tweak api for better decoupling of modules

and trim error handling - we don't check for errors in any of the other info items either
author: Matthias Radestock <matthias@rabbitmq.com> 2010-09-08 21:06:44 +0100
committer: Matthias Radestock <matthias@rabbitmq.com> 2010-09-08 21:06:44 +0100
commit: fa2ee5b87804a56a1f55a3e74b7a18cb6a9e397a (patch)
tree: eb912af6ed66b7e530d2f2df0fbc9b5b130801ad /src
parent: adeabcee97ab51a2becd3d94118f2915851bcfa6 (diff)
download: rabbitmq-server-git-fa2ee5b87804a56a1f55a3e74b7a18cb6a9e397a.tar.gz
2 files changed, 25 insertions, 38 deletions
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl
index 559b57a8c9..669331664e 100644
--- a/src/rabbit_reader.erl
+++ b/src/rabbit_reader.erl
@@ -822,9 +822,12 @@ i(peer_address, #v1{sock = Sock}) ->
 i(peer_port, #v1{sock = Sock}) ->
     {ok, {_, P}} = rabbit_net:peername(Sock),
     P;
-i(peer_cert_issuer,   #v1{sock = Sock}) -> rabbit_ssl:peer_cert_issuer(Sock);
-i(peer_cert_subject,  #v1{sock = Sock}) -> rabbit_ssl:peer_cert_subject(Sock);
-i(peer_cert_validity, #v1{sock = Sock}) -> rabbit_ssl:peer_cert_validity(Sock);
+i(peer_cert_issuer, #v1{sock = Sock}) ->
+    cert_info(fun rabbit_ssl:peer_cert_issuer/1, Sock);
+i(peer_cert_subject, #v1{sock = Sock}) ->
+    cert_info(fun rabbit_ssl:peer_cert_subject/1, Sock);
+i(peer_cert_validity, #v1{sock = Sock}) ->
+    cert_info(fun rabbit_ssl:peer_cert_validity/1, Sock);
 i(SockStat, #v1{sock = Sock}) when SockStat =:= recv_oct;
                                    SockStat =:= recv_cnt;
                                    SockStat =:= send_oct;
@@ -859,6 +862,13 @@ i(client_properties, #v1{connection = #connection{
 i(Item, #v1{}) ->
     throw({bad_argument, Item}).
 
+cert_info(F, Sock) ->
+    case rabbit_net:peercert(Sock) of
+        nossl                -> '';
+        {error, no_peercert} -> '';
+        {ok, Cert}           -> F(Cert)
+    end.
+
 %%--------------------------------------------------------------------------
 
 send_to_new_channel(Channel, AnalyzedFrame, State) ->
diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl
index f7da832519..75df8796d7 100644
--- a/src/rabbit_ssl.erl
+++ b/src/rabbit_ssl.erl
@@ -46,9 +46,9 @@
 
 -type(certificate() :: #'OTPCertificate'{}).
 
--spec(peer_cert_issuer/1   :: (rabbit_net:socket()) -> string()).
--spec(peer_cert_subject/1  :: (rabbit_net:socket()) -> string()).
--spec(peer_cert_validity/1 :: (rabbit_net:socket()) -> string()).
+-spec(peer_cert_issuer/1   :: (certificate()) -> string()).
+-spec(peer_cert_subject/1  :: (certificate()) -> string()).
+-spec(peer_cert_validity/1 :: (certificate()) -> string()).
 
 -endif.
 
@@ -57,59 +57,36 @@
 %%--------------------------------------------------------------------------
 
 %% Return a string describing the certificate's issuer.
-peer_cert_issuer(Sock) ->
+peer_cert_issuer(Cert) ->
     cert_info(fun(#'OTPCertificate' {
                      tbsCertificate = #'OTPTBSCertificate' {
                        issuer = Issuer }}) ->
                       format_rdn_sequence(Issuer)
-              end, Sock).
+              end, Cert).
 
 %% Return a string describing the certificate's subject, as per RFC4514.
-peer_cert_subject(Sock) ->
+peer_cert_subject(Cert) ->
     cert_info(fun(#'OTPCertificate' {
                      tbsCertificate = #'OTPTBSCertificate' {
                        subject = Subject }}) ->
                       format_rdn_sequence(Subject)
-              end, Sock).
+              end, Cert).
 
 %% Return a string describing the certificate's validity.
-peer_cert_validity(Sock) ->
+peer_cert_validity(Cert) ->
     cert_info(fun(#'OTPCertificate' {
                      tbsCertificate = #'OTPTBSCertificate' {
                        validity = {'Validity', Start, End} }}) ->
                       lists:flatten(
                         io_lib:format("~s - ~s", [format_asn1_value(Start),
                                                   format_asn1_value(End)]))
-              end, Sock).
+              end, Cert).
 
 %%--------------------------------------------------------------------------
 
-%% Wrapper for applying a function to a socket's certificate.
-cert_info(F, Sock) ->
-    case rabbit_net:peercert(Sock) of
-        {error, no_peercert} -> no_peer_certificate;
-        {error, E}           -> rabbit_log:warning("cannot obtain cert: "
-                                                   "~p~n", [E]),
-                                no_peer_certificate;
-        nossl                -> nossl;
-        {ok, Cert}           ->
-            case public_key:pkix_decode_cert(Cert, otp) of
-                {ok, DecCert} ->
-                    %% here be dragons; decompose an undocumented
-                    %% structure
-                    try
-                        F(DecCert)
-                    catch
-                        C:E ->
-                            rabbit_log:info("failure in processing SSL info: "
-                                            "~p:~p~n", [C, E]),
-                            unknown
-                    end;
-                {error, E} ->
-                    rabbit_log:warning("error decoding cert: ~p~n", [E]),
-                    no_peer_certificate
-            end
-    end.
+cert_info(F, Cert) ->
+    {ok, DecCert} = public_key:pkix_decode_cert(Cert, otp),
+    F(DecCert).
 
 %%--------------------------------------------------------------------------
 %% Formatting functions
author	Matthias Radestock <matthias@rabbitmq.com>	2010-09-08 21:06:44 +0100
committer	Matthias Radestock <matthias@rabbitmq.com>	2010-09-08 21:06:44 +0100
commit	fa2ee5b87804a56a1f55a3e74b7a18cb6a9e397a (patch)
tree	eb912af6ed66b7e530d2f2df0fbc9b5b130801ad /src
parent	adeabcee97ab51a2becd3d94118f2915851bcfa6 (diff)
download	rabbitmq-server-git-fa2ee5b87804a56a1f55a3e74b7a18cb6a9e397a.tar.gz