From 7e5bdf6863c7432ad465c4e93c9164a8789d4b5b Mon Sep 17 00:00:00 2001 From: Joseph Date: Thu, 18 Jan 2018 21:29:07 -0600 Subject: [PATCH 1/4] Initial implementation of ssl cert setup --- lib/ucx_ucc/application.ex | 2 + lib/ucx_ucc/ucx_ucc_cert_manager.ex | 92 +++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 lib/ucx_ucc/ucx_ucc_cert_manager.ex diff --git a/lib/ucx_ucc/application.ex b/lib/ucx_ucc/application.ex index 27d8ccd..fefb439 100644 --- a/lib/ucx_ucc/application.ex +++ b/lib/ucx_ucc/application.ex @@ -6,6 +6,8 @@ defmodule UcxUcc.Application do def start(type, args) do import Supervisor.Spec + UcxUcc.CertManager.set_endpoint_certs! :ucx_ucc, UcxUccWeb.Endpoint + # allow plugin access by it name # i.e. Application.get_env(:ucc_ucx, :router) diff --git a/lib/ucx_ucc/ucx_ucc_cert_manager.ex b/lib/ucx_ucc/ucx_ucc_cert_manager.ex new file mode 100644 index 0000000..bb5ead1 --- /dev/null +++ b/lib/ucx_ucc/ucx_ucc_cert_manager.ex @@ -0,0 +1,92 @@ +# This file is responsible for parsing SSL certificates from +# ssl configuration file to be used for Mscs web server. + +defmodule UcxUcc.CertManager do + @moduledoc """ + + Handle finding ssl certificates on the UCx. + + General functions to manage ssl certificate files on a UCx. + """ + + require Logger + + @ssl_conf_file "/etc/httpd/conf.d/ssl.conf" + @ssl_cert "SSLCertificateFile" + @ssl_cert_key "SSLCertificateKeyFile" + @ssl_ca_cert "SSLCACertificateFile" + + @doc """ + Parses the ssl configuration file and returns list of file names. + + Returns the `certfile`, `cacertfile`, and `keyfile` file names. + If the `cacertfile` is not found, the `certfile` will be returned. + + ## Examples + + get_cert_file # uses the default #{@ssl_conf_file} file + + get_cert_file(:mscs) # gets the config filename from the config + # using the app key give (`:mscs`) + + get_cert_file("/etc/ssl.conf") # uses config file name given + + """ + def get_cert_info(name \\ @ssl_conf_file) + def get_cert_info(app) when is_atom(app) do + Application.get_env(app, :ssl_conf_file, @ssl_conf_file) + |> get_cert_info + end + def get_cert_info(ssl_conf_file) do + File.stream!(ssl_conf_file, [], :line) + |> Enum.reduce([], fn(line, acc) -> + line = Regex.replace ~r/#.*/, line, "" + cond do + value = find_key(@ssl_cert, line) -> + value = String.strip value + Keyword.put(acc, :certfile, value) + |> Keyword.put_new(:cacertfile, value) + value = find_key(@ssl_cert_key, line) -> + Keyword.put(acc, :keyfile, String.strip(value)) + value = find_key(@ssl_ca_cert, line) -> + Keyword.put(acc, :cacertfile, String.strip(value)) + true -> acc + end + end) + end + + @doc """ + Set the endpoint cert names. + + Sets the applications EndPoint :https cert file names. Call this + from the main supervisor, before starting the EndPoint. + + ## Example + + set_endpoint_certs!(:mscs, Mscs.EndPoint) + """ + def set_endpoint_certs!(app, endpoint_mod) do + endpoint = Application.get_env(app, endpoint_mod) + https = get_cert_info(app) + |> Enum.reduce(endpoint[:https] || [], fn({k,v}, https) -> + if(Keyword.get(https, k) != nil) do + https + else + Keyword.put(https, k, v) + end + end) + Application.put_env app, endpoint_mod, Keyword.put(endpoint, :https, https) + end + + ############## + # Private + + defp find_key(key, line) do + case Regex.run(~r/#{key}[\s]+(.