76 lines
2.5 KiB
Erlang
76 lines
2.5 KiB
Erlang
%%--------------------------------------------------------------------
|
|
%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
|
|
%%
|
|
%% Licensed under the Apache License, Version 2.0 (the "License");
|
|
%% you may not use this file except in compliance with the License.
|
|
%% You may obtain a copy of the License at
|
|
%%
|
|
%% http://www.apache.org/licenses/LICENSE-2.0
|
|
%%
|
|
%% Unless required by applicable law or agreed to in writing, software
|
|
%% distributed under the License is distributed on an "AS IS" BASIS,
|
|
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
%% See the License for the specific language governing permissions and
|
|
%% limitations under the License.
|
|
%%--------------------------------------------------------------------
|
|
|
|
-module(emqx_psk_schema).
|
|
|
|
-behaviour(hocon_schema).
|
|
|
|
-include_lib("typerefl/include/types.hrl").
|
|
|
|
-export([ roots/0
|
|
, fields/1
|
|
]).
|
|
|
|
roots() -> ["psk_authentication"].
|
|
|
|
fields("psk_authentication") ->
|
|
#{fields => fields(),
|
|
desc => """PSK stands for 'Pre-Shared Keys'.
|
|
This config to enable TLS-PSK authentication.
|
|
|
|
<strong>Important!</strong> Make sure the SSL listener with
|
|
only <code>tlsv1.2</code> enabled, and also PSK cipher suites
|
|
configured, such as <code>RSA-PSK-AES256-GCM-SHA384</code>.
|
|
See listener SSL options config for more details.
|
|
|
|
The IDs and secrets can be provided from a file the path
|
|
to which is configurable by the <code>init_file</code> field.
|
|
"""
|
|
}.
|
|
|
|
fields() ->
|
|
[ {enable, fun enable/1}
|
|
, {init_file, fun init_file/1}
|
|
, {separator, fun separator/1}
|
|
, {chunk_size, fun chunk_size/1}
|
|
].
|
|
|
|
enable(type) -> boolean();
|
|
enable(desc) -> <<"Whether to enable tls psk support">>;
|
|
enable(default) -> false;
|
|
enable(_) -> undefined.
|
|
|
|
init_file(type) -> binary();
|
|
init_file(desc) ->
|
|
<<"If init_file is specified, emqx will import PSKs from the file ",
|
|
"into the built-in database at startup for use by the runtime. ",
|
|
"The file has to be structured line-by-line, each line must be in ",
|
|
"the format of 'PSKIdentity:SharedSecret' for example: mydevice1:c2VjcmV0">>;
|
|
init_file(nullable) -> true;
|
|
init_file(_) -> undefined.
|
|
|
|
separator(type) -> binary();
|
|
separator(desc) ->
|
|
<<"The separator between PSKIdentity and SharedSecret in the psk file">>;
|
|
separator(default) -> <<":">>;
|
|
separator(_) -> undefined.
|
|
|
|
chunk_size(type) -> integer();
|
|
chunk_size(desc) ->
|
|
<<"The size of each chunk used to import to the built-in database from psk file">>;
|
|
chunk_size(default) -> 50;
|
|
chunk_size(_) -> undefined.
|