From 5b5878f4a9b4ef99ee8146764b810c7c0673031e Mon Sep 17 00:00:00 2001 From: Shawn <506895667@qq.com> Date: Thu, 5 May 2022 12:14:46 +0800 Subject: [PATCH 1/2] fix: don't drop input ssl options even if invalid --- apps/emqx_connector/src/emqx_connector_ssl.erl | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/apps/emqx_connector/src/emqx_connector_ssl.erl b/apps/emqx_connector/src/emqx_connector_ssl.erl index 1388181dd..e20596b6c 100644 --- a/apps/emqx_connector/src/emqx_connector_ssl.erl +++ b/apps/emqx_connector/src/emqx_connector_ssl.erl @@ -22,7 +22,7 @@ ]). convert_certs(RltvDir, NewConfig) -> - NewSSL = drop_invalid_certs(map_get_oneof([<<"ssl">>, ssl], NewConfig, undefined)), + NewSSL = map_get_oneof([<<"ssl">>, ssl], NewConfig, undefined), case emqx_tls_lib:ensure_ssl_files(RltvDir, NewSSL) of {ok, NewSSL1} -> {ok, new_ssl_config(NewConfig, NewSSL1)}; @@ -31,16 +31,13 @@ convert_certs(RltvDir, NewConfig) -> end. clear_certs(RltvDir, Config) -> - OldSSL = drop_invalid_certs(map_get_oneof([<<"ssl">>, ssl], Config, undefined)), + OldSSL = map_get_oneof([<<"ssl">>, ssl], Config, undefined), ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL). new_ssl_config(Config, undefined) -> Config; new_ssl_config(Config, #{<<"enable">> := _} = SSL) -> Config#{<<"ssl">> => SSL}; new_ssl_config(Config, #{enable := _} = SSL) -> Config#{ssl => SSL}. -drop_invalid_certs(undefined) -> undefined; -drop_invalid_certs(SSL) -> emqx_tls_lib:drop_invalid_certs(SSL). - map_get_oneof([], _Map, Default) -> Default; map_get_oneof([Key | Keys], Map, Default) -> From 1ce8a8c8862bcfe669df6a55e83ea7fcd3f5f7f6 Mon Sep 17 00:00:00 2001 From: Shawn <506895667@qq.com> Date: Thu, 5 May 2022 12:14:01 +0800 Subject: [PATCH 2/2] fix: testing connector removes ssl cert files that are in use --- apps/emqx_bridge/src/emqx_bridge.erl | 32 ++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/apps/emqx_bridge/src/emqx_bridge.erl b/apps/emqx_bridge/src/emqx_bridge.erl index a4c52e85d..d26f8834e 100644 --- a/apps/emqx_bridge/src/emqx_bridge.erl +++ b/apps/emqx_bridge/src/emqx_bridge.erl @@ -347,13 +347,15 @@ create_dry_run(Type, Conf) -> case emqx_resource:check_config(emqx_bridge:resource_type(Type), Conf0) of {ok, Conf1} -> TmpPath = iolist_to_binary(["bridges-create-dry-run:", emqx_misc:gen_id(8)]), - try emqx_connector_ssl:convert_certs(TmpPath, Conf1) of + case emqx_connector_ssl:convert_certs(TmpPath, Conf1) of {error, Reason} -> {error, Reason}; {ok, ConfNew} -> - emqx_resource:create_dry_run_local(emqx_bridge:resource_type(Type), ConfNew) - after - emqx_connector_ssl:clear_certs(TmpPath, Conf1) + Res = emqx_resource:create_dry_run_local( + emqx_bridge:resource_type(Type), ConfNew + ), + _ = maybe_clear_certs(TmpPath, ConfNew), + Res end; {error, _} = Error -> Error @@ -568,6 +570,28 @@ fill_dry_run_conf(Conf) -> #{<<"remote_topic">> => <<"t">>} }. +maybe_clear_certs(TmpPath, #{ssl := SslConf} = Conf) -> + %% don't remove the cert files if they are in use + case is_tmp_path_conf(TmpPath, SslConf) of + true -> emqx_connector_ssl:clear_certs(TmpPath, Conf); + false -> ok + end. + +is_tmp_path_conf(TmpPath, #{certfile := Certfile}) -> + is_tmp_path(TmpPath, Certfile); +is_tmp_path_conf(TmpPath, #{keyfile := Keyfile}) -> + is_tmp_path(TmpPath, Keyfile); +is_tmp_path_conf(TmpPath, #{cacertfile := CaCertfile}) -> + is_tmp_path(TmpPath, CaCertfile); +is_tmp_path_conf(_TmpPath, _Conf) -> + false. + +is_tmp_path(TmpPath, File) -> + string:str(str(File), str(TmpPath)) > 0. + +str(Bin) when is_binary(Bin) -> binary_to_list(Bin); +str(Str) when is_list(Str) -> Str. + bin(Bin) when is_binary(Bin) -> Bin; bin(Str) when is_list(Str) -> list_to_binary(Str); bin(Atom) when is_atom(Atom) -> atom_to_binary(Atom, utf8).