From 835eb84b5d4fe83b4071a42284f6e5cdcb60b82b Mon Sep 17 00:00:00 2001 From: JianBo He Date: Wed, 4 Aug 2021 14:44:39 +0800 Subject: [PATCH] chore(gw): remove needless files --- apps/emqx_gateway/etc/emqx_coap.conf | 82 ------- apps/emqx_gateway/etc/emqx_lwm2m.conf | 149 ------------ apps/emqx_gateway/etc/priv/emqx_coap.schema | 90 ------- apps/emqx_gateway/etc/priv/emqx_exhook.schema | 38 --- apps/emqx_gateway/etc/priv/emqx_lwm2m.schema | 220 ------------------ 5 files changed, 579 deletions(-) delete mode 100644 apps/emqx_gateway/etc/emqx_coap.conf delete mode 100644 apps/emqx_gateway/etc/emqx_lwm2m.conf delete mode 100644 apps/emqx_gateway/etc/priv/emqx_coap.schema delete mode 100644 apps/emqx_gateway/etc/priv/emqx_exhook.schema delete mode 100644 apps/emqx_gateway/etc/priv/emqx_lwm2m.schema diff --git a/apps/emqx_gateway/etc/emqx_coap.conf b/apps/emqx_gateway/etc/emqx_coap.conf deleted file mode 100644 index d6dfa1a6f..000000000 --- a/apps/emqx_gateway/etc/emqx_coap.conf +++ /dev/null @@ -1,82 +0,0 @@ -##-------------------------------------------------------------------- -## CoAP Gateway -##-------------------------------------------------------------------- - -## The IP and UDP port that CoAP bind with. -## -## Default: "0.0.0.0:5683" -## -## Examples: -## coap.bind.udp.x = "0.0.0.0:5683" | ":::5683" | "127.0.0.1:5683" | "::1:5683" -## -coap.bind.udp.1 = "0.0.0.0:5683" -##coap.bind.udp.2 = "0.0.0.0:6683" - -## Whether to enable statistics for CoAP clients. -## -## Value: on | off -coap.enable_stats = off - - -##------------------------------------------------------------------------------ -## DTLS options - -## The DTLS port that CoAP is listening on. -## -## Default: "0.0.0.0:5684" -## -## Examples: -## coap.bind.dtls.x = "0.0.0.0:5684" | ":::5684" | "127.0.0.1:5684" | "::1:5684" -## -coap.bind.dtls.1 = "0.0.0.0:5684" -##coap.bind.dtls.2 = "0.0.0.0:6684" - -## A server only does x509-path validation in mode verify_peer, -## as it then sends a certificate request to the client (this -## message is not sent if the verify option is verify_none). -## You can then also want to specify option fail_if_no_peer_cert. -## More information at: http://erlang.org/doc/man/ssl.html -## -## Value: verify_peer | verify_none -## coap.dtls.verify = verify_peer - -## Private key file for DTLS -## -## Value: File -coap.dtls.keyfile = "{{ platform_etc_dir }}/certs/key.pem" - -## Server certificate for DTLS. -## -## Value: File -coap.dtls.certfile = "{{ platform_etc_dir }}/certs/cert.pem" - -## PEM-encoded CA certificates for DTLS -## -## Value: File -## coap.dtls.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" - -## Used together with {verify, verify_peer} by an SSL server. If set to true, -## the server fails if the client does not have a certificate to send, that is, -## sends an empty certificate. -## -## Value: true | false -## coap.dtls.fail_if_no_peer_cert = false - -## This is the single most important configuration option of an Erlang SSL -## application. Ciphers (and their ordering) define the way the client and -## server encrypt information over the wire, from the initial Diffie-Helman -## key exchange, the session key encryption ## algorithm and the message -## digest algorithm. Selecting a good cipher suite is critical for the -## application’s data security, confidentiality and performance. -## -## The cipher list above offers: -## -## A good balance between compatibility with older browsers. -## It can get stricter for Machine-To-Machine scenarios. -## Perfect Forward Secrecy. -## No old/insecure encryption and HMAC algorithms -## -## Most of it was copied from Mozilla’s Server Side TLS article -## -## Value: Ciphers -coap.dtls.