+)$/, line) do + [_, result] -> + String.strip(result) + _ -> nil + end + end + +end From 129eae4d0d7259743ad074372aa1269a76377bcb Mon Sep 17 00:00:00 2001 From: Joseph Date: Sun, 21 Jan 2018 20:50:34 -0600 Subject: [PATCH 2/4] Updated prod.exs and dev.exs files --- config/dev.exs | 4 +--- config/prod.exs | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/config/dev.exs b/config/dev.exs index a89953c..9d3ccf8 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -9,9 +9,7 @@ use Mix.Config config :ucx_ucc, UcxUccWeb.Endpoint, http: [port: 4017], https: [port: 4317, - otp_app: :ucx_ucc, - keyfile: "priv/key.pem", - certfile: "priv/cert.pem" + otp_app: :ucx_ucc ], debug_errors: true, code_reloader: true, diff --git a/config/prod.exs b/config/prod.exs index dfb5bd8..38cf56b 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -16,9 +16,7 @@ use Mix.Config config :ucx_ucc, UcxUccWeb.Endpoint, url: [host: "localhost", port: 4021], https: [port: 4021, - otp_app: :ucx_ucc, - keyfile: "priv/key.pem", - certfile: "priv/cert.pem" + otp_app: :ucx_ucc ], cache_static_manifest: "priv/static/cache_manifest.json", server: true, From 4a2d0b5898e49bb52757170b533726127745271f Mon Sep 17 00:00:00 2001 From: Joseph Date: Sun, 21 Jan 2018 20:52:19 -0600 Subject: [PATCH 3/4] Fixed warning messages for String.strip --- lib/ucx_ucc/ucx_ucc_cert_manager.ex | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/ucx_ucc/ucx_ucc_cert_manager.ex b/lib/ucx_ucc/ucx_ucc_cert_manager.ex index bb5ead1..d16e785 100644 --- a/lib/ucx_ucc/ucx_ucc_cert_manager.ex +++ b/lib/ucx_ucc/ucx_ucc_cert_manager.ex @@ -1,10 +1,14 @@ -# This file is responsible for parsing SSL certificates from -# ssl configuration file to be used for Mscs web server. +# Copyright (C) E-MetroTel, 2018 - All Rights Reserved +# This software contains material which is proprietary and confidential +# to E-MetroTel and is made available solely pursuant to the terms of +# a written license agreement with E-MetroTel. + + defmodule UcxUcc.CertManager do @moduledoc """ - Handle finding ssl certificates on the UCx. + This module gets SSL certificates file path from ssl configuration file for use in UcxUcc application. General functions to manage ssl certificate files on a UCx. """ @@ -43,13 +47,13 @@ defmodule UcxUcc.CertManager do line = Regex.replace ~r/#.*/, line, "" cond do value = find_key(@ssl_cert, line) -> - value = String.strip value + value = String.trim value Keyword.put(acc, :certfile, value) |> Keyword.put_new(:cacertfile, value) value = find_key(@ssl_cert_key, line) -> - Keyword.put(acc, :keyfile, String.strip(value)) + Keyword.put(acc, :keyfile, String.trim(value)) value = find_key(@ssl_ca_cert, line) -> - Keyword.put(acc, :cacertfile, String.strip(value)) + Keyword.put(acc, :cacertfile, String.trim(value)) true -> acc end end) @@ -84,7 +88,7 @@ defmodule UcxUcc.CertManager do defp find_key(key, line) do case Regex.run(~r/#{key}[\s]+(.