Set up cacertfile when it is set

Author: MarcialRosales

deps/oauth2_client/BUILD.bazel

@@ -125,4 +125,10 @@ rabbitmq_integration_suite(
     ],
 )
 
+
+rabbitmq_suite(
+    name = "unit_SUITE",
+    size = "small",
+)
+
 assert_suites()

deps/oauth2_client/app.bzl

@@ -81,3 +81,12 @@ def test_suite_beam_files(name = "test_suite_beam_files"):
         app_name = "oauth2_client",
         erlc_opts = "//:test_erlc_opts",
     )
+    erlang_bytecode(
+        name = "unit_SUITE_beam_files",
+        testonly = True,
+        srcs = ["test/unit_SUITE.erl"],
+        outs = ["test/unit_SUITE.beam"],
+        hdrs = ["include/oauth2_client.hrl"],
+        app_name = "oauth2_client",
+        erlc_opts = "//:test_erlc_opts",
+    )

deps/oauth2_client/src/oauth2_client.erl

@@ -7,7 +7,8 @@
 -module(oauth2_client).
 -export([get_access_token/2,
         refresh_access_token/2,
-        get_oauth_provider/1,get_oauth_provider/2
+        get_oauth_provider/1,get_oauth_provider/2,
+        extract_ssl_options_as_list/1
         ]).
 
 -include("oauth2_client.hrl").
@@ -270,31 +271,46 @@ lookup_oauth_provider_from_keyconfig() ->
 
 -spec extract_ssl_options_as_list(#{atom() => any()}) -> proplists:proplist().
 extract_ssl_options_as_list(Map) ->
-  Verify = case maps:get(peer_verification, Map, verify_peer) of
+  {Verify, CaCerts, CaCertFile} = case maps:get(peer_verification, Map, verify_peer) of
     verify_peer ->
       case maps:get(cacertfile, Map, undefined) of
         undefined ->
           case public_key:cacerts_get() of
-            [] -> verify_none;
-            _ -> verify_peer
+            [] -> {verify_none, undefined, undefined};
+            Certs -> {verify_peer, Certs, undefined}
           end;
-        _ -> verify_peer
+        CaCert -> {verify_peer, undefined, CaCert}
       end;
-    verify_none -> verify_none
+    verify_none -> {verify_none, undefined, undefined}
   end,
 
-  [ {verify, Verify},
-    {cacertfile, maps:get(cacertfile, Map, "")},
-    {depth, maps:get(depth, Map, 10)},
-    {crl_check, maps:get(crl_check, Map, false)},
-    {fail_if_no_peer_cert, maps:get(fail_if_no_peer_cert, Map, false)}
-  ] ++
-  case maps:get(hostname_verification, Map, none) of
+  [ {verify, Verify} ]
+    ++
+    case Verify of
+      verify_none -> [];
+      _ ->
+        [
+          {depth, maps:get(depth, Map, 10)},
+          {crl_check, maps:get(crl_check, Map, false)},
+          {fail_if_no_peer_cert, maps:get(fail_if_no_peer_cert, Map, false)}
+        ]
+    end
+    ++
+    case Verify of
+      verify_none -> [];
+      _ ->
+        case {CaCerts, CaCertFile} of
+          {_, undefined} -> [{cacerts, CaCerts}];
+          {undefined, _} -> [{cacertfile, CaCertFile}]
+        end
+    end
+    ++
+    case maps:get(hostname_verification, Map, none) of
       wildcard ->
           [{customize_hostname_check, [{match_fun, public_key:pkix_verify_hostname_match_fun(https)}]}];
       none ->
           []
-  end.
+    end.
 
 lookup_oauth_provider_config(OAuth2ProviderId) ->
   case application:get_env(rabbitmq_auth_backend_oauth2, oauth_providers) of

deps/oauth2_client/test/system_SUITE.erl

@@ -177,7 +177,7 @@ groups() ->
     ssl_connection_error,
     {group, with_all_oauth_provider_settings},
     {group, without_all_oauth_providers_settings}
-  ]}
+  ]} 
 ].
 
 init_per_suite(Config) ->

deps/oauth2_client/test/unit_SUITE.erl

@@ -0,0 +1,34 @@
+%% This Source Code Form is subject to the terms of the Mozilla Public
+%% License, v. 2.0. If a copy of the MPL was not distributed with this
+%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
+%%
+%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
+%%
+
+-module(unit_SUITE).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("eunit/include/eunit.hrl").
+
+-include_lib("oauth2_client.hrl").
+
+-compile(export_all).
+
+
+all() ->
+[
+   {group, ssl_options}
+].
+
+groups() ->
+[
+  {ssl_options, [], [
+    no_ssl_options_set
+  ]}
+].
+
+no_ssl_options_set(_) ->
+  Map = #{ },
+  ?assertEqual([
+    {verify, verify_none}
+  ], oauth2_client:extract_ssl_options_as_list(Map)).