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" diff --git a/apps/emqx_gateway/etc/emqx_lwm2m.conf b/apps/emqx_gateway/etc/emqx_lwm2m.conf deleted file mode 100644 index b244fa385..000000000 --- a/apps/emqx_gateway/etc/emqx_lwm2m.conf +++ /dev/null @@ -1,149 +0,0 @@ -##-------------------------------------------------------------------- -## LwM2M Gateway -##-------------------------------------------------------------------- - -##-------------------------------------------------------------------- -## Protocols - -# To Limit the range of lifetime, in seconds -lwm2m.lifetime_min = 1s -lwm2m.lifetime_max = 86400s - -# The time window for Q Mode, indicating that after how long time -# the downlink commands sent to the client will be cached. -#lwm2m.qmode_time_window = 22 - -# Auto send observer command to device. It can be configured as an OjbectList -# so that emqx will automatically observe the objects in this list. -# -# For examples: "/3/0,/3/0/1,/32976" -# -# Value: off | on | String -#lwm2m.auto_observe = off - -# The topic subscribed by the lwm2m client after it is connected -# Placeholders supported: -# '%e': Endpoint Name -# '%a': IP Address -lwm2m.mountpoint = "lwm2m/%e/" - -# The topic subscribed by the lwm2m client after it is connected -# Placeholders supported: -# '%e': Endpoint Name -# '%a': IP Address -lwm2m.topics.command = "dn/#" - -# The topic to which the lwm2m client's response is published -lwm2m.topics.response = "up/resp" - -# The topic to which the lwm2m client's notify message is published -lwm2m.topics.notify = "up/notify" - -# The topic to which the lwm2m client's register message is published -lwm2m.topics.register = "up/resp" - -# The topic to which the lwm2m client's update message is published -lwm2m.topics.update = "up/resp" - -# When publish the update message. -# -# Can be one of: -# - contains_object_list: only if the update message contains object list -# - always: always publish the update message -# -# Defaults to contains_object_list -#lwm2m.update_msg_publish_condition = contains_object_list - -# Dir where the object definition files can be found -lwm2m.xml_dir = "{{ platform_etc_dir }}/lwm2m_xml" - -##-------------------------------------------------------------------- -## UDP Listener options - -## The IP and port of the LwM2M Gateway -## -## Default: "0.0.0.0:5683" -## Examples: -## lwm2m.bind.udp.x = "0.0.0.0:5683" | ":::5683" | "127.0.0.1:5683" | "::1:5683" -lwm2m.bind.udp.1 = "0.0.0.0:5683" -#lwm2m.bind.udp.2 = "0.0.0.0:6683" - -## Socket options, used for performance tuning -## -## Examples: -## lwm2m.opts.