From 81d425cb27644027885dd73046b3744ca53bb0b0 Mon Sep 17 00:00:00 2001 From: zhouzb Date: Thu, 4 Nov 2021 11:28:05 +0800 Subject: [PATCH 1/3] fix(ssl): fix the issue that the content of TLS certificate is not converted to path --- apps/emqx/src/emqx_authentication_config.erl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/apps/emqx/src/emqx_authentication_config.erl b/apps/emqx/src/emqx_authentication_config.erl index a2d8cada2..d817e22d6 100644 --- a/apps/emqx/src/emqx_authentication_config.erl +++ b/apps/emqx/src/emqx_authentication_config.erl @@ -107,29 +107,25 @@ do_pre_config_update({move_authenticator, _ChainName, AuthenticatorID, Position} post_config_update(_, UpdateReq, NewConfig, OldConfig, AppEnvs) -> do_post_config_update(UpdateReq, check_configs(to_list(NewConfig)), OldConfig, AppEnvs). -do_post_config_update({create_authenticator, ChainName, Config}, _NewConfig, _OldConfig, _AppEnvs) -> - NConfig = check_config(Config), +do_post_config_update({create_authenticator, ChainName, Config}, NewConfig, _OldConfig, _AppEnvs) -> + NConfig = get_authenticator_config(authenticator_id(Config), NewConfig), _ = emqx_authentication:create_chain(ChainName), emqx_authentication:create_authenticator(ChainName, NConfig); do_post_config_update({delete_authenticator, ChainName, AuthenticatorID}, _NewConfig, OldConfig, _AppEnvs) -> case emqx_authentication:delete_authenticator(ChainName, AuthenticatorID) of ok -> - [Config] = [Config0 || Config0 <- to_list(OldConfig), AuthenticatorID == authenticator_id(Config0)], + Config = get_authenticator_config(AuthenticatorID, to_list(OldConfig)), CertsDir = certs_dir(ChainName, AuthenticatorID), ok = clear_certs(CertsDir, Config); {error, Reason} -> {error, Reason} end; -do_post_config_update({update_authenticator, ChainName, AuthenticatorID, Config}, _NewConfig, _OldConfig, _AppEnvs) -> - NConfig = check_config(Config), +do_post_config_update({update_authenticator, ChainName, AuthenticatorID, Config}, NewConfig, _OldConfig, _AppEnvs) -> + NConfig = get_authenticator_config(authenticator_id(Config), NewConfig), emqx_authentication:update_authenticator(ChainName, AuthenticatorID, NConfig); do_post_config_update({move_authenticator, ChainName, AuthenticatorID, Position}, _NewConfig, _OldConfig, _AppEnvs) -> emqx_authentication:move_authenticator(ChainName, AuthenticatorID, Position). -check_config(Config) -> - [Checked] = check_configs([Config]), - Checked. - check_configs(Configs) -> Providers = emqx_authentication:get_providers(), lists:map(fun(C) -> do_check_conifg(C, Providers) end, Configs). @@ -208,6 +204,10 @@ clear_certs(CertsDir, Config) -> OldSSL = maps:get(<<"ssl">>, Config, undefined), ok = emqx_tls_lib:delete_ssl_files(CertsDir, undefined, OldSSL). +get_authenticator_config(AuthenticatorID, AuthenticatorsConfig) -> + [C] = [C0 || C0 <- AuthenticatorsConfig, AuthenticatorID == authenticator_id(C0)], + C. + split_by_id(ID, AuthenticatorsConfig) -> case lists:foldl( fun(C, {P1, P2, F0}) -> From 2b282b9666a758bf9dd4d5e79c8a4b51e22bc679 Mon Sep 17 00:00:00 2001 From: zhouzb Date: Thu, 4 Nov 2021 11:43:22 +0800 Subject: [PATCH 2/3] fix(ssl): Return the content of certificates in HTTP response --- apps/emqx_authn/src/emqx_authn_api.erl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/emqx_authn/src/emqx_authn_api.erl b/apps/emqx_authn/src/emqx_authn_api.erl index 36c1e9b6c..c4323e5f6 100644 --- a/apps/emqx_authn/src/emqx_authn_api.erl +++ b/apps/emqx_authn/src/emqx_authn_api.erl @@ -845,7 +845,7 @@ fill_defaults(Configs) when is_list(Configs) -> fill_defaults(Config) -> emqx_authn:check_config(Config, #{only_fill_defaults => true}). -convert_certs(#{<<"ssl">> := SSLOpts} = Config) -> +convert_certs(#{ssl := SSLOpts} = Config) -> NSSLOpts = lists:foldl(fun(K, Acc) -> case maps:get(K, Acc, undefined) of undefined -> Acc; @@ -853,8 +853,8 @@ convert_certs(#{<<"ssl">> := SSLOpts} = Config) -> {ok, Bin} = file:read_file(Filename), Acc#{K => Bin} end - end, SSLOpts, [<<"certfile">>, <<"keyfile">>, <<"cacertfile">>]), - Config#{<<"ssl">> => NSSLOpts}; + end, SSLOpts, [certfile, keyfile, cacertfile]), + Config#{ssl => NSSLOpts}; convert_certs(Config) -> Config. From 5aa8ba45d3886e4b70aece9a27de98504e68e319 Mon Sep 17 00:00:00 2001 From: zhouzb Date: Mon, 22 Nov 2021 13:53:18 +0800 Subject: [PATCH 3/3] fix(authn): add the case when the instance does not exist --- apps/emqx/src/emqx_authentication_config.erl | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/apps/emqx/src/emqx_authentication_config.erl b/apps/emqx/src/emqx_authentication_config.erl index d817e22d6..a7fa5673a 100644 --- a/apps/emqx/src/emqx_authentication_config.erl +++ b/apps/emqx/src/emqx_authentication_config.erl @@ -121,8 +121,12 @@ do_post_config_update({delete_authenticator, ChainName, AuthenticatorID}, _NewCo {error, Reason} end; do_post_config_update({update_authenticator, ChainName, AuthenticatorID, Config}, NewConfig, _OldConfig, _AppEnvs) -> - NConfig = get_authenticator_config(authenticator_id(Config), NewConfig), - emqx_authentication:update_authenticator(ChainName, AuthenticatorID, NConfig); + case get_authenticator_config(authenticator_id(Config), NewConfig) of + {error, not_found} -> + {error, {not_found, {authenticator, AuthenticatorID}}}; + NConfig -> + emqx_authentication:update_authenticator(ChainName, AuthenticatorID, NConfig) + end; do_post_config_update({move_authenticator, ChainName, AuthenticatorID, Position}, _NewConfig, _OldConfig, _AppEnvs) -> emqx_authentication:move_authenticator(ChainName, AuthenticatorID, Position). @@ -205,8 +209,10 @@ clear_certs(CertsDir, Config) -> ok = emqx_tls_lib:delete_ssl_files(CertsDir, undefined, OldSSL). get_authenticator_config(AuthenticatorID, AuthenticatorsConfig) -> - [C] = [C0 || C0 <- AuthenticatorsConfig, AuthenticatorID == authenticator_id(C0)], - C. + case [C0 || C0 <- AuthenticatorsConfig, AuthenticatorID == authenticator_id(C0)] of + [C | _] -> C; + [] -> {error, not_found} + end. split_by_id(ID, AuthenticatorsConfig) -> case lists:foldl(