From 7cc7b74f1e8966c7e92e63bb5c604ee12da93fb5 Mon Sep 17 00:00:00 2001 From: Konstantinos Kallas Date: Sat, 19 Aug 2017 12:50:40 +0300 Subject: [PATCH] Add acme certificates for all configured hosts in ejabberd_pkix --- src/ejabberd_acme.erl | 21 +++++++++++++++++++++ src/ejabberd_pkix.erl | 27 ++++++++++++++++++--------- 2 files changed, 39 insertions(+), 9 deletions(-) diff --git a/src/ejabberd_acme.erl b/src/ejabberd_acme.erl index fcb399d96..62368abee 100644 --- a/src/ejabberd_acme.erl +++ b/src/ejabberd_acme.erl @@ -10,6 +10,8 @@ is_valid_verbose_opt/1, is_valid_domain_opt/1, is_valid_revoke_cert/1, + %% Called by ejabberd_pkix + certificate_exists/1, %% Key Related generate_key/0, to_public/1 @@ -539,6 +541,25 @@ domain_certificate_exists(Domain) -> lists:keyfind(Domain, 1, Certs). +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% +%% Called by ejabberd_pkix to check +%% if a certificate exists for a +%% specific host +%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +-spec certificate_exists(bitstring()) -> {true, file:filename()} | false. +certificate_exists(Host) -> + Certificates = read_certificates_persistent(), + case lists:keyfind(Host, 1 , Certificates) of + false -> + false; + {Host, #data_cert{path=Path}} -> + {true, Path} + end. + + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %% Certificate Request Functions diff --git a/src/ejabberd_pkix.erl b/src/ejabberd_pkix.erl index f9f0472f6..89b33b8aa 100644 --- a/src/ejabberd_pkix.erl +++ b/src/ejabberd_pkix.erl @@ -204,15 +204,24 @@ add_certfiles(State) -> end, State, ejabberd_config:get_myhosts()). add_certfiles(Host, State) -> - lists:foldl( - fun(Opt, AccState) -> - case ejabberd_config:get_option({Opt, Host}) of - undefined -> AccState; - Path -> - {_, NewAccState} = add_certfile(Path, AccState), - NewAccState - end - end, State, [c2s_certfile, s2s_certfile, domain_certfile]). + NewState = + lists:foldl( + fun(Opt, AccState) -> + case ejabberd_config:get_option({Opt, Host}) of + undefined -> AccState; + Path -> + {_, NewAccState} = add_certfile(Path, AccState), + NewAccState + end + end, State, [c2s_certfile, s2s_certfile, domain_certfile]), + %% Add acme certificate if it exists + case ejabberd_acme:certificate_exists(Host) of + {true, Path} -> + {_, FinalState} = add_certfile(Path, NewState), + FinalState; + false -> + NewState + end. add_certfile(Path, State) -> case maps:get(Path, State#state.certs, undefined) of