$name = $value -## See: https://erlang.org/doc/man/gen_udp.html#type-option -lwm2m.opts.buffer = 1024KB -lwm2m.opts.recbuf = 1024KB -lwm2m.opts.sndbuf = 1024KB -lwm2m.opts.read_packets = 20 - -##-------------------------------------------------------------------- -## DTLS Listener Options - -## The DTLS port that LwM2M is listening on. -## -## Default: "0.0.0.0:5684" -## -## Examples: -## lwm2m.bind.dtls.x = "0.0.0.0:5684" | ":::5684" | "127.0.0.1:5684" | "::1:5684" -## -lwm2m.bind.dtls.1 = "0.0.0.0:5684" -#lwm2m.bind.dtls.2 = "0.0.0.0:6684" - -## A server only does x509-path validation in mode verify_peer, -## as it then sends a certificate request to the client (this -## message is not sent if the verify option is verify_none). -## You can then also want to specify option fail_if_no_peer_cert. -## More information at: http://erlang.org/doc/man/ssl.html -## -## Value: verify_peer | verify_none -#lwm2m.dtls.verify = verify_peer - -## Private key file for DTLS -## -## Value: File -lwm2m.dtls.keyfile = "{{ platform_etc_dir }}/certs/key.pem" - -## Server certificate for DTLS. -## -## Value: File -lwm2m.dtls.certfile = "{{ platform_etc_dir }}/certs/cert.pem" - -## PEM-encoded CA certificates for DTLS -## -## Value: File -#lwm2m.dtls.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem" - -## Used together with {verify, verify_peer} by an SSL server. If set to true, -## the server fails if the client does not have a certificate to send, that is, -## sends an empty certificate. -## -## Value: true | false -#lwm2m.dtls.fail_if_no_peer_cert = false - -## This is the single most important configuration option of an Erlang SSL -## application. Ciphers (and their ordering) define the way the client and -## server encrypt information over the wire, from the initial Diffie-Helman -## key exchange, the session key encryption ## algorithm and the message -## digest algorithm. Selecting a good cipher suite is critical for the -## application’s data security, confidentiality and performance. -## -## The cipher list above offers: -## -## A good balance between compatibility with older browsers. -## It can get stricter for Machine-To-Machine scenarios. -## Perfect Forward Secrecy. -## No old/insecure encryption and HMAC algorithms -## -## Most of it was copied from Mozilla’s Server Side TLS article -## -## Value: Ciphers -lwm2m.dtls.ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA" - -## Ciphers for TLS PSK. -## -## Note that 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot -## be configured at the same time. -## See 'https://tools.ietf.org/html/rfc4279#section-2'. -#lwm2m.dtls.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA" diff --git a/apps/emqx_gateway/etc/priv/emqx_coap.schema b/apps/emqx_gateway/etc/priv/emqx_coap.schema deleted file mode 100644 index da367f098..000000000 --- a/apps/emqx_gateway/etc/priv/emqx_coap.schema +++ /dev/null @@ -1,90 +0,0 @@ -%%-*- mode: erlang -*- -%% emqx_coap config mapping -{mapping, "coap.bind.udp.$number", "emqx_coap.bind_udp", [ - {datatype, ip}, - {default, "0.0.0.0:5683"} -]}. - -{mapping, "coap.enable_stats", "emqx_coap.enable_stats", [ - {datatype, flag} -]}. - -{mapping, "coap.bind.dtls.