optimize code of init rabbitmq connect func
This commit is contained in:
parent
9be984899c
commit
f45b7d5fa4
|
|
@ -48,9 +48,9 @@ func GetConn() *amqp.Connection {
|
|||
// InitRabbitProxy return instance of rabbitMQ connection
|
||||
func InitRabbitProxy(ctx context.Context, rCfg config.RabbitMQConfig) *RabbitMQProxy {
|
||||
amqpURI := generateRabbitMQURI(rCfg)
|
||||
certConf, err := readCertFiles(ctx, rCfg)
|
||||
certConf, err := initCertConf(rCfg)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "read rabbitMQ cert files failed", "error", err)
|
||||
logger.Error(ctx, "init rabbitMQ cert config failed", "error", err)
|
||||
panic(err)
|
||||
}
|
||||
rabbitMQOnce.Do(func() {
|
||||
|
|
@ -63,7 +63,7 @@ func InitRabbitProxy(ctx context.Context, rCfg config.RabbitMQConfig) *RabbitMQP
|
|||
|
||||
// initRabbitMQ return instance of rabbitMQ connection
|
||||
func initRabbitMQ(ctx context.Context, rabbitMQURI string, certConf *RabbitMQCertConf) *amqp.Connection {
|
||||
logger.Info(ctx, fmt.Sprintf("connecting to rabbitMQ server at: %s", rabbitMQURI))
|
||||
logger.Info(ctx, "connecting to rabbitMQ server", "rabbit_uri", rabbitMQURI)
|
||||
|
||||
tlsConfig := &tls.Config{
|
||||
Certificates: []tls.Certificate{certConf.clientCert},
|
||||
|
|
@ -78,7 +78,7 @@ func initRabbitMQ(ctx context.Context, rabbitMQURI string, certConf *RabbitMQCer
|
|||
Heartbeat: 10 * time.Second,
|
||||
})
|
||||
if err != nil {
|
||||
logger.Error(ctx, "Error opening connection: ", "error", err)
|
||||
logger.Error(ctx, "init rabbitMQ connection failed", "error", err)
|
||||
}
|
||||
defer conn.Close()
|
||||
|
||||
|
|
@ -131,55 +131,54 @@ func generateRabbitMQURI(rCfg config.RabbitMQConfig) string {
|
|||
return amqpURI
|
||||
}
|
||||
|
||||
func readCertFiles(ctx context.Context, rCfg config.RabbitMQConfig) (*RabbitMQCertConf, error) {
|
||||
var initFailedFlag bool
|
||||
certConf := RabbitMQCertConf{
|
||||
func initCertConf(rCfg config.RabbitMQConfig) (*RabbitMQCertConf, error) {
|
||||
certConf := &RabbitMQCertConf{
|
||||
insecureSkipVerify: rCfg.InsecureSkipVerify,
|
||||
serverName: rCfg.ServerName,
|
||||
}
|
||||
|
||||
caCert, err := os.ReadFile(rCfg.CACertPath)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "read server ca file failed", "error", err)
|
||||
initFailedFlag = true
|
||||
return nil, fmt.Errorf("read server ca file failed: %w", err)
|
||||
}
|
||||
caCertPool := x509.NewCertPool()
|
||||
caCertPool.AppendCertsFromPEM(caCert)
|
||||
if ok := caCertPool.AppendCertsFromPEM(caCert); !ok {
|
||||
return nil, fmt.Errorf("failed to parse root certificate from %s", rCfg.CACertPath)
|
||||
}
|
||||
certConf.caCertPool = caCertPool
|
||||
|
||||
keyData, err := os.ReadFile(rCfg.ClientKeyPath)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "read private key file failed", "error", err)
|
||||
initFailedFlag = true
|
||||
}
|
||||
|
||||
block, _ := pem.Decode(keyData)
|
||||
privateKey, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes, []byte(rCfg.ClientKeyPassword))
|
||||
if err != nil {
|
||||
logger.Error(ctx, "parse private key failed", "error", err)
|
||||
initFailedFlag = true
|
||||
}
|
||||
|
||||
pemBytes, err := x509.MarshalPKCS8PrivateKey(privateKey)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "parse private key failed", "error", err)
|
||||
initFailedFlag = true
|
||||
}
|
||||
pemBlock := &pem.Block{Type: "PRIVATE KEY", Bytes: pemBytes}
|
||||
|
||||
certPEM, err := os.ReadFile(rCfg.ClientCertPath)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "parse private key failed", "error", err)
|
||||
initFailedFlag = true
|
||||
return nil, fmt.Errorf("read client cert file failed: %w", err)
|
||||
}
|
||||
clientCert, err := tls.X509KeyPair(certPEM, pem.EncodeToMemory(pemBlock))
|
||||
|
||||
keyData, err := os.ReadFile(rCfg.ClientKeyPath)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "load client cert failed", "error", err)
|
||||
initFailedFlag = true
|
||||
return nil, fmt.Errorf("read private key file failed: %w", err)
|
||||
}
|
||||
certConf.serverName = rCfg.ServerName
|
||||
|
||||
block, _ := pem.Decode(keyData)
|
||||
if block == nil {
|
||||
return nil, fmt.Errorf("failed to decode PEM block from private key")
|
||||
}
|
||||
|
||||
der, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes, []byte(rCfg.ClientKeyPassword))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parse password-protected private key failed: %w", err)
|
||||
}
|
||||
|
||||
privBytes, err := x509.MarshalPKCS8PrivateKey(der)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("marshal private key failed: %w", err)
|
||||
}
|
||||
|
||||
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
|
||||
|
||||
clientCert, err := tls.X509KeyPair(certPEM, keyPEM)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("create x509 key pair failed: %w", err)
|
||||
}
|
||||
|
||||
certConf.clientCert = clientCert
|
||||
if initFailedFlag {
|
||||
return nil, fmt.Errorf("rabbitMQ cert files init failed")
|
||||
}
|
||||
return &certConf, nil
|
||||
return certConf, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue