Refactor branching, procedure and case clauses, into simple matches
which'll fail on a bad result. The OTP Application no longer re-checks
preconditions, like the existance of the whitelist directory &
interface module/procedure, which are put in place at Rabbit Plugin
boot.
Fix buggy Application start when we get an empty list of SSL options.
A refresh interval of 0 SECONDS configures the trust-store for manual
whitelist refresh, i.e. to reflect the certificates currently in the
whitelist directory, via call to `rabbit_trust_store:refresh/0`. An
interval >= 1 SECONDS configures automatic refresh, as before, through
timers.
This fixes a related BUG: the degree of time accuracy was not
consistent between the application, server, and test set. The intended
unit is SECONDS, NOT milliseconds, to make configuration more
friendly. I.e. `60` seconds instead of `60 * 1000` milliseconds.
Store the filename along with certificate issuer name and serial
number, so as to perform a diff on the directory contents, then only
install and remove those entries which need it. We were deleting all
entries + reading in the entire (newer) contents of the directory when
directory modification time had changed.
Along the way it made more sense to optimise ETS for querying the
whitelist than it did to refresh it: the key is still the
unique/distinctive certificate value (issuer name & serial
number). While installing and removing certificates rely on a
`select`.
The client facing interface, `whitelisted/3`, ultimately makes a call
to the ETS table directly. That is, it no longer goes through the
`trust_store` process, which was unecessary.
The file system reports time to an accuracy of one second. So, unless
we wait for at least one second, we may see no change in modification
time. The trust-store relies on this to tell when the whitelist needs
to be refreshed.
* Make changing configuration of more than one option easier.
* Distinguish which whitelisted certificate comes from which test
by using differnt filenames.
* Clean-up after writing out certificate files.
This also introduces testing for a means by which to set an expiry
time, after which the trust-store will refresh its contents to reflect
the underlying directory, so as to keep it up-to-date.
Building the whitelist with a list is practicle initially but not
performant. Introduce a record `entry` which will contain a filename +
modification time in the whitelist.
This completes the client facing procedure `whitelisted/3` with which
SSL sockets effectively query the trust-store, introducing basic
functionality for the server internals, but simplifies matters by
using a list to store the whitelist information. Error logging for
debugging purposes is removed.
Some unecessary SSL client options meant that it will try to validate
the server certificate. We only want to test that the server tries to
validate the client certificate. These complicated the test set and
raised errors which were difficult to track down: the reason reported
for the client failing to authenticate the server were very similar to
those reported when the server tries to authenticate the client. In
the former case, the server will send a TLS alert to the client,
reporting an "unknown CA".
A `stop` procedure isn't necessary if the server will always find
itself in a supervision tree. We trap exits upon initialisation and
handle the reason `shutdown` in the procedure `terminate/2`, instead.
Clean the procedures `handle_call` and `handle_cast`.
* Give the interface procedure a meaningful name.
* Order the procedure's clauses by relevance.
* Log something informative for each clause.
* Dialyzer type & signature for the procedure.
This is a better choice than having the server retrieve the directory
name itself: (1) we can have guarentees earlier from the application,
and (2) it makes testing easier and clearer.
The test set would fail before it began because the application
couldn't retrieve a path to a whitlist directory from it's
configuration data. This change makes the application look for
whitelisted certificates in a default directory. The corresponding
test stops the application, changes the configuration, and starts it
to test with given configuration parameters.
A simple end-to-end test of the trust-store, in the sense that a .PEM
file is written to a directory from which Rabbit is configured to read
whitelisted certificates, then an AMQP client connects. Note: all
those variables which are necessary but not central to the test are
prefixed with an underscore to distinguish them.
Several changes:
* Test names tell us which protocol they use (AMQP). STOMP and MQTT to
follow.
* Give tests more time to complete as old value proved to be short
* Indicate variables which aren't really involved (but necessary) in a
given test with a leading underscore
* Format with more stringent guidlines in mind
Loïc Hoguin has done a lot of helpful work around the PKI + SLL
applications in OTP to build certificates, authorities, and more all
through Erlang, so no calls from the command-line necessary. At the
end of the day they'd use the same stuff behind the scenes: Open
SLL. But, these make it extreamly convenient to test changes in Rabbit
revolving around TLS + certificates.
Joseph Yiasemides
Michael Klishin