From 3e48ba09100dda32114f23d1620c74dc3c935317 Mon Sep 17 00:00:00 2001
From: Sarah Ella Stoltze <sarah.stoltze@maersk.com>
Date: Tue, 17 Dec 2024 16:47:49 +0100
Subject: [PATCH] Registry can be configured with erlang :ssl options

Co-authored-by: Andrew Bruce <andrew.bruce@maersk.com>
---
 lib/avrora/client.ex                  |  1 +
 lib/avrora/config.ex                  |  1 +
 lib/avrora/storage/registry.ex        |  2 ++
 test/avrora/storage/registry_test.exs | 14 ++++++++++++++
 test/support/config.ex                |  2 ++
 5 files changed, 20 insertions(+)

diff --git a/lib/avrora/client.ex b/lib/avrora/client.ex
index ca89b7f7..d3d22c51 100644
--- a/lib/avrora/client.ex
+++ b/lib/avrora/client.ex
@@ -119,6 +119,7 @@ defmodule Avrora.Client do
           def registry_auth, do: get(@opts, :registry_auth, nil)
           def registry_user_agent, do: get(@opts, :registry_user_agent, "Avrora/#{version()} Elixir")
           def registry_ssl_cacerts, do: get(@opts, :registry_ssl_cacerts, nil)
+          def registry_ssl_opts, do: get(@opts, :registry_ssl_opts, nil)
           def registry_schemas_autoreg, do: get(@opts, :registry_schemas_autoreg, true)
           def convert_null_values, do: get(@opts, :convert_null_values, true)
           def convert_map_to_proplist, do: get(@opts, :convert_map_to_proplist, false)
diff --git a/lib/avrora/config.ex b/lib/avrora/config.ex
index 459bf9ff..68e8ecc3 100644
--- a/lib/avrora/config.ex
+++ b/lib/avrora/config.ex
@@ -32,6 +32,7 @@ defmodule Avrora.Config do
   @callback registry_user_agent :: String.t() | nil
   @callback registry_ssl_cacerts :: binary() | nil
   @callback registry_ssl_cacert_path :: String.t() | nil
+  @callback registry_ssl_opts :: [:ssl.tls_option()] | nil
   @callback registry_schemas_autoreg :: boolean()
   @callback convert_null_values :: boolean()
   @callback convert_map_to_proplist :: boolean()
diff --git a/lib/avrora/storage/registry.ex b/lib/avrora/storage/registry.ex
index 86ec3709..4b61db9b 100644
--- a/lib/avrora/storage/registry.ex
+++ b/lib/avrora/storage/registry.ex
@@ -135,6 +135,7 @@ defmodule Avrora.Storage.Registry do
   defp options do
     ssl_options =
       cond do
+        !is_nil(registry_ssl_opts()) -> registry_ssl_opts()
         !is_nil(registry_ssl_cacerts()) -> [verify: :verify_peer, cacerts: [registry_ssl_cacerts()]]
         !is_nil(registry_ssl_cacert_path()) -> [verify: :verify_peer, cacertfile: registry_ssl_cacert_path()]
         true -> [verify: :verify_none]
@@ -185,4 +186,5 @@ defmodule Avrora.Storage.Registry do
   defp registry_user_agent, do: Config.self().registry_user_agent()
   defp registry_ssl_cacerts, do: Config.self().registry_ssl_cacerts()
   defp registry_ssl_cacert_path, do: Config.self().registry_ssl_cacert_path()
+  defp registry_ssl_opts, do: Config.self().registry_ssl_opts()
 end
diff --git a/test/avrora/storage/registry_test.exs b/test/avrora/storage/registry_test.exs
index 09e6c6ae..eb002bff 100644
--- a/test/avrora/storage/registry_test.exs
+++ b/test/avrora/storage/registry_test.exs
@@ -273,6 +273,20 @@ defmodule Avrora.Storage.RegistryTest do
       assert :ok == Registry.get(1) |> elem(0)
     end
 
+    test "when request should perform SSL verification based on given cert file using :ssl options" do
+      stub(Avrora.ConfigMock, :registry_ssl_opts, fn -> [verify: :verify_peer, cacertfile: "path/to/file"] end)
+
+      Avrora.HTTPClientMock
+      |> expect(:get, fn url, options ->
+        assert url == "http://reg.loc/schemas/ids/1"
+        assert Keyword.fetch!(options, :ssl_options) == [verify: :verify_peer, cacertfile: "path/to/file"]
+
+        {:ok, %{"schema" => json_schema()}}
+      end)
+
+      assert :ok == Registry.get(1) |> elem(0)
+    end
+
     test "when registry url is unconfigured" do
       stub(Avrora.ConfigMock, :registry_url, fn -> nil end)
 
diff --git a/test/support/config.ex b/test/support/config.ex
index f674f551..c91a7b22 100644
--- a/test/support/config.ex
+++ b/test/support/config.ex
@@ -46,6 +46,8 @@ defmodule Support.Config do
   @impl true
   def registry_ssl_cacert_path, do: nil
   @impl true
+  def registry_ssl_opts, do: nil
+  @impl true
   def registry_schemas_autoreg, do: true
   @impl true
   def convert_null_values, do: true