Add external sasl with with key/cert (tested on freenode)

Author: Francesco149

config.sample.yaml

@@ -74,6 +74,8 @@ ircService:
       # Should the connection attempt to identify via SASL (if a server or user password is given)
       # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
       sasl: false
+      # Sasl authentication type. EXTERNAL or PLAIN are supported at the moment.
+      saslType: "PLAIN"
       # Whether to allow expired certs when connecting to the IRC server.
       # Usually this should be off. Default: false.
       allowExpiredCerts: false
@@ -82,7 +84,17 @@ ircService:
       #  -----BEGIN CERTIFICATE-----
       #  ...
       #  -----END CERTIFICATE-----
-
+      #
+      # Explicit key/cert to use when connecting. Optional.
+      # When setting up with https://freenode.net/kb/answer/certfp , you can copy these from the .pem file
+      #key: |
+      #  -----BEGIN PRIVATE KEY-----
+      #  ...
+      #  -----END PRIVATE KEY-----
+      #cert: |
+      #  -----BEGIN CERTIFICATE-----
+      #  ...
+      #  -----END CERTIFICATE-----
       #
       # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
       # password: 'pa$$w0rd'

config.schema.yml

@@ -145,6 +145,12 @@ properties:
                             type: "boolean"
                         sasl:
                             type: "boolean"
+                        saslType:
+                            type: "string"
+                        key:
+                            type: "string"
+                        cert:
+                            type: "string"
                         allowExpiredCerts:
                             type: "boolean"
                         password:

package-lock.json

@@ -32,7 +32,7 @@
     "extend": "^2.0.0",
     "he": "^1.1.1",
     "iconv": "^2.3.4",
-    "irc": "matrix-org/node-irc#7feccae6c168c2c08527daace0c6fe5af56c6560",
+    "irc": "matrix-org/node-irc#e005643002aac881d157e48ea62d1a40230a54b5",
     "js-yaml": "^3.2.7",
     "logform": "^2.1.2",
     "matrix-appservice": "^0.4.1",

package.json

@@ -73,6 +73,8 @@ export interface ConnectionOpts {
     nick: string;
     secure?: {
         ca?: string;
+        key?: string;
+        cert?: string;
     };
     encodingFallback: string;
 }
@@ -382,8 +384,11 @@ export class ConnectionInstance {
             retryCount: 0,
             family: server.getIpv6Prefix() || server.getIpv6Only() ? 6 : null,
             bustRfc3484: true,
-            sasl: opts.password ? server.useSasl() : false,
-            secure: server.useSsl() ? { ca: server.getCA() } : undefined,
+            sasl: server.useSasl(),
+            saslType: server.saslType(),
+            secure: server.useSsl() ? {
+                ca: server.getCA(), key: server.getKey(), cert: server.getCert()
+            } : undefined,
             encodingFallback: opts.encodingFallback
         };
 

src/irc/ConnectionInstance.ts

@@ -229,6 +229,14 @@ export class IrcServer {
         return this.config.ca;
     }
 
+    public getKey() {
+        return this.config.key;
+    }
+
+    public getCert() {
+        return this.config.cert;
+    }
+
     public useSsl() {
         return Boolean(this.config.ssl);
     }
@@ -241,6 +249,10 @@ export class IrcServer {
         return Boolean(this.config.sasl);
     }
 
+    public saslType() {
+        return this.config.saslType;
+    }
+
     public allowExpiredCerts() {
         return Boolean(this.config.allowExpiredCerts);
     }
@@ -633,10 +645,13 @@ export interface IrcServerConfig {
     port?: number;
     icon?: string;
     ca?: string;
+    key?: string;
+    cert?: string;
     networkId?: string;
     ssl?: boolean;
     sslselfsign?: boolean;
     sasl?: boolean;
+    saslType?: string;
     password?: string;
     allowExpiredCerts?: boolean;
     additionalAddresses?: string[];