diff options
| -rw-r--r-- | src/rabbit_reader.erl | 6 | ||||
| -rw-r--r-- | src/rabbit_ssl.erl | 72 | ||||
| -rw-r--r-- | src/rabbit_types.erl | 4 |
3 files changed, 43 insertions, 39 deletions
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl index 866442b74e..4d9dc927c9 100644 --- a/src/rabbit_reader.erl +++ b/src/rabbit_reader.erl @@ -819,11 +819,11 @@ i(peer_address, #v1{sock = Sock}) -> {ok, {A, _}} = rabbit_net:peername(Sock), A; i(ssl_issuer, #v1{sock = Sock}) -> - rabbit_ssl:ssl_info(fun rabbit_ssl:ssl_issuer/1, Sock); + rabbit_ssl:ssl_issuer(Sock); i(ssl_subject, #v1{sock = Sock}) -> - rabbit_ssl:ssl_info(fun rabbit_ssl:ssl_subject/1, Sock); + rabbit_ssl:ssl_subject(Sock); i(ssl_validity, #v1{sock = Sock}) -> - rabbit_ssl:ssl_info(fun rabbit_ssl:ssl_validity/1, Sock); + rabbit_ssl:ssl_validity(Sock); i(peer_port, #v1{sock = Sock}) -> {ok, {_, P}} = rabbit_net:peername(Sock), P; diff --git a/src/rabbit_ssl.erl b/src/rabbit_ssl.erl index d9260d7b33..4db1bbc138 100644 --- a/src/rabbit_ssl.erl +++ b/src/rabbit_ssl.erl @@ -31,26 +31,26 @@ -module(rabbit_ssl). +-include("rabbit.hrl"). + -include_lib("public_key/include/public_key.hrl"). -include_lib("ssl/src/ssl_int.hrl"). --export([ssl_issuer/1, ssl_subject/1, ssl_validity/1, ssl_info/2]). +-export([ssl_issuer/1, ssl_subject/1, ssl_validity/1]). --export_type([certificate/0]). +-export_type([certificate/0, ssl_socket/0]). %%-------------------------------------------------------------------------- -ifdef(use_specs). +-type(ssl_socket() :: #ssl_socket{}). -type(certificate() :: #'OTPCertificate'{}). +-type(a_socket() :: rabbit_networking:socket() | ssl_socket()). --type(ssl_info_fun() :: fun((certificate()) -> string())). - --spec(ssl_info/2 :: (ssl_info_fun(), #'sslsocket'{}) -> any()). - --spec(ssl_issuer/1 :: (certificate()) -> string()). --spec(ssl_subject/1 :: (certificate()) -> string()). --spec(ssl_validity/1 :: (certificate()) -> string()). +-spec(ssl_issuer/1 :: (a_socket()) -> string()). +-spec(ssl_subject/1 :: (a_socket()) -> string()). +-spec(ssl_validity/1 :: (a_socket()) -> string()). -endif. %% use_specs @@ -59,6 +59,36 @@ %% High-level functions used by reader %%-------------------------------------------------------------------------- +%% Return a string describing the certificate's issuer. +ssl_issuer(Sock) -> + ssl_info(fun(#'OTPCertificate' { + tbsCertificate = #'OTPTBSCertificate' { + issuer = Issuer }}) -> + format_ssl_subject(extract_ssl_values(Issuer)) + end, Sock). + +%% Return a string describing the certificate's subject, as per RFC4514. +ssl_subject(Sock) -> + ssl_info(fun(#'OTPCertificate' { + tbsCertificate = #'OTPTBSCertificate' { + subject = Subject }}) -> + format_ssl_subject(extract_ssl_values(Subject)) + end, Sock). + +%% Return a string describing the certificate's validity. +ssl_validity(Sock) -> + ssl_info(fun(#'OTPCertificate' { + tbsCertificate = #'OTPTBSCertificate' { + validity = Validity }}) -> + case extract_ssl_values(Validity) of + {'Validity', Start, End} -> + io_lib:format("~s to ~s", [format_ssl_value(Start), + format_ssl_value(End)]); + V -> + io_lib:format("~p", [V]) + end + end, Sock). + %% Wrapper for applying a function to a socket's certificate. ssl_info(F, Sock) -> case rabbit_net:peercert(Sock) of @@ -83,30 +113,6 @@ ssl_info(F, Sock) -> end end. -%% Return a string describing the certificate's issuer. -ssl_issuer(#'OTPCertificate' { - tbsCertificate = #'OTPTBSCertificate' { - issuer = Issuer }}) -> - format_ssl_subject(extract_ssl_values(Issuer)). - -%% Return a string describing the certificate's subject, as per RFC4514. -ssl_subject(#'OTPCertificate' { - tbsCertificate = #'OTPTBSCertificate' { - subject = Subject }}) -> - format_ssl_subject(extract_ssl_values(Subject)). - -%% Return a string describing the certificate's validity. -ssl_validity(#'OTPCertificate' { - tbsCertificate = #'OTPTBSCertificate' { - validity = Validity }}) -> - case extract_ssl_values(Validity) of - {'Validity', Start, End} -> - io_lib:format("~s to ~s", [format_ssl_value(Start), - format_ssl_value(End)]); - V -> - io_lib:format("~p", [V]) - end. - %%-------------------------------------------------------------------------- %% Functions for extracting information from OTPCertificates diff --git a/src/rabbit_types.erl b/src/rabbit_types.erl index 9dfd33bd87..35b08ae99f 100644 --- a/src/rabbit_types.erl +++ b/src/rabbit_types.erl @@ -38,7 +38,7 @@ -export_type([txn/0, maybe/1, info/0, info_key/0, message/0, basic_message/0, delivery/0, content/0, decoded_content/0, undecoded_content/0, unencoded_content/0, encoded_content/0, vhost/0, ctag/0, - amqp_error/0, r/1, r2/2, r3/3, ssl_socket/0, listener/0, + amqp_error/0, r/1, r2/2, r3/3, listener/0, binding/0, amqqueue/0, exchange/0, connection/0, protocol/0, user/0, ok/1, error/1, ok_or_error/1, ok_or_error2/2, ok_pid_or_error/0, channel_exit/0, connection_exit/0]). @@ -107,8 +107,6 @@ kind :: Kind, name :: Name}). --type(ssl_socket() :: #ssl_socket{}). - -type(listener() :: #listener{node :: node(), protocol :: atom(), |