Merge branch 'ia/ssl/ets-next-problem/OTP-9703'

* ia/ssl/ets-next-problem/OTP-9703:
  Replaced ets:next traversal with ets:foldl and throw

4 files changed, 42 insertions, 72 deletions

diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl
index 422ea6404b..61876e1158 100644
--- a/lib/ssl/src/ssl_certificate.erl
+++ b/lib/ssl/src/ssl_certificate.erl
@@ -66,7 +66,7 @@ trusted_cert_and_path(CertChain, CertDbHandle, CertDbRef) ->
 		    {ok, IssuerId} ->
 			{other, IssuerId};
 		    {error, issuer_not_found} ->
-			case find_issuer(OtpCert, no_candidate, CertDbHandle) of
+			case find_issuer(OtpCert, CertDbHandle) of
 			    {ok, IssuerId} ->
 				{other, IssuerId};
 			    Other ->
@@ -193,7 +193,7 @@ certificate_chain(OtpCert, _Cert, CertDbHandle, CertsDbRef, Chain) ->
 	{_, true = SelfSigned} ->
 	    certificate_chain(CertDbHandle, CertsDbRef, Chain, ignore, ignore, SelfSigned);
 	{{error, issuer_not_found}, SelfSigned} ->
-	    case find_issuer(OtpCert, no_candidate, CertDbHandle) of
+	    case find_issuer(OtpCert, CertDbHandle) of
 		{ok, {SerialNr, Issuer}} ->
 		    certificate_chain(CertDbHandle, CertsDbRef, Chain,
 				      SerialNr, Issuer, SelfSigned);
@@ -227,17 +227,24 @@ certificate_chain(CertDbHandle, CertsDbRef, Chain, SerialNr, Issuer, _SelfSigned
 	    {ok, lists:reverse(Chain)}		      
     end.
 
-find_issuer(OtpCert, PrevCandidateKey, CertDbHandle) ->
-    case ssl_manager:issuer_candidate(PrevCandidateKey, CertDbHandle) of
- 	no_more_candidates ->
- 	    {error, issuer_not_found};
- 	{Key, {_Cert, ErlCertCandidate}} ->
-	    case public_key:pkix_is_issuer(OtpCert, ErlCertCandidate) of
-		true ->
-		    public_key:pkix_issuer_id(ErlCertCandidate, self);
-		false ->
-		    find_issuer(OtpCert, Key, CertDbHandle)
-	    end
+find_issuer(OtpCert, CertDbHandle) ->
+    IsIssuerFun = fun({_Key, {_Der, #'OTPCertificate'{} = ErlCertCandidate}}, Acc) ->
+			  case public_key:pkix_is_issuer(OtpCert, ErlCertCandidate) of
+			      true ->
+				  throw(public_key:pkix_issuer_id(ErlCertCandidate, self));
+			      false ->
+				  Acc
+			  end;
+		     (_, Acc) ->
+			  Acc
+		  end,
+
+    try ssl_certificate_db:foldl(IsIssuerFun, issuer_not_found, CertDbHandle) of
+	issuer_not_found ->
+	    {error, issuer_not_found}
+    catch 
+	{ok, _IssuerId} = Return ->
+	    Return
     end.
 
 is_valid_extkey_usage(KeyUse, client) ->
diff --git a/lib/ssl/src/ssl_certificate_db.erl b/lib/ssl/src/ssl_certificate_db.erl
index 0560a02110..cb2473576a 100644
--- a/lib/ssl/src/ssl_certificate_db.erl
+++ b/lib/ssl/src/ssl_certificate_db.erl
@@ -26,7 +26,7 @@
 -include_lib("public_key/include/public_key.hrl").
 
 -export([create/0, remove/1, add_trusted_certs/3, 
-	 remove_trusted_certs/2, lookup_trusted_cert/4, issuer_candidate/2,
+	 remove_trusted_certs/2, lookup_trusted_cert/4, foldl/3, 
 	 lookup_cached_certs/2, cache_pem_file/4, uncache_pem_file/2, lookup/2]).
 
 -type time()      :: {non_neg_integer(), non_neg_integer(), non_neg_integer()}.
@@ -127,8 +127,6 @@ uncache_pem_file(File, [_CertsDb, _FileToRefDb, PidToFileDb]) ->
 			  exit(Pid, shutdown)
 		  end, Pids).
 
-
-
 %%--------------------------------------------------------------------
 -spec remove_trusted_certs(pid(), [db_handle()]) -> term().
 				  
@@ -161,37 +159,6 @@ remove_trusted_certs(Pid, [CertsDb, FileToRefDb, PidToFileDb]) ->
     end.
 
