Add acme certificates for all configured hosts in ejabberd_pkix

author: Konstantinos Kallas <konstantinos.kallas@hotmail.com> 2017-08-19 12:50:40 +0300
committer: Konstantinos Kallas <konstantinos.kallas@hotmail.com> 2017-08-19 12:50:40 +0300
commit: 7cc7b74f1e8966c7e92e63bb5c604ee12da93fb5 (patch)
tree: 6952b9b48eeea0cf7b7d57c8816503e7cdc4b851
parent: Add behaviour ejabberd_config in ejabberd_acme in order to validate the config (diff)
2 files changed, 39 insertions, 9 deletions
diff --git a/src/ejabberd_acme.erl b/src/ejabberd_acme.erl
index fcb399d96..62368abee 100644
--- a/src/ejabberd_acme.erl
+++ b/src/ejabberd_acme.erl
@@ -10,6 +10,8 @@
 	 is_valid_verbose_opt/1,
 	 is_valid_domain_opt/1,
 	 is_valid_revoke_cert/1,
+	 %% Called by ejabberd_pkix
+	 certificate_exists/1,
 	 %% Key Related
 	 generate_key/0,
 	 to_public/1
@@ -541,6 +543,25 @@ domain_certificate_exists(Domain) ->
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%
+%% Called by ejabberd_pkix to check
+%% if a certificate exists for a 
+%% specific host
+%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+-spec certificate_exists(bitstring()) -> {true, file:filename()} | false.
+certificate_exists(Host) ->
+    Certificates = read_certificates_persistent(),
+    case lists:keyfind(Host, 1 , Certificates) of
+	false ->
+	    false;
+	{Host, #data_cert{path=Path}} ->
+	    {true, Path}
+    end.
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%
 %% Certificate Request Functions
 %%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
diff --git a/src/ejabberd_pkix.erl b/src/ejabberd_pkix.erl
index f9f0472f6..89b33b8aa 100644
--- a/src/ejabberd_pkix.erl
+++ b/src/ejabberd_pkix.erl
@@ -204,15 +204,24 @@ add_certfiles(State) ->
       end, State, ejabberd_config:get_myhosts()).
 
 add_certfiles(Host, State) ->
-    lists:foldl(
-      fun(Opt, AccState) ->
-	      case ejabberd_config:get_option({Opt, Host}) of
-		  undefined -> AccState;
-		  Path ->
-		      {_, NewAccState} = add_certfile(Path, AccState),
-		      NewAccState
-	      end
-      end, State, [c2s_certfile, s2s_certfile, domain_certfile]).
+    NewState =
+	lists:foldl(
+	  fun(Opt, AccState) ->
+		  case ejabberd_config:get_option({Opt, Host}) of
+		      undefined -> AccState;
+		      Path ->
+			  {_, NewAccState} = add_certfile(Path, AccState),
+			  NewAccState
+		  end
+	  end, State, [c2s_certfile, s2s_certfile, domain_certfile]),
+    %% Add acme certificate if it exists
+    case ejabberd_acme:certificate_exists(Host) of
+	{true, Path} ->
+	    {_, FinalState} = add_certfile(Path, NewState),
+	    FinalState;
+	false ->
+	    NewState
+    end.
 
 add_certfile(Path, State) ->
     case maps:get(Path, State#state.certs, undefined) of
author	Konstantinos Kallas <konstantinos.kallas@hotmail.com>	2017-08-19 12:50:40 +0300
committer	Konstantinos Kallas <konstantinos.kallas@hotmail.com>	2017-08-19 12:50:40 +0300
commit	7cc7b74f1e8966c7e92e63bb5c604ee12da93fb5 (patch)
tree	6952b9b48eeea0cf7b7d57c8816503e7cdc4b851
parent	Add behaviour ejabberd_config in ejabberd_acme in order to validate the config (diff)