s"):format(key_filename));
-               show_message("Key written to ".. key_filename);
-               return nil, key_filename;
+               if openssl.genrsa{out=key_filename, key_size} then
+                       os.execute(("chmod 400 '%s'"):format(key_filename));
+                       show_message("Key written to ".. key_filename);
+                       return nil, key_filename;
+               end
+               show_message("There was a problem, see OpenSSL output");
        else
                show_usage("cert key HOSTNAME <bits>", "Generates a RSA key")
        end
@@ -678,9 +678,11 @@ function cert_commands.request(arg)
                end
                local _, key_filename = cert_commands.key({arg[1]});
                local _, conf_filename = cert_commands.config({arg[1]});
-               os.execute(("openssl req -new -key %s -utf8 -config %s -out %s")
-                       :format(key_filename, conf_filename, req_filename));
-               show_message("Certificate request written to ".. req_filename);
+               if openssl.req{new=true, key=key_filename, utf8=true, config=conf_filename, out=req_filename} then
+                       show_message("Certificate request written to ".. req_filename);
+               else
+                       show_message("There was a problem, see OpenSSL output");
+               end
        else
                show_usage("cert request HOSTNAME", "Generates a certificate request")
        end
@@ -695,9 +697,14 @@ function cert_commands.generate(arg)
                end
                local _, key_filename = cert_commands.key({arg[1]});
                local _, conf_filename = cert_commands.config({arg[1]});
-               os.execute(("openssl req -new -x509 -nodes -key %s -days 365 -sha1 -utf8 -config %s -out %s")
-                       :format(key_filename, conf_filename, cert_filename));
-               show_message("Certificate written to ".. cert_filename);
+               local ret;
+               if key_filename and conf_filename and cert_filename
+                       and openssl.req{new=true, x509=true, nodes=true, key=key_filename,
+                               days=365, sha1=true, utf8=true, config=conf_filename, out=cert_filename} then
+                       show_message("Certificate written to ".. cert_filename);
+               else
+                       show_message("There was a problem, see OpenSSL output");
+               end
        else
                show_usage("cert generate HOSTNAME", "Generates a self-signed certificate")
        end