 %%--------------------------------------------------------------------
--spec issuer_candidate(no_candidate | cert_key() | {file, term()}, term()) ->
-			      {cert_key(),{der_cert(), #'OTPCertificate'{}}} | no_more_candidates.
-%%
-%% Description: If a certificat does not define its issuer through
-%%              the extension 'ce-authorityKeyIdentifier' we can
-%%              try to find the issuer in the database over known
-%%              certificates. 
-%%--------------------------------------------------------------------
-issuer_candidate(no_candidate, Db) ->
-    case ets:first(Db) of
- 	'$end_of_table' ->
- 	    no_more_candidates;
-	{file, _} = Key ->
-	    issuer_candidate(Key, Db);
- 	Key ->
-	    [Cert] = lookup(Key, Db),
- 	    {Key, Cert}
-    end;
-
-issuer_candidate(PrevCandidateKey, Db) ->
-    case ets:next(Db, PrevCandidateKey) of
- 	'$end_of_table' ->
- 	    no_more_candidates;
-	{file, _} = Key ->
-	    issuer_candidate(Key, Db);
- 	Key ->
-	    [Cert] = lookup(Key, Db),
- 	    {Key, Cert}
-    end.
-
-%%--------------------------------------------------------------------
 -spec lookup(term(), db_handle()) -> term() | undefined.
 %%
 %% Description: Looks up an element in a certificat <Db>.
@@ -206,7 +173,18 @@ lookup(Key, Db) ->
 		   end,
 	    [Pick(Data) || Data <- Contents]
     end.
-
+%%--------------------------------------------------------------------
+-spec foldl(fun(), term(), db_handle()) -> term().
+%%
+%% Description: Calls Fun(Elem, AccIn) on successive elements of the
+%% cache, starting with AccIn == Acc0. Fun/2 must return a new
+%% accumulator which is passed to the next call. The function returns
+%% the final value of the accumulator. Acc0 is returned if the certifate
+%% db is empty.
+%%--------------------------------------------------------------------
+foldl(Fun, Acc0, Cache) ->
+    ets:foldl(Fun, Acc0, Cache).
+  
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index f873a6a913..7eb7f44df6 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1092,18 +1092,12 @@ certificate_authorities(CertDbHandle, CertDbRef) ->
     list_to_binary([Enc(Cert) || {_, Cert} <- Authorities]).
 
 certificate_authorities_from_db(CertDbHandle, CertDbRef) ->
-    certificate_authorities_from_db(CertDbHandle, CertDbRef, no_candidate, []).
-
-certificate_authorities_from_db(CertDbHandle,CertDbRef, PrevKey, Acc) ->
-    case ssl_manager:issuer_candidate(PrevKey, CertDbHandle) of
-	no_more_candidates ->
-	    lists:reverse(Acc);
-	{{CertDbRef, _, _} = Key, Cert} ->
-	    certificate_authorities_from_db(CertDbHandle, CertDbRef, Key, [Cert|Acc]);
-	{Key, _Cert} ->
-	    %% skip certs not from this ssl connection
-	    certificate_authorities_from_db(CertDbHandle, CertDbRef, Key, Acc)
-    end.
+    ConnectionCerts = fun({{Ref, _, _}, Cert}, Acc) when Ref  == CertDbRef ->
+			      [Cert | Acc];
+			 (_, Acc) ->
+			      Acc
+		      end,	
+    ssl_certificate_db:foldl(ConnectionCerts, [], CertDbHandle).
 
 digitally_signed(Hash, #'RSAPrivateKey'{} = Key) ->
     public_key:encrypt_private(Hash, Key,
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index 21fc47a69f..6a44ef8c3e 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -29,8 +29,8 @@
 %% Internal application API
 -export([start_link/1, start_link_dist/1,
 	 connection_init/2, cache_pem_file/2,
-	 lookup_trusted_cert/4, issuer_candidate/2, client_session_id/4,
-	 server_session_id/4,
+	 lookup_trusted_cert/4,
+	 client_session_id/4, server_session_id/4,
 	 register_session/2, register_session/3, invalidate_session/2,
 	 invalidate_session/3]).
 
@@ -112,16 +112,7 @@ cache_pem_file(File, DbHandle) ->
 %% --------------------------------------------------------------------
 lookup_trusted_cert(DbHandle, Ref, SerialNumber, Issuer) ->
     ssl_certificate_db:lookup_trusted_cert(DbHandle, Ref, SerialNumber, Issuer).
-%%--------------------------------------------------------------------
--spec issuer_candidate(cert_key() | no_candidate, term()) ->
-			      {cert_key(),
-			       {der_cert(),
-				#'OTPCertificate'{}}} | no_more_candidates.
-%%
-%% Description: Return next issuer candidate.
-%%--------------------------------------------------------------------
-issuer_candidate(PrevCandidateKey, DbHandle) ->
-    ssl_certificate_db:issuer_candidate(PrevCandidateKey, DbHandle).
+
 %%--------------------------------------------------------------------
 -spec client_session_id(host(), inet:port_number(), #ssl_options{},
 			der_cert() | undefined) -> session_id().