|
|
@@ -116,10 +116,12 @@ func SelfCert(lg *zap.Logger, dirpath string, hosts []string) (info TLSInfo, err
|
|
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
|
|
if err != nil {
|
|
|
- info.Logger.Warn(
|
|
|
- "cannot generate random number",
|
|
|
- zap.Error(err),
|
|
|
- )
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Warn(
|
|
|
+ "cannot generate random number",
|
|
|
+ zap.Error(err),
|
|
|
+ )
|
|
|
+ }
|
|
|
return
|
|
|
}
|
|
|
|
|
|
@@ -145,19 +147,23 @@ func SelfCert(lg *zap.Logger, dirpath string, hosts []string) (info TLSInfo, err
|
|
|
|
|
|
priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
|
|
|
if err != nil {
|
|
|
- info.Logger.Warn(
|
|
|
- "cannot generate ECDSA key",
|
|
|
- zap.Error(err),
|
|
|
- )
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Warn(
|
|
|
+ "cannot generate ECDSA key",
|
|
|
+ zap.Error(err),
|
|
|
+ )
|
|
|
+ }
|
|
|
return
|
|
|
}
|
|
|
|
|
|
derBytes, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, &priv.PublicKey, priv)
|
|
|
if err != nil {
|
|
|
- info.Logger.Warn(
|
|
|
- "cannot generate x509 certificate",
|
|
|
- zap.Error(err),
|
|
|
- )
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Warn(
|
|
|
+ "cannot generate x509 certificate",
|
|
|
+ zap.Error(err),
|
|
|
+ )
|
|
|
+ }
|
|
|
return
|
|
|
}
|
|
|
|
|
|
@@ -172,7 +178,9 @@ func SelfCert(lg *zap.Logger, dirpath string, hosts []string) (info TLSInfo, err
|
|
|
}
|
|
|
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
|
certOut.Close()
|
|
|
- info.Logger.Debug("created cert file", zap.String("path", certPath))
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Info("created cert file", zap.String("path", certPath))
|
|
|
+ }
|
|
|
|
|
|
b, err := x509.MarshalECPrivateKey(priv)
|
|
|
if err != nil {
|
|
|
@@ -180,17 +188,20 @@ func SelfCert(lg *zap.Logger, dirpath string, hosts []string) (info TLSInfo, err
|
|
|
}
|
|
|
keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
|
|
if err != nil {
|
|
|
- info.Logger.Warn(
|
|
|
- "cannot key file",
|
|
|
- zap.String("path", keyPath),
|
|
|
- zap.Error(err),
|
|
|
- )
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Warn(
|
|
|
+ "cannot key file",
|
|
|
+ zap.String("path", keyPath),
|
|
|
+ zap.Error(err),
|
|
|
+ )
|
|
|
+ }
|
|
|
return
|
|
|
}
|
|
|
pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: b})
|
|
|
keyOut.Close()
|
|
|
- info.Logger.Debug("created key file", zap.String("path", keyPath))
|
|
|
-
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Info("created key file", zap.String("path", keyPath))
|
|
|
+ }
|
|
|
return SelfCert(lg, dirpath, hosts)
|
|
|
}
|
|
|
|
|
|
@@ -250,38 +261,46 @@ func (info TLSInfo) baseConfig() (*tls.Config, error) {
|
|
|
cfg.GetCertificate = func(clientHello *tls.ClientHelloInfo) (cert *tls.Certificate, err error) {
|
|
|
cert, err = tlsutil.NewCert(info.CertFile, info.KeyFile, info.parseFunc)
|
|
|
if os.IsNotExist(err) {
|
|
|
- info.Logger.Warn(
|
|
|
- "failed to find peer cert files",
|
|
|
- zap.String("cert-file", info.CertFile),
|
|
|
- zap.String("key-file", info.KeyFile),
|
|
|
- zap.Error(err),
|
|
|
- )
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Warn(
|
|
|
+ "failed to find peer cert files",
|
|
|
+ zap.String("cert-file", info.CertFile),
|
|
|
+ zap.String("key-file", info.KeyFile),
|
|
|
+ zap.Error(err),
|
|
|
+ )
|
|
|
+ }
|
|
|
} else if err != nil {
|
|
|
- info.Logger.Warn(
|
|
|
- "failed to create peer certificate",
|
|
|
- zap.String("cert-file", info.CertFile),
|
|
|
- zap.String("key-file", info.KeyFile),
|
|
|
- zap.Error(err),
|
|
|
- )
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Warn(
|
|
|
+ "failed to create peer certificate",
|
|
|
+ zap.String("cert-file", info.CertFile),
|
|
|
+ zap.String("key-file", info.KeyFile),
|
|
|
+ zap.Error(err),
|
|
|
+ )
|
|
|
+ }
|
|
|
}
|
|
|
return cert, err
|
|
|
}
|
|
|
cfg.GetClientCertificate = func(unused *tls.CertificateRequestInfo) (cert *tls.Certificate, err error) {
|
|
|
cert, err = tlsutil.NewCert(info.CertFile, info.KeyFile, info.parseFunc)
|
|
|
if os.IsNotExist(err) {
|
|
|
- info.Logger.Warn(
|
|
|
- "failed to find client cert files",
|
|
|
- zap.String("cert-file", info.CertFile),
|
|
|
- zap.String("key-file", info.KeyFile),
|
|
|
- zap.Error(err),
|
|
|
- )
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Warn(
|
|
|
+ "failed to find client cert files",
|
|
|
+ zap.String("cert-file", info.CertFile),
|
|
|
+ zap.String("key-file", info.KeyFile),
|
|
|
+ zap.Error(err),
|
|
|
+ )
|
|
|
+ }
|
|
|
} else if err != nil {
|
|
|
- info.Logger.Warn(
|
|
|
- "failed to create client certificate",
|
|
|
- zap.String("cert-file", info.CertFile),
|
|
|
- zap.String("key-file", info.KeyFile),
|
|
|
- zap.Error(err),
|
|
|
- )
|
|
|
+ if info.Logger != nil {
|
|
|
+ info.Logger.Warn(
|
|
|
+ "failed to create client certificate",
|
|
|
+ zap.String("cert-file", info.CertFile),
|
|
|
+ zap.String("key-file", info.KeyFile),
|
|
|
+ zap.Error(err),
|
|
|
+ )
|
|
|
+ }
|
|
|
}
|
|
|
return cert, err
|
|
|
}
|
Gyuho Lee