+)$/, line) do [_, result] -> - String.strip(result) + String.trim(result) _ -> nil end end From 3457b103f352d09b614b1aad5a6ad8af1e0bf715 Mon Sep 17 00:00:00 2001 From: Joseph Date: Mon, 29 Jan 2018 09:27:57 -0600 Subject: [PATCH 4/4] Updated code as per review comments --- lib/ucx_ucc/application.ex | 2 - lib/ucx_ucc/ucx_ucc_cert_manager.ex | 96 ----------------------------- 2 files changed, 98 deletions(-) delete mode 100644 lib/ucx_ucc/ucx_ucc_cert_manager.ex diff --git a/lib/ucx_ucc/application.ex b/lib/ucx_ucc/application.ex index fefb439..27d8ccd 100644 --- a/lib/ucx_ucc/application.ex +++ b/lib/ucx_ucc/application.ex @@ -6,8 +6,6 @@ defmodule UcxUcc.Application do def start(type, args) do import Supervisor.Spec - UcxUcc.CertManager.set_endpoint_certs! :ucx_ucc, UcxUccWeb.Endpoint - # allow plugin access by it name # i.e. Application.get_env(:ucc_ucx, :router) diff --git a/lib/ucx_ucc/ucx_ucc_cert_manager.ex b/lib/ucx_ucc/ucx_ucc_cert_manager.ex deleted file mode 100644 index d16e785..0000000 --- a/lib/ucx_ucc/ucx_ucc_cert_manager.ex +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright (C) E-MetroTel, 2018 - All Rights Reserved -# This software contains material which is proprietary and confidential -# to E-MetroTel and is made available solely pursuant to the terms of -# a written license agreement with E-MetroTel. - - - -defmodule UcxUcc.CertManager do - @moduledoc """ - - This module gets SSL certificates file path from ssl configuration file for use in UcxUcc application. - - General functions to manage ssl certificate files on a UCx. - """ - - require Logger - - @ssl_conf_file "/etc/httpd/conf.d/ssl.conf" - @ssl_cert "SSLCertificateFile" - @ssl_cert_key "SSLCertificateKeyFile" - @ssl_ca_cert "SSLCACertificateFile" - - @doc """ - Parses the ssl configuration file and returns list of file names. - - Returns the `certfile`, `cacertfile`, and `keyfile` file names. - If the `cacertfile` is not found, the `certfile` will be returned. - - ## Examples - - get_cert_file # uses the default #{@ssl_conf_file} file - - get_cert_file(:mscs) # gets the config filename from the config - # using the app key give (`:mscs`) - - get_cert_file("/etc/ssl.conf") # uses config file name given - - """ - def get_cert_info(name \\ @ssl_conf_file) - def get_cert_info(app) when is_atom(app) do - Application.get_env(app, :ssl_conf_file, @ssl_conf_file) - |> get_cert_info - end - def get_cert_info(ssl_conf_file) do - File.stream!(ssl_conf_file, [], :line) - |> Enum.reduce([], fn(line, acc) -> - line = Regex.replace ~r/#.*/, line, "" - cond do - value = find_key(@ssl_cert, line) -> - value = String.trim value - Keyword.put(acc, :certfile, value) - |> Keyword.put_new(:cacertfile, value) - value = find_key(@ssl_cert_key, line) -> - Keyword.put(acc, :keyfile, String.trim(value)) - value = find_key(@ssl_ca_cert, line) -> - Keyword.put(acc, :cacertfile, String.trim(value)) - true -> acc - end - end) - end - - @doc """ - Set the endpoint cert names. - - Sets the applications EndPoint :https cert file names. Call this - from the main supervisor, before starting the EndPoint. - - ## Example - - set_endpoint_certs!(:mscs, Mscs.EndPoint) - """ - def set_endpoint_certs!(app, endpoint_mod) do - endpoint = Application.get_env(app, endpoint_mod) - https = get_cert_info(app) - |> Enum.reduce(endpoint[:https] || [], fn({k,v}, https) -> - if(Keyword.get(https, k) != nil) do - https - else - Keyword.put(https, k, v) - end - end) - Application.put_env app, endpoint_mod, Keyword.put(endpoint, :https, https) - end - - ############## - # Private - - defp find_key(key, line) do - case Regex.run(~r/#{key}[\s]+(.+)$/, line) do - [_, result] -> - String.trim(result) - _ -> nil - end - end - -end