From 784f116ba3fad8e28ef2fefd86d5df71801dbe6f Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Fri, 20 Jan 2017 00:30:36 +0100
Subject: API keys are now provided in config file

Also added CA cert verification for internal TLS connections.
---
 src/http_auth.erl | 20 +++-----------------
 1 file changed, 3 insertions(+), 17 deletions(-)

(limited to 'src/http_auth.erl')

diff --git a/src/http_auth.erl b/src/http_auth.erl
index a187e05..16d7dfa 100644
--- a/src/http_auth.erl
+++ b/src/http_auth.erl
@@ -17,24 +17,10 @@ init_key_table() ->
     read_key_table().
 
 read_key_table() ->
-    PublickeyDir = application:get_env(plop, publickey_path, none),
-    ServersACL = application:get_env(plop, allowed_servers, []),
-    ClientsACL = application:get_env(plop, allowed_clients, []),
-    Keys = sets:from_list(
-             lists:flatmap(fun ({_, Keys}) ->
-                                   case Keys of
-                                       noauth ->
-                                           [];
-                                       _ when is_list(Keys) ->
-                                           Keys
-                                   end
-                           end, ServersACL ++ ClientsACL)),
     lists:foreach(
-      fun (KeyName) ->
-              Key = sign:read_keyfile_ec(PublickeyDir ++ "/" ++
-                                             KeyName ++ ".pem"),
-              true = ets:insert(?KEY_TABLE, {KeyName, Key})
-      end, sets:to_list(Keys)),
+      fun ({KeyName, Der}) ->
+              true = ets:insert(?KEY_TABLE, {KeyName, sign:pem_entry_decode({'SubjectPublicKeyInfo', Der, []})})
+      end, application:get_env(plop, apikeys, [])),
     case application:get_env(plop, own_key, none) of
         {_OwnKeyName, OwnKeyFile} ->
             OwnKey = sign:read_keyfile_ec(OwnKeyFile),
-- 
cgit v1.1