defmodule NervesHubLink.Configurator.Default do
@behaviour NervesHubLink.Configurator
alias NervesHubLink.{Certificate, Configurator.Config}
@cert "nerves_hub_cert"
@key "nerves_hub_key"
@impl NervesHubLink.Configurator
def build(%Config{} = config) do
ssl =
config.ssl
|> maybe_add_cacerts()
|> maybe_add_cert()
|> maybe_add_key()
|> maybe_add_sni(config)
%{config | ssl: ssl}
end
defp maybe_add_cacerts(socket_opts) do
Keyword.put_new(socket_opts, :cacerts, Certificate.ca_certs())
end
defp maybe_add_cert(socket_opts) do
if socket_opts[:cert] || socket_opts[:certfile] do
# option already provided
socket_opts
else
cert =
Nerves.Runtime.KV.get(@cert)
|> Certificate.pem_to_der()
Keyword.put(socket_opts, :cert, cert)
end
end
defp maybe_add_key(socket_opts) do
if socket_opts[:key] || socket_opts[:keyfile] do
socket_opts
else
key =
Nerves.Runtime.KV.get(@key)
|> Certificate.key_pem_to_der()
Keyword.put(socket_opts, :key, {:ECPrivateKey, key})
end
end
defp maybe_add_sni(socket_opts, %{device_api_sni: sni}) do
Keyword.put_new(socket_opts, :server_name_indication, to_charlist(sni))
end
end