yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(schema): simplify ssl ciphers filed schema

This commit is contained in:
Zaiming Shi 2021-09-22 22:01:45 +02:00
parent 4f638b8242
commit 4392357877
2 changed files with 7 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apps/emqx/src/emqx_schema.erl
View File

@ -23,7 +23,6 @@
-dialyzer(no_fail_call). -dialyzer(no_fail_call).
-include_lib("typerefl/include/types.hrl"). -include_lib("typerefl/include/types.hrl").
-include_lib("snabbkaffe/include/snabbkaffe.hrl").
-type duration() :: integer(). -type duration() :: integer().
-type duration_s() :: integer(). -type duration_s() :: integer().
@ -1084,7 +1083,7 @@ default_tls_vsns(tcp) ->
-spec ciphers_schema(quic | dtls | tcp_all | undefined) -> hocon_schema:field_schema(). -spec ciphers_schema(quic | dtls | tcp_all | undefined) -> hocon_schema:field_schema().
ciphers_schema(Default) -> ciphers_schema(Default) ->
sc(hoconsc:union([string(), hoconsc:array(string())]), sc(hoconsc:array(string()),
#{ default => default_ciphers(Default) #{ default => default_ciphers(Default)
, converter => fun(Ciphers) when is_binary(Ciphers) -> , converter => fun(Ciphers) when is_binary(Ciphers) ->
binary:split(Ciphers, <<",">>, [global]); binary:split(Ciphers, <<",">>, [global]);
@ -1283,13 +1282,7 @@ parse_user_lookup_fun(StrConf) ->
validate_ciphers(Ciphers) -> validate_ciphers(Ciphers) ->
All = ssl:cipher_suites(all, 'tlsv1.3', openssl) ++ All = ssl:cipher_suites(all, 'tlsv1.3', openssl) ++
ssl:cipher_suites(all, 'tlsv1.2', openssl), %% includes older version ciphers ssl:cipher_suites(all, 'tlsv1.2', openssl), %% includes older version ciphers
lists:foreach( case lists:filter(fun(Cipher) -> not lists:member(Cipher, All) end, Ciphers) of
fun(Cipher) -> [] -> ok;
case lists:member(Cipher, All) of Bad -> {error, {bad_ciphers, Bad}}
true -> end.
ok;
false ->
?tp(error, bad_tls_cipher_suite, #{ciphers => Cipher}),
error({bad_tls_cipher_suite, Cipher})
end
end, Ciphers).

15
apps/emqx/test/emqx_schema_tests.erl
View File

@ -17,7 +17,6 @@
-module(emqx_schema_tests). -module(emqx_schema_tests).
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
-include_lib("snabbkaffe/include/snabbkaffe.hrl").
ssl_opts_dtls_test() -> ssl_opts_dtls_test() ->
Sc = emqx_schema:server_ssl_opts_schema(#{versions => dtls, Sc = emqx_schema:server_ssl_opts_schema(#{versions => dtls,
@ -71,14 +70,11 @@ ssl_opts_tls_psk_test() ->
end, PskCiphers). end, PskCiphers).
bad_cipher_test() -> bad_cipher_test() ->
ok = snabbkaffe:start_trace(),
Sc = emqx_schema:server_ssl_opts_schema(#{}, false), Sc = emqx_schema:server_ssl_opts_schema(#{}, false),
?assertThrow({_Sc, [{validation_error, _Error}]}, Reason = {bad_ciphers, ["foo"]},
?assertThrow({_Sc, [{validation_error, #{reason := Reason}}]},
[validate(Sc, #{<<"versions">> => [<<"tlsv1.2">>], [validate(Sc, #{<<"versions">> => [<<"tlsv1.2">>],
<<"ciphers">> => [<<"foo">>]})]), <<"ciphers">> => [<<"foo">>]})]),
Trace = snabbkaffe:collect_trace(),
?assertEqual(1, length(?of_kind(bad_tls_cipher_suite, Trace))),
snabbkaffe:stop(),
ok. ok.
validate(Schema, Data0) -> validate(Schema, Data0) ->
@ -96,13 +92,6 @@ validate(Schema, Data0) ->
ciperhs_schema_test() -> ciperhs_schema_test() ->
Sc = emqx_schema:ciphers_schema(undefined), Sc = emqx_schema:ciphers_schema(undefined),
?assertMatch(
#{type := {union, [_, {array, _}]},
default := [_ | _],
converter := Converter,
validator := Validator
} when is_function(Converter) andalso is_function(Validator),
Sc),
WSc = #{roots => [{ciphers, Sc}]}, WSc = #{roots => [{ciphers, Sc}]},
?assertThrow({_, [{validation_error, _}]}, ?assertThrow({_, [{validation_error, _}]},
hocon_schema:check_plain(WSc, #{<<"ciphers">> => <<"foo,bar">>})). hocon_schema:check_plain(WSc, #{<<"ciphers">> => <<"foo,bar">>})).