114 lines
4.2 KiB
Erlang
114 lines
4.2 KiB
Erlang
%%--------------------------------------------------------------------
|
|
%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
|
|
%%
|
|
%% Licensed under the Apache License, Version 2.0 (the "License");
|
|
%% you may not use this file except in compliance with the License.
|
|
%% You may obtain a copy of the License at
|
|
%%
|
|
%% http://www.apache.org/licenses/LICENSE-2.0
|
|
%%
|
|
%% Unless required by applicable law or agreed to in writing, software
|
|
%% distributed under the License is distributed on an "AS IS" BASIS,
|
|
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
%% See the License for the specific language governing permissions and
|
|
%% limitations under the License.
|
|
%%--------------------------------------------------------------------
|
|
|
|
-module(emqx_connector_ssl).
|
|
|
|
-export([
|
|
convert_certs/2,
|
|
drop_invalid_certs/1,
|
|
clear_certs/2
|
|
]).
|
|
|
|
%% TODO: rm `connector` case after `dev/ee5.0` merged into `master`.
|
|
%% The `connector` config layer will be removed.
|
|
%% for bridges with `connector` field. i.e. `mqtt_source` and `mqtt_sink`
|
|
convert_certs(RltvDir, #{<<"connector">> := Connector} = Config) when
|
|
is_map(Connector)
|
|
->
|
|
SSL = map_get_oneof([<<"ssl">>, ssl], Connector, undefined),
|
|
new_ssl_config(RltvDir, Config, SSL);
|
|
convert_certs(RltvDir, #{connector := Connector} = Config) when
|
|
is_map(Connector)
|
|
->
|
|
SSL = map_get_oneof([<<"ssl">>, ssl], Connector, undefined),
|
|
new_ssl_config(RltvDir, Config, SSL);
|
|
%% for bridges without `connector` field. i.e. webhook
|
|
convert_certs(RltvDir, #{<<"ssl">> := SSL} = Config) ->
|
|
new_ssl_config(RltvDir, Config, SSL);
|
|
convert_certs(RltvDir, #{ssl := SSL} = Config) ->
|
|
new_ssl_config(RltvDir, Config, SSL);
|
|
%% for bridges use connector name
|
|
convert_certs(_RltvDir, Config) ->
|
|
{ok, Config}.
|
|
|
|
clear_certs(RltvDir, #{<<"connector">> := Connector} = _Config) when
|
|
is_map(Connector)
|
|
->
|
|
OldSSL = map_get_oneof([<<"ssl">>, ssl], Connector, undefined),
|
|
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
|
|
clear_certs(RltvDir, #{connector := Connector} = _Config) when
|
|
is_map(Connector)
|
|
->
|
|
OldSSL = map_get_oneof([<<"ssl">>, ssl], Connector, undefined),
|
|
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
|
|
clear_certs(RltvDir, #{<<"ssl">> := OldSSL} = _Config) ->
|
|
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
|
|
clear_certs(RltvDir, #{ssl := OldSSL} = _Config) ->
|
|
ok = emqx_tls_lib:delete_ssl_files(RltvDir, undefined, OldSSL);
|
|
clear_certs(_RltvDir, _) ->
|
|
ok.
|
|
|
|
drop_invalid_certs(#{<<"connector">> := Connector} = Config) when
|
|
is_map(Connector)
|
|
->
|
|
SSL = map_get_oneof([<<"ssl">>, ssl], Connector, undefined),
|
|
NewSSL = emqx_tls_lib:drop_invalid_certs(SSL),
|
|
new_ssl_config(Config, NewSSL);
|
|
drop_invalid_certs(#{connector := Connector} = Config) when
|
|
is_map(Connector)
|
|
->
|
|
SSL = map_get_oneof([<<"ssl">>, ssl], Connector, undefined),
|
|
NewSSL = emqx_tls_lib:drop_invalid_certs(SSL),
|
|
new_ssl_config(Config, NewSSL);
|
|
drop_invalid_certs(#{<<"ssl">> := SSL} = Config) ->
|
|
NewSSL = emqx_tls_lib:drop_invalid_certs(SSL),
|
|
new_ssl_config(Config, NewSSL);
|
|
drop_invalid_certs(#{ssl := SSL} = Config) ->
|
|
NewSSL = emqx_tls_lib:drop_invalid_certs(SSL),
|
|
new_ssl_config(Config, NewSSL);
|
|
%% for bridges use connector name
|
|
drop_invalid_certs(Config) ->
|
|
Config.
|
|
|
|
new_ssl_config(RltvDir, Config, SSL) ->
|
|
case emqx_tls_lib:ensure_ssl_files(RltvDir, SSL) of
|
|
{ok, NewSSL} ->
|
|
{ok, new_ssl_config(Config, NewSSL)};
|
|
{error, Reason} ->
|
|
{error, {bad_ssl_config, Reason}}
|
|
end.
|
|
|
|
new_ssl_config(#{connector := Connector} = Config, NewSSL) ->
|
|
Config#{connector => Connector#{ssl => NewSSL}};
|
|
new_ssl_config(#{<<"connector">> := Connector} = Config, NewSSL) ->
|
|
Config#{<<"connector">> => Connector#{<<"ssl">> => NewSSL}};
|
|
new_ssl_config(#{ssl := _} = Config, NewSSL) ->
|
|
Config#{ssl => NewSSL};
|
|
new_ssl_config(#{<<"ssl">> := _} = Config, NewSSL) ->
|
|
Config#{<<"ssl">> => NewSSL};
|
|
new_ssl_config(Config, _NewSSL) ->
|
|
Config.
|
|
|
|
map_get_oneof([], _Map, Default) ->
|
|
Default;
|
|
map_get_oneof([Key | Keys], Map, Default) ->
|
|
case maps:find(Key, Map) of
|
|
error ->
|
|
map_get_oneof(Keys, Map, Default);
|
|
{ok, Value} ->
|
|
Value
|
|
end.
|