Validate all certfiles on startup

author: Evgeniy Khramtsov <ekhramtsov@process-one.net> 2017-05-23 09:27:52 +0300
committer: Evgeniy Khramtsov <ekhramtsov@process-one.net> 2017-05-23 09:27:52 +0300
commit: 268065e5c495cc952bcb2ad737f8c40e188d8964 (patch)
tree: 829bbf2528f01a24e1d4eab5bc163a624f544a97 /src/ejabberd_pkix.erl
parent: Implement cache for mod_announce (diff)
1 files changed, 21 insertions, 10 deletions
diff --git a/src/ejabberd_pkix.erl b/src/ejabberd_pkix.erl
index 7c03f1772..f9f0472f6 100644
--- a/src/ejabberd_pkix.erl
+++ b/src/ejabberd_pkix.erl
@@ -27,7 +27,7 @@
 
 %% API
 -export([start_link/0, add_certfile/1, format_error/1, opt_type/1,
-	 get_certfile/1, route_registered/1]).
+	 get_certfile/1, try_certfile/1, route_registered/1]).
 %% gen_server callbacks
 -export([init/1, handle_call/3, handle_cast/2, handle_info/2,
 	 terminate/2, code_change/3]).
@@ -56,15 +56,16 @@
 %%%===================================================================
 -spec add_certfile(filename:filename())
       -> ok | {error, cert_error() | file:posix()}.
-add_certfile(Path0) ->
-    Path = case filename:pathtype(Path0) of
-	       relative ->
-		   {ok, CWD} = file:get_cwd(),
-		   iolist_to_binary(filename:join(CWD, Path0));
-	       _ ->
-		   iolist_to_binary(Path0)
-	   end,
-    gen_server:call(?MODULE, {add_certfile, Path}).
+add_certfile(Path) ->
+    gen_server:call(?MODULE, {add_certfile, prep_path(Path)}).
+
+-spec try_certfile(filename:filename()) -> binary().
+try_certfile(Path0) ->
+    Path = prep_path(Path0),
+    case mk_cert_state(Path, false) of
+	{ok, _} -> Path;
+	{error, _} -> erlang:error(badarg)
+    end.
 
 route_registered(Route) ->
     gen_server:call(?MODULE, {route_registered, Route}).
@@ -515,6 +516,16 @@ get_cert_path(G, [Root|_] = Acc) ->
 	      end, Es)
     end.
 
+-spec prep_path(filename:filename()) -> binary().
+prep_path(Path0) ->
+    case filename:pathtype(Path0) of
+	relative ->
+	    {ok, CWD} = file:get_cwd(),
+	    iolist_to_binary(filename:join(CWD, Path0));
+	_ ->
+	    iolist_to_binary(Path0)
+    end.
+
 -ifdef(SHORT_NAME_HASH).
 short_name_hash(IssuerID) ->
     public_key:short_name_hash(IssuerID).
author	Evgeniy Khramtsov <ekhramtsov@process-one.net>	2017-05-23 09:27:52 +0300
committer	Evgeniy Khramtsov <ekhramtsov@process-one.net>	2017-05-23 09:27:52 +0300
commit	268065e5c495cc952bcb2ad737f8c40e188d8964 (patch)
tree	829bbf2528f01a24e1d4eab5bc163a624f544a97 /src/ejabberd_pkix.erl
parent	Implement cache for mod_announce (diff)