A refresh interval of 0 SECONDS configures the trust-store for manual
whitelist refresh, i.e. to reflect the certificates currently in the
whitelist directory, via call to `rabbit_trust_store:refresh/0`. An
interval >= 1 SECONDS configures automatic refresh, as before, through
timers.
This fixes a related BUG: the degree of time accuracy was not
consistent between the application, server, and test set. The intended
unit is SECONDS, NOT milliseconds, to make configuration more
friendly. I.e. `60` seconds instead of `60 * 1000` milliseconds.
The file system reports time to an accuracy of one second. So, unless
we wait for at least one second, we may see no change in modification
time. The trust-store relies on this to tell when the whitelist needs
to be refreshed.
* Make changing configuration of more than one option easier.
* Distinguish which whitelisted certificate comes from which test
by using differnt filenames.
* Clean-up after writing out certificate files.
This also introduces testing for a means by which to set an expiry
time, after which the trust-store will refresh its contents to reflect
the underlying directory, so as to keep it up-to-date.
This completes the client facing procedure `whitelisted/3` with which
SSL sockets effectively query the trust-store, introducing basic
functionality for the server internals, but simplifies matters by
using a list to store the whitelist information. Error logging for
debugging purposes is removed.
Some unecessary SSL client options meant that it will try to validate
the server certificate. We only want to test that the server tries to
validate the client certificate. These complicated the test set and
raised errors which were difficult to track down: the reason reported
for the client failing to authenticate the server were very similar to
those reported when the server tries to authenticate the client. In
the former case, the server will send a TLS alert to the client,
reporting an "unknown CA".
* Give the interface procedure a meaningful name.
* Order the procedure's clauses by relevance.
* Log something informative for each clause.
* Dialyzer type & signature for the procedure.
The test set would fail before it began because the application
couldn't retrieve a path to a whitlist directory from it's
configuration data. This change makes the application look for
whitelisted certificates in a default directory. The corresponding
test stops the application, changes the configuration, and starts it
to test with given configuration parameters.
A simple end-to-end test of the trust-store, in the sense that a .PEM
file is written to a directory from which Rabbit is configured to read
whitelisted certificates, then an AMQP client connects. Note: all
those variables which are necessary but not central to the test are
prefixed with an underscore to distinguish them.
Several changes:
* Test names tell us which protocol they use (AMQP). STOMP and MQTT to
follow.
* Give tests more time to complete as old value proved to be short
* Indicate variables which aren't really involved (but necessary) in a
given test with a leading underscore
* Format with more stringent guidlines in mind
Loïc Hoguin has done a lot of helpful work around the PKI + SLL
applications in OTP to build certificates, authorities, and more all
through Erlang, so no calls from the command-line necessary. At the
end of the day they'd use the same stuff behind the scenes: Open
SLL. But, these make it extreamly convenient to test changes in Rabbit
revolving around TLS + certificates.
Joseph Yiasemides