Remove duplicate code

that returns an Erlang ssl options
from RabbitMq Configuration

(cherry picked from commit f7e25b4)

Author: MarcialRosales

deps/oauth2_client/src/oauth2_client.erl

@@ -280,9 +280,11 @@ lookup_oauth_provider_from_keyconfig() ->
         ssl_options = extract_ssl_options_as_list(Map)
     }.
 
+
+
 -spec extract_ssl_options_as_list(#{atom() => any()}) -> proplists:proplist().
 extract_ssl_options_as_list(Map) ->
-    {Verify, CaCerts, CaCertFile} = case maps:get(peer_verification, Map, verify_peer) of
+    {Verify, CaCerts, CaCertFile} = case get_verify_or_peer_verification(Map, verify_peer) of
         verify_peer ->
             case maps:get(cacertfile, Map, undefined) of
                 undefined ->
@@ -323,6 +325,20 @@ extract_ssl_options_as_list(Map) ->
             []
     end.
 
+% Replace peer_verification with verify to make it more consistent with other
+% ssl_options in RabbitMQ and Erlang's ssl options
+% Eventually, peer_verification will be removed. For now, both are allowed
+-spec get_verify_or_peer_verification(#{atom() => any()}, any()) -> proplists:proplist().
+get_verify_or_peer_verification(Ssl_options, Default) ->
+    case maps:get(verify, Ssl_options, undefined) of
+        undefined ->
+            case maps:get(peer_verification, Ssl_options, undefined) of
+                undefined -> Default;
+                PeerVerification -> PeerVerification
+            end;
+        Verify -> Verify
+    end.
+
 lookup_oauth_provider_config(OAuth2ProviderId) ->
     case application:get_env(rabbitmq_auth_backend_oauth2, oauth_providers) of
         undefined -> {error, oauth_providers_not_found};
@@ -427,33 +443,10 @@ map_to_oauth_provider(PropList) when is_list(PropList) ->
         token_endpoint = proplists:get_value(token_endpoint, PropList),
         authorization_endpoint = proplists:get_value(authorization_endpoint, PropList, undefined),
         jwks_uri = proplists:get_value(jwks_uri, PropList, undefined),
-        ssl_options = map_ssl_options(proplists:get_value(https, PropList, undefined))
+        ssl_options = extract_ssl_options_as_list(maps:from_list(
+            proplists:get_value(https, PropList, [])))
     }.
 
-map_ssl_options(undefined) ->
-    [{verify, verify_none},
-        {depth, 10},
-        {fail_if_no_peer_cert, false},
-        {crl_check, false},
-        {crl_cache, {ssl_crl_cache, {internal, [{http, 10000}]}}}];
-map_ssl_options(Ssl_options) ->
-    Ssl_options1 = [{verify, proplists:get_value(verify, Ssl_options, verify_none)},
-        {depth, proplists:get_value(depth, Ssl_options, 10)},
-        {fail_if_no_peer_cert, proplists:get_value(fail_if_no_peer_cert, Ssl_options, false)},
-        {crl_check, proplists:get_value(crl_check, Ssl_options, false)},
-        {crl_cache, {ssl_crl_cache, {internal, [{http, 10000}]}}} | cacertfile(Ssl_options)],
-    case proplists:get_value(hostname_verification, Ssl_options, none) of
-        wildcard ->
-            [{customize_hostname_check, [{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]} | Ssl_options1];
-        none ->
-            Ssl_options1
-    end.
-
-cacertfile(Ssl_options) ->
-    case proplists:get_value(cacertfile, Ssl_options) of
-        undefined -> [];
-        CaCertFile -> [{cacertfile, CaCertFile}]
-    end.
 
 enrich_oauth_provider({ok, OAuthProvider}, TLSOptions) ->
     {ok, OAuthProvider#oauth_provider{ssl_options=TLSOptions}};

deps/oauth2_client/test/unit_SUITE.erl

@@ -25,8 +25,11 @@ groups() ->
 [
   {ssl_options, [], [
     no_ssl_options_triggers_verify_peer,
-    peer_verification_verify_none,
-    peer_verification_verify_peer_with_cacertfile
+    choose_verify_over_peer_verification,
+    verify_set_to_verify_none,
+    peer_verification_set_to_verify_none,
+    peer_verification_set_to_verify_peer_with_cacertfile,
+    verify_set_to_verify_peer_with_cacertfile
   ]}
 ].
 
@@ -39,7 +42,29 @@ no_ssl_options_triggers_verify_peer(_) ->
     {cacerts, _CaCerts}
   ], oauth2_client:extract_ssl_options_as_list(#{})).
 
-peer_verification_verify_none(_) ->
+choose_verify_over_peer_verification(_) ->
+  Expected1 = [
+    {verify, verify_none}
+  ],
+  ?assertEqual(Expected1, oauth2_client:extract_ssl_options_as_list(
+    #{verify => verify_none, peer_verification => verify_peer })).
+
+verify_set_to_verify_none(_) ->
+  Expected1 = [
+    {verify, verify_none}
+  ],
+  ?assertEqual(Expected1, oauth2_client:extract_ssl_options_as_list(#{verify => verify_none})),
+
+  Expected2 = [
+    {verify, verify_none}
+  ],
+  ?assertEqual(Expected2, oauth2_client:extract_ssl_options_as_list(#{
+    verify => verify_none,
+    cacertfile => "/tmp"
+  })).
+
+
+peer_verification_set_to_verify_none(_) ->
   Expected1 = [
     {verify, verify_none}
   ],
@@ -54,7 +79,7 @@ peer_verification_verify_none(_) ->
   })).
 
 
-peer_verification_verify_peer_with_cacertfile(_) ->
+peer_verification_set_to_verify_peer_with_cacertfile(_) ->
   Expected = [
     {verify, verify_peer},
     {depth, 10},
@@ -66,3 +91,17 @@ peer_verification_verify_peer_with_cacertfile(_) ->
     cacertfile => "/tmp",
     peer_verification => verify_peer
   })).
+
+
+verify_set_to_verify_peer_with_cacertfile(_) ->
+  Expected = [
+    {verify, verify_peer},
+    {depth, 10},
+    {crl_check,false},
+    {fail_if_no_peer_cert,false},
+    {cacertfile, "/tmp"}
+  ],
+  ?assertEqual(Expected, oauth2_client:extract_ssl_options_as_list(#{
+    cacertfile => "/tmp",
+    verify => verify_peer
+  })).

deps/rabbitmq_auth_backend_oauth2/test/jwks_SUITE.erl

@@ -105,11 +105,13 @@ init_per_group(multi_resource, Config) ->
       #{
         <<"one">> => [
           {issuer, strict_jwks_url(Config, "/")},
-          {jwks_uri, strict_jwks_url(Config, "/jwks1")}
+          {jwks_uri, strict_jwks_url(Config, "/jwks1")},
+          {https, [{verify, verify_none}]}
         ],
         <<"two">> => [
           {issuer, strict_jwks_url(Config, "/")},
-          {jwks_uri, strict_jwks_url(Config, "/jwks2")}
+          {jwks_uri, strict_jwks_url(Config, "/jwks2")},
+          {https, [{verify, verify_none}]}
         ]
       },
     ok = rabbit_ct_broker_helpers:rpc(Config, 0, application, set_env, [rabbitmq_auth_backend_oauth2, resource_servers, ResourceServersConfig]),