$number", "emqx_coap.bind_dtls", [ - {datatype, ip}, - {default, "0.0.0.0:5684"} -]}. - -{mapping, "coap.dtls.keyfile", "emqx_coap.dtls_opts", [ - {datatype, string} -]}. - -{mapping, "coap.dtls.certfile", "emqx_coap.dtls_opts", [ - {datatype, string} -]}. - -{mapping, "coap.dtls.verify", "emqx_coap.dtls_opts", [ - {default, verify_none}, - {datatype, {enum, [verify_none, verify_peer]}} -]}. - -{mapping, "coap.dtls.cacertfile", "emqx_coap.dtls_opts", [ - {datatype, string} -]}. - -{mapping, "coap.dtls.fail_if_no_peer_cert", "emqx_coap.dtls_opts", [ - {datatype, {enum, [true, false]}} -]}. - -{mapping, "coap.dtls.ciphers", "emqx_coap.dtls_opts", [ - {datatype, string} -]}. - -{translation, "emqx_coap.bind_udp", fun(Conf) -> - Options = cuttlefish_variable:filter_by_prefix("coap.bind.udp", Conf), - lists:map(fun({_, Bind}) -> - {Ip, Port} = cuttlefish_datatypes:from_string(Bind, ip), - Opts = case inet:parse_address(Ip) of - {ok, {_,_,_,_} = Address} -> - [inet, {ip, Address}]; - {ok, {_,_,_,_,_,_,_,_} = Address} -> - [inet6, {ip, Address}] - end, - {Port, Opts} - end, Options) -end}. - -{translation, "emqx_coap.bind_dtls", fun(Conf) -> - Options = cuttlefish_variable:filter_by_prefix("coap.bind.dtls", Conf), - lists:map(fun({_, Bind}) -> - {Ip, Port} = cuttlefish_datatypes:from_string(Bind, ip), - Opts = case inet:parse_address(Ip) of - {ok, {_,_,_,_} = Address} -> - [inet, {ip, Address}]; - {ok, {_,_,_,_,_,_,_,_} = Address} -> - [inet6, {ip, Address}] - end, - {Port, Opts} - end, Options) -end}. - -{translation, "emqx_coap.dtls_opts", fun(Conf) -> - Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, - - %% Ciphers - SplitFun = fun(undefined) -> undefined; (S) -> string:tokens(S, ",") end, - Ciphers = - case cuttlefish:conf_get("coap.dtls.ciphers", Conf, undefined) of - undefined -> - lists:append([ssl:cipher_suites(all, V, openssl) || V <- ['dtlsv1.2', 'dtlsv1']]); - C -> - SplitFun(C) - end, - - Filter([{verify, cuttlefish:conf_get("coap.dtls.verify", Conf, undefined)}, - {keyfile, cuttlefish:conf_get("coap.dtls.keyfile", Conf, undefined)}, - {certfile, cuttlefish:conf_get("coap.dtls.certfile", Conf, undefined)}, - {cacertfile, cuttlefish:conf_get("coap.dtls.cacertfile", Conf, undefined)}, - {fail_if_no_peer_cert, cuttlefish:conf_get("coap.dtls.fail_if_no_peer_cert", Conf, undefined)}, - {ciphers, Ciphers}]) -end}. - diff --git a/apps/emqx_gateway/etc/priv/emqx_exhook.schema b/apps/emqx_gateway/etc/priv/emqx_exhook.schema deleted file mode 100644 index e5481a3dd..000000000 --- a/apps/emqx_gateway/etc/priv/emqx_exhook.schema +++ /dev/null @@ -1,38 +0,0 @@ -%%-*- mode: erlang -*- - -{mapping, "exhook.server.$name.url", "emqx_exhook.servers", [ - {datatype, string} -]}. - -{mapping, "exhook.server.$name.ssl.cacertfile", "emqx_exhook.servers", [ - {datatype, string} -]}. - -{mapping, "exhook.server.$name.ssl.certfile", "emqx_exhook.servers", [ - {datatype, string} -]}. - -{mapping, "exhook.server.$name.ssl.keyfile", "emqx_exhook.servers", [ - {datatype, string} -]}. - -{translation, "emqx_exhook.servers", fun(Conf) -> - Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, - ServerOptions = fun(Prefix) -> - case http_uri:parse(cuttlefish:conf_get(Prefix ++ ".url", Conf)) of - {ok, {http, _, Host, Port, _, _}} -> - [{scheme, http}, {host, Host}, {port, Port}]; - {ok, {https, _, Host, Port, _, _}} -> - [{scheme, https}, {host, Host}, {port, Port}, - {ssl_options, - Filter([{ssl, true}, - {certfile, cuttlefish:conf_get(Prefix ++ ".ssl.certfile", Conf, undefined)}, - {keyfile, cuttlefish:conf_get(Prefix ++ ".ssl.keyfile", Conf, undefined)}, - {cacertfile, cuttlefish:conf_get(Prefix ++ ".ssl.cacertfile", Conf, undefined)} - ])}]; - _ -> error(invalid_server_options) - end - end, - [{list_to_atom(Name), ServerOptions("exhook.server." ++ Name)} - || {["exhook", "server", Name, "url"], _} <- cuttlefish_variable:filter_by_prefix("exhook.server", Conf)] -end}. diff --git a/apps/emqx_gateway/etc/priv/emqx_lwm2m.schema b/apps/emqx_gateway/etc/priv/emqx_lwm2m.schema deleted file mode 100644 index bf5f144e0..000000000 --- a/apps/emqx_gateway/etc/priv/emqx_lwm2m.schema +++ /dev/null @@ -1,220 +0,0 @@ -%% -*-: erlang -*- - -{mapping, "lwm2m.bind.udp.$number", "emqx_lwm2m.bind_udp", [ - {datatype, ip}, - {default, "0.0.0.0:5683"} -]}. - -{mapping, "lwm2m.bind.dtls.$number", "emqx_lwm2m.bind_dtls", [ - {datatype, ip}, - {default, "0.0.0.0:5684"} -]}. - -{mapping, "lwm2m.lifetime_min", "emqx_lwm2m.lifetime_min", [ - {datatype, {duration, s}}, - {default, 0} -]}. - -{mapping, "lwm2m.lifetime_max", "emqx_lwm2m.lifetime_max", [ - {datatype, {duration, s}}, - {default, 315360000} %% 10 years -]}. - -{mapping, "lwm2m.qmode_time_window", "emqx_lwm2m.qmode_time_window", [ - {datatype, integer}, - {default, 0} -]}. - -{mapping, "lwm2m.auto_observe", "emqx_lwm2m.auto_observe", [ - {datatype, string}, - {default, "off"} %% BACKW: v4.3.0 -]}. - -{mapping, "lwm2m.lb", "emqx_lwm2m.options", [ - {datatype, atom}, - {default, undefined} -]}. - -{mapping, "lwm2m.opts.$name", "emqx_lwm2m.options", [ - {datatype, bytesize} -]}. - -{translation, "emqx_lwm2m.auto_observe", fun(Conf) -> - case cuttlefish:conf_get("lwm2m.auto_observe", Conf, "off") of - "off" -> false; %% BACKW: v4.3.0 - "on" -> true; %% BACKW: v4.3.0 - Str -> string:tokens(Str, ", ") - end -end}. - -{translation, "emqx_lwm2m.bind_udp", fun(Conf) -> - Options = cuttlefish_variable:filter_by_prefix("lwm2m.bind.udp", Conf), - lists:map(fun({_, Bind}) -> - {Ip, Port} = cuttlefish_datatypes:from_string(Bind, ip), - Opts = case inet:parse_address(Ip) of - {ok, {_,_,_,_} = Address} -> - [inet, {ip, Address}]; - {ok, {_,_,_,_,_,_,_,_} = Address} -> - [inet6, {ip, Address}] - end, - {Port, Opts} - end, Options) -end}. - -{translation, "emqx_lwm2m.bind_dtls", fun(Conf) -> - Options = cuttlefish_variable:filter_by_prefix("lwm2m.bind.dtls", Conf), - lists:map(fun({_, Bind}) -> - {Ip, Port} = cuttlefish_datatypes:from_string(Bind, ip), - Opts = case inet:parse_address(Ip) of - {ok, {_,_,_,_} = Address} -> - [inet, {ip, Address}]; - {ok, {_,_,_,_,_,_,_,_} = Address} -> - [inet6, {ip, Address}] - end, - {Port, Opts} - end, Options) -end}. - -{translation, "emqx_lwm2m.options", fun(Conf) -> - Options = cuttlefish_variable:filter_by_prefix("lwm2m.opts", Conf), - Opts = lists:map(fun({[_,_, Key], Value}) -> - {list_to_atom(Key), Value} - end, Options), - - case cuttlefish:conf_get("lwm2m.lb", Conf, undefined) of - undefined -> ignore; - _ -> - cuttlefish:warn("The 'lwm2m.lb' option has removed from v4.2.0!") - end, - - Opts -end}. - -{mapping, "lwm2m.mountpoint", "emqx_lwm2m.mountpoint", [ - {datatype, string}, - {default, ""} -]}. - -{mapping, "lwm2m.topics.command", "emqx_lwm2m.topics", [ - {datatype, string}, - {default, "lwm2m/%e/dn/#"} -]}. - -{mapping, "lwm2m.topics.response", "emqx_lwm2m.topics", [ - {datatype, string}, - {default, "lwm2m/%e/up/resp"} -]}. - -{mapping, "lwm2m.topics.notify", "emqx_lwm2m.topics", [ - {datatype, string}, - {default, "lwm2m/%e/up/notify"} -]}. - -{mapping, "lwm2m.topics.register", "emqx_lwm2m.topics", [ - {datatype, string}, - {default, "lwm2m/%e/up/resp"} -]}. - -{mapping, "lwm2m.topics.update", "emqx_lwm2m.topics", [ - {datatype, string}, - {default, "lwm2m/%e/up/resp"} -]}. - -{mapping, "lwm2m.update_msg_publish_condition", "emqx_lwm2m.update_msg_publish_condition", [ - {datatype, {enum, [contains_object_list, always]}}, - {default, contains_object_list} -]}. - -{translation, "emqx_lwm2m.topics", fun(Conf) -> - Topics = cuttlefish_variable:filter_by_prefix("lwm2m.topics", Conf), - Opts = lists:map(fun({[_,_, Key], Value}) -> - {list_to_atom(Key), Value} - end, Topics), - Opts -end}. - -{mapping, "lwm2m.xml_dir", "emqx_lwm2m.xml_dir", [ - {datatype, string} -]}. - -%% Plan to remove v5.0-alpha.1, please use lwm2m.dtls_opts.keyfile instead -{mapping, "lwm2m.keyfile", "emqx_lwm2m.dtls_opts", [ - {datatype, string} -]}. - -%% Plan to remove v5.0-alpha.1, please use lwm2m.dtls_opts.certfile instead -{mapping, "lwm2m.certfile", "emqx_lwm2m.dtls_opts", [ - {datatype, string} -]}. - -{mapping, "lwm2m.dtls.keyfile", "emqx_lwm2m.dtls_opts", [ - {datatype, string} -]}. - -{mapping, "lwm2m.dtls.certfile", "emqx_lwm2m.dtls_opts", [ - {datatype, string} -]}. - -{mapping, "lwm2m.dtls.verify", "emqx_lwm2m.dtls_opts", [ - {default, verify_none}, - {datatype, {enum, [verify_none, verify_peer]}} -]}. - -{mapping, "lwm2m.dtls.cacertfile", "emqx_lwm2m.dtls_opts", [ - {datatype, string} -]}. - -{mapping, "lwm2m.dtls.fail_if_no_peer_cert", "emqx_lwm2m.dtls_opts", [ - {datatype, {enum, [true, false]}} -]}. - -{mapping, "lwm2m.dtls.ciphers", "emqx_lwm2m.dtls_opts", [ - {datatype, string} -]}. - -{mapping, "lwm2m.dtls.psk_ciphers", "emqx_lwm2m.dtls_opts", [ - {datatype, string} -]}. - -{translation, "emqx_lwm2m.dtls_opts", fun(Conf) -> - Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end, - - %% compatible with before v4.2 - %% It plan to remove at v5.0-alpha.1 - OldKey = cuttlefish:conf_get("lwm2m.keyfile", Conf, undefined), - OldCert = cuttlefish:conf_get("lwm2m.certfile", Conf, undefined), - - %% Ciphers - SplitFun = fun(undefined) -> undefined; (S) -> string:tokens(S, ",") end, - Ciphers = - case cuttlefish:conf_get("lwm2m.dtls.ciphers", Conf, undefined) of - undefined -> - []; - C -> - [{ciphers, SplitFun(C)}] - end, - PskCiphers = - case cuttlefish:conf_get("lwm2m.dtls.psk_ciphers", Conf, undefined) of - undefined -> - []; - C2 -> - Psk = lists:map(fun("PSK-AES128-CBC-SHA") -> {psk, aes_128_cbc, sha}; - ("PSK-AES256-CBC-SHA") -> {psk, aes_256_cbc, sha}; - ("PSK-3DES-EDE-CBC-SHA") -> {psk, '3des_ede_cbc', sha}; - ("PSK-RC4-SHA") -> {psk, rc4_128, sha} - end, SplitFun(C2)), - [{ciphers, Psk}, {user_lookup_fun, {fun emqx_psk:lookup/3, <<>>}}] - end, - Ciphers /= [] - andalso PskCiphers /= [] - andalso cuttlefish:invalid("The 'lwm2m.dtls.ciphers' and 'lwm2m.dtls.psk_ciphers' cannot exist simultaneously."), - - NCiphers = Ciphers ++ PskCiphers, - - Filter([{verify, cuttlefish:conf_get("lwm2m.dtls.verify", Conf, undefined)}, - {keyfile, cuttlefish:conf_get("lwm2m.dtls.keyfile", Conf, OldKey)}, - {certfile, cuttlefish:conf_get("lwm2m.dtls.certfile", Conf, OldCert)}, - {cacertfile, cuttlefish:conf_get("lwm2m.dtls.cacertfile", Conf, undefined)}, - {fail_if_no_peer_cert, cuttlefish:conf_get("lwm2m.dtls.fail_if_no_peer_cert", Conf, undefined)} | NCiphers]) -end}. -