From f45b7d5fa4cb7130f9b8466e8a047d44cca723f9 Mon Sep 17 00:00:00 2001 From: douxu Date: Wed, 4 Feb 2026 17:43:09 +0800 Subject: [PATCH] optimize code of init rabbitmq connect func --- mq/rabbitmq_init.go | 79 ++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 40 deletions(-) diff --git a/mq/rabbitmq_init.go b/mq/rabbitmq_init.go index 9866f93..9eaa9f5 100644 --- a/mq/rabbitmq_init.go +++ b/mq/rabbitmq_init.go @@ -48,9 +48,9 @@ func GetConn() *amqp.Connection { // InitRabbitProxy return instance of rabbitMQ connection func InitRabbitProxy(ctx context.Context, rCfg config.RabbitMQConfig) *RabbitMQProxy { amqpURI := generateRabbitMQURI(rCfg) - certConf, err := readCertFiles(ctx, rCfg) + certConf, err := initCertConf(rCfg) if err != nil { - logger.Error(ctx, "read rabbitMQ cert files failed", "error", err) + logger.Error(ctx, "init rabbitMQ cert config failed", "error", err) panic(err) } rabbitMQOnce.Do(func() { @@ -63,7 +63,7 @@ func InitRabbitProxy(ctx context.Context, rCfg config.RabbitMQConfig) *RabbitMQP // initRabbitMQ return instance of rabbitMQ connection func initRabbitMQ(ctx context.Context, rabbitMQURI string, certConf *RabbitMQCertConf) *amqp.Connection { - logger.Info(ctx, fmt.Sprintf("connecting to rabbitMQ server at: %s", rabbitMQURI)) + logger.Info(ctx, "connecting to rabbitMQ server", "rabbit_uri", rabbitMQURI) tlsConfig := &tls.Config{ Certificates: []tls.Certificate{certConf.clientCert}, @@ -78,7 +78,7 @@ func initRabbitMQ(ctx context.Context, rabbitMQURI string, certConf *RabbitMQCer Heartbeat: 10 * time.Second, }) if err != nil { - logger.Error(ctx, "Error opening connection: ", "error", err) + logger.Error(ctx, "init rabbitMQ connection failed", "error", err) } defer conn.Close() @@ -131,55 +131,54 @@ func generateRabbitMQURI(rCfg config.RabbitMQConfig) string { return amqpURI } -func readCertFiles(ctx context.Context, rCfg config.RabbitMQConfig) (*RabbitMQCertConf, error) { - var initFailedFlag bool - certConf := RabbitMQCertConf{ +func initCertConf(rCfg config.RabbitMQConfig) (*RabbitMQCertConf, error) { + certConf := &RabbitMQCertConf{ insecureSkipVerify: rCfg.InsecureSkipVerify, + serverName: rCfg.ServerName, } caCert, err := os.ReadFile(rCfg.CACertPath) if err != nil { - logger.Error(ctx, "read server ca file failed", "error", err) - initFailedFlag = true + return nil, fmt.Errorf("read server ca file failed: %w", err) } caCertPool := x509.NewCertPool() - caCertPool.AppendCertsFromPEM(caCert) + if ok := caCertPool.AppendCertsFromPEM(caCert); !ok { + return nil, fmt.Errorf("failed to parse root certificate from %s", rCfg.CACertPath) + } certConf.caCertPool = caCertPool - keyData, err := os.ReadFile(rCfg.ClientKeyPath) - if err != nil { - logger.Error(ctx, "read private key file failed", "error", err) - initFailedFlag = true - } - - block, _ := pem.Decode(keyData) - privateKey, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes, []byte(rCfg.ClientKeyPassword)) - if err != nil { - logger.Error(ctx, "parse private key failed", "error", err) - initFailedFlag = true - } - - pemBytes, err := x509.MarshalPKCS8PrivateKey(privateKey) - if err != nil { - logger.Error(ctx, "parse private key failed", "error", err) - initFailedFlag = true - } - pemBlock := &pem.Block{Type: "PRIVATE KEY", Bytes: pemBytes} - certPEM, err := os.ReadFile(rCfg.ClientCertPath) if err != nil { - logger.Error(ctx, "parse private key failed", "error", err) - initFailedFlag = true + return nil, fmt.Errorf("read client cert file failed: %w", err) } - clientCert, err := tls.X509KeyPair(certPEM, pem.EncodeToMemory(pemBlock)) + + keyData, err := os.ReadFile(rCfg.ClientKeyPath) if err != nil { - logger.Error(ctx, "load client cert failed", "error", err) - initFailedFlag = true + return nil, fmt.Errorf("read private key file failed: %w", err) } - certConf.serverName = rCfg.ServerName + + block, _ := pem.Decode(keyData) + if block == nil { + return nil, fmt.Errorf("failed to decode PEM block from private key") + } + + der, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes, []byte(rCfg.ClientKeyPassword)) + if err != nil { + return nil, fmt.Errorf("parse password-protected private key failed: %w", err) + } + + privBytes, err := x509.MarshalPKCS8PrivateKey(der) + if err != nil { + return nil, fmt.Errorf("marshal private key failed: %w", err) + } + + keyPEM := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}) + + clientCert, err := tls.X509KeyPair(certPEM, keyPEM) + if err != nil { + return nil, fmt.Errorf("create x509 key pair failed: %w", err) + } + certConf.clientCert = clientCert - if initFailedFlag { - return nil, fmt.Errorf("rabbitMQ cert files init failed") - } - return &certConf, nil + return certConf, nil }