CL-Softwares
/
modelRT
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: CL-Softwares:581153ed8d5b964e82c52b873b9d56cfebbd04e9
Branches Tags
CL-Softwares:develop
CL-Softwares:feature/bay-realtime-data-calc
CL-Softwares:feature-jointDebuggingDemo
CL-Softwares:feature-attrsKey
CL-Softwares:feature-cgo
CL-Softwares:feature-demo
CL-Softwares:feature-panelDataCommunication
CL-Softwares:feature-circuitUpdate
CL-Softwares:feature-realTimeData
CL-Softwares:feature-loadCircuitDiagram
..
compare: CL-Softwares:9be984899cace942cccfeb72ec96213238bb034c
Branches Tags
CL-Softwares:feature/bay-realtime-data-calc
CL-Softwares:develop
CL-Softwares:feature-jointDebuggingDemo
CL-Softwares:feature-attrsKey
CL-Softwares:