more refactoring

2026-05-04 10:00:10 -05:00 · 2021-06-07 20:00:47 +02:00
parent d4d1075fdd
commit b64d13c20e
1 changed files with 39 additions and 36 deletions
@@ -18,32 +18,6 @@ var (
 	DEFAULT_HOSTS = []string{"127.0.0.1", "localhost"}
 )

-func publicKey(priv interface{}) interface{} {
-	switch k := priv.(type) {
-	case *rsa.PrivateKey:
-		return &k.PublicKey
-	case *ecdsa.PrivateKey:
-		return &k.PublicKey
-	default:
-		return nil
-	}
-}
-
-func pemBlockForKey(priv interface{}, l log.Logger) *pem.Block {
-	switch k := priv.(type) {
-	case *rsa.PrivateKey:
-		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
-	case *ecdsa.PrivateKey:
-		b, err := x509.MarshalECPrivateKey(k)
-		if err != nil {
-			l.Fatal().Err(err).Msg("Unable to marshal ECDSA private key")
-		}
-		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
-	default:
-		return nil
-	}
-}
-
 // GenCert generates TLS-Certificates. This function has side effects: it creates the respective certificate / key pair at
 // the destination locations unless the tuple already exists, if that is the case, this is a noop.
 func GenCert(certName string, keyName string, l log.Logger) error {
@@ -59,12 +33,15 @@ func GenCert(certName string, keyName string, l log.Logger) error {
 	_, keyErr := os.Stat(keyName)

 	if certErr == nil || keyErr == nil {
-		l.Debug().Msg(fmt.Sprintf("%v certificate or key already present, using these", filepath.Base(certName)))
+		l.Debug().Msg(
+			fmt.Sprintf("%v certificate / key pair already present. skipping acme certificate generation",
+				filepath.Base(certName)))
 		return nil
 	}

 	persistCertificate(certName, l, pk)
 	persistKey(keyName, l, pk)
+
 	return nil
 }

@@ -96,6 +73,19 @@ func persistCertificate(certName string, l log.Logger, pk interface{}) {
 	l.Info().Msg(fmt.Sprintf("written certificate to %v", certName))
 }

+// genCert generates a self signed certificate using a random rsa key.
+func generateCertificate(pk interface{}) ([]byte, error) {
+	for _, h := range DEFAULT_HOSTS {
+		if ip := net.ParseIP(h); ip != nil {
+			acmeTemplate.IPAddresses = append(acmeTemplate.IPAddresses, ip)
+		} else {
+			acmeTemplate.DNSNames = append(acmeTemplate.DNSNames, h)
+		}
+	}
+
+	return x509.CreateCertificate(rand.Reader, &acmeTemplate, &acmeTemplate, publicKey(pk), pk)
+}
+
 // persistKey persists the private key used to generate the certificate at the configured location.
 func persistKey(keyName string, l log.Logger, pk interface{}) {
 	if err := ensureExistsDir(keyName); err != nil {
@@ -118,17 +108,30 @@ func persistKey(keyName string, l log.Logger, pk interface{}) {
 	l.Info().Msg(fmt.Sprintf("written key to %v", keyName))
 }

-// genCert generates a self signed certificate using a random rsa key.
-func generateCertificate(pk interface{}) ([]byte, error) {
-	for _, h := range DEFAULT_HOSTS {
-		if ip := net.ParseIP(h); ip != nil {
-			acmeTemplate.IPAddresses = append(acmeTemplate.IPAddresses, ip)
-		} else {
-			acmeTemplate.DNSNames = append(acmeTemplate.DNSNames, h)
-		}
+func publicKey(priv interface{}) interface{} {
+	switch k := priv.(type) {
+	case *rsa.PrivateKey:
+		return &k.PublicKey
+	case *ecdsa.PrivateKey:
+		return &k.PublicKey
+	default:
+		return nil
 	}
+}

-	return x509.CreateCertificate(rand.Reader, &acmeTemplate, &acmeTemplate, publicKey(pk), pk)
+func pemBlockForKey(priv interface{}, l log.Logger) *pem.Block {
+	switch k := priv.(type) {
+	case *rsa.PrivateKey:
+		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
+	case *ecdsa.PrivateKey:
+		b, err := x509.MarshalECPrivateKey(k)
+		if err != nil {
+			l.Fatal().Err(err).Msg("Unable to marshal ECDSA private key")
+		}
+		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
+	default:
+		return nil
+	}
 }

 func ensureExistsDir(uri string) error {