in wangle/ssl/TLSCredProcessor.cpp [125:170]
/* static */ Optional<TLSTicketKeySeeds> TLSCredProcessor::processTLSTickets(
const std::string& fileName,
const folly::Optional<std::string>& password) {
try {
std::string jsonData;
if (password.has_value()) {
auto wrappedData = SSLUtil::decryptOpenSSLEncFilePassString(
fileName, password.value(), EVP_aes_256_cbc(), EVP_sha256());
if (wrappedData.has_value()) {
jsonData = wrappedData.value();
} else {
LOG(WARNING) << "Failed to read " << fileName
<< " using supplied password "
<< "; Ticket seeds are unavailable.";
return folly::none;
}
} else {
if (!folly::readFile(fileName.c_str(), jsonData)) {
LOG(WARNING) << "Failed to read " << fileName
<< "; Ticket seeds are unavailable.";
return folly::none;
}
}
folly::dynamic conf = folly::parseJson(jsonData);
if (conf.type() != dynamic::Type::OBJECT) {
LOG(WARNING) << "Error parsing " << fileName << " expected object";
return folly::none;
}
TLSTicketKeySeeds seedData;
if (conf.count("old")) {
insertSeeds(conf["old"], seedData.oldSeeds);
}
if (conf.count("current")) {
insertSeeds(conf["current"], seedData.currentSeeds);
}
if (conf.count("new")) {
insertSeeds(conf["new"], seedData.newSeeds);
}
return seedData;
} catch (const std::exception&) {
// Don't log ex.what() since it may contain contents of the key file.
LOG(WARNING) << "Parsing " << fileName << " failed.";
return folly::none;
}
}