fix(ssl): try to guess cert file paths

The GUI has "etc/certx/..." hard coded as defaults. However this relative path only works when it's a zip package or when running in docker. The other two possible abs paths are: 1. the upload dir 2. "/etc"
2022-04-02 23:12:02 +02:00 · 2022-04-02 23:12:02 +02:00 · 65e2c1390e
parent 8798a5160c
commit 65e2c1390e
4 changed files with 52 additions and 16 deletions
--- a/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src
+++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs.app.src
@ -1,6 +1,6 @@
 {application, emqx_plugin_libs,
 [{description, "EMQ X Plugin utility libs"},
-  {vsn, "4.3.1"},
+  {vsn, "4.3.2"},
  {modules, []},
  {applications, [kernel,stdlib]},
  {env, []}
--- a/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src
+++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs.appup.src
@ -2,13 +2,13 @@

 {VSN,
  [
-    {<<"4.3.0">>, [
+    {<<"4\\.3\\.[0-1]">>, [
      {load_module, emqx_plugin_libs_ssl, brutal_purge, soft_purge, []}
    ]},
    {<<".*">>, []}
  ],
  [
-    {<<"4.3.0">>, [
+    {<<"4\\.3\\.[0-1]">>, [
      {load_module, emqx_plugin_libs_ssl, brutal_purge, soft_purge, []}
    ]},
    {<<".*">>, []}
--- a/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl
+++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl
@ -58,9 +58,9 @@ save_files_return_opts(Options, Dir) ->
    KeyFile = Get(<<"keyfile">>),
    CertFile = Get(<<"certfile">>),
    CAFile = GetD(<<"cacertfile">>, Get(<<"cafile">>)),
-    Key = do_save_file(KeyFile, Dir),
-    Cert = do_save_file(CertFile, Dir),
-    CA = do_save_file(CAFile, Dir),
+    Key = maybe_save_file(KeyFile, Dir),
+    Cert = maybe_save_file(CertFile, Dir),
+    CA = maybe_save_file(CAFile, Dir),
    Verify = case GetD(<<"verify">>, false) of
                  false -> verify_none;
                  _ -> verify_peer
@ -80,25 +80,47 @@ save_files_return_opts(Options, Dir) ->
 -spec save_file(file_input(), atom() | string() | binary()) -> string().
 save_file(Param, SubDir) ->
   Dir = filename:join([emqx:get_env(data_dir), SubDir]),
-   do_save_file( Param, Dir).
+   maybe_save_file(Param, Dir).

 filter([]) -> [];
 filter([{_, ""} | T]) -> filter(T);
 filter([{_, undefined} | T]) -> filter(T);
 filter([H | T]) -> [H | filter(T)].

-do_save_file(#{<<"filename">> := FileName, <<"file">> := Content}, Dir)
+maybe_save_file(#{<<"filename">> := FileName, <<"file">> := Content}, Dir)
  when FileName =/= undefined andalso Content =/= undefined ->
-    do_save_file(ensure_str(FileName), iolist_to_binary(Content), Dir);
-do_save_file(FilePath, _) when is_binary(FilePath) ->
+    maybe_save_file(ensure_str(FileName), iolist_to_binary(Content), Dir);
+maybe_save_file(FilePath, _) when is_binary(FilePath) ->
    ensure_str(FilePath);
-do_save_file(FilePath, _) when is_list(FilePath) ->
+maybe_save_file(FilePath, _) when is_list(FilePath) ->
    FilePath;
-do_save_file(_, _) -> "".
+maybe_save_file(_, _) -> "".

-do_save_file("", _, _Dir) -> ""; %% ignore
-do_save_file(_, <<>>, _Dir) -> ""; %% ignore
-do_save_file(FileName, Content, Dir) ->
+maybe_save_file("", _, _Dir) -> ""; %% no filename, ignore
+maybe_save_file(FileName, <<>>, Dir) ->  %% no content, see if file exists
+    {ok, Cwd} = file:get_cwd(),
+    %% NOTE: when FileName is an absolute path, filename:join has no effect
+    CwdFile = ensure_str(filename:join([Cwd, FileName])),
+    DataDirFile = ensure_str(filename:join([Dir, FileName])),
+    Possibles0 = case CwdFile =:= DataDirFile of
+                    true -> [CwdFile];
+                    false -> [CwdFile, DataDirFile]
+                end,
+    Possibles = Possibles0 ++
+                 case FileName of
+                     "etc/certs/" ++ Path ->
+                         %% this is the dir hard-coded in rule-engine resources as
+                         %% default, unfortunatly we cannot change the deaults
+                         %% due to compatibilty reasons, so we have to make a guess
+                         ["/etc/emqx/certs/" ++ Path];
+                     _ ->
+                         []
+                 end,
+    case find_exist_file(FileName, Possibles) of
+        false -> erlang:throw({bad_cert_file, Possibles});
+        Found -> Found
+    end;
+maybe_save_file(FileName, Content, Dir) ->
     FullFilename = filename:join([Dir, FileName]),
     ok = filelib:ensure_dir(FullFilename),
     case file:write_file(FullFilename, Content) of
@ -112,3 +134,9 @@ do_save_file(FileName, Content, Dir) ->
 ensure_str(L) when is_list(L) -> L;
 ensure_str(B) when is_binary(B) -> unicode:characters_to_list(B, utf8).

+find_exist_file(_Name, []) -> false;
+find_exist_file(Name, [F | Rest]) ->
+    case filelib:is_regular(F) of
+        true -> F;
+        false -> find_exist_file(Name, Rest)
+    end.
--- a/apps/emqx_plugin_libs/test/emqx_plugin_libs_ssl_tests.erl
+++ b/apps/emqx_plugin_libs/test/emqx_plugin_libs_ssl_tests.erl
@ -42,7 +42,8 @@ prop_file_or_content() ->
                        {prop_cert_file_name(), proper_types:binary()}]).

 prop_cert_file_name() ->
-    proper_types:oneof(["certname1", <<"certname2">>, "", <<>>, undefined]).
+    File = code:which(?MODULE), %% existing
+    proper_types:oneof(["", <<>>, undefined, File]).

 prop_tls_versions() ->
    proper_types:oneof(["tlsv1.3",
@ -76,3 +77,10 @@ file_or_content({Name, Content}) ->
    #{<<"file">> => Content, <<"filename">> => Name};
 file_or_content(Name) ->
    Name.
+
+bad_cert_file_test() ->
+    Input = #{<<"keyfile">> =>
+                #{<<"filename">> => "notafile",
+                  <<"file">> => ""}},
+    ?assertThrow({bad_cert_file, _},
+                 emqx_plugin_libs_ssl:save_files_return_opts(Input, "test-data")).