dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/onomondo-eim/+/42833?usp=email )
Change subject: certificates: add checks to make sure cert and key files are readable ......................................................................
certificates: add checks to make sure cert and key files are readable
In cas a certificate or key file is not reachable, the failure symptoms may not be immediately obvious. Let's add checks to make sure all certificate and key files are readable.
Change-Id: Icaea4aae6188bcdecbc44558aefd2609706be56f Related: SYS#7093 --- M src/crypto_utils.erl M src/onomondo_eim_app.erl 2 files changed, 21 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/onomondo-eim refs/changes/33/42833/1
diff --git a/src/crypto_utils.erl b/src/crypto_utils.erl index 9d0cd0f..1bba9ab 100644 --- a/src/crypto_utils.erl +++ b/src/crypto_utils.erl @@ -211,7 +211,12 @@ error; get_root_cert(EumCertificate, RootCiCertPaths) -> [RootCiCertPath | RootCiCertPathsTail] = RootCiCertPaths, - {ok, RootCiCertPem} = file:read_file(RootCiCertPath), + RootCiCertPem = case file:read_file(RootCiCertPath) of + {ok, FileContent} -> + FileContent; + _ -> + throw({"CI certificate file not readable", RootCiCertPath}) + end, [{'Certificate', RootCiCertBer, not_encrypted}] = public_key:pem_decode(RootCiCertPem), {ok, EumCertificateBer} = 'PKIX1Explicit88':encode('Certificate', EumCertificate), case public_key:pkix_is_issuer(EumCertificateBer, RootCiCertBer) of diff --git a/src/onomondo_eim_app.erl b/src/onomondo_eim_app.erl index ffdc68b..960d9f1 100644 --- a/src/onomondo_eim_app.erl +++ b/src/onomondo_eim_app.erl @@ -30,6 +30,21 @@ "Starting ESipa HTTPs server at ~p:~p...~ncertificate: ~p~nkey: ~p~n", [Ip, Port, Cert, Key] ), + + case filelib:is_file(Cert) of + true -> + ok; + _ -> + throw({"SSL certificate file not readable", Cert}) + end, + + case filelib:is_file(Key) of + true -> + ok; + _ -> + throw({"SSL private key file not readable", Key}) + end, + cowboy:start_tls( https_listener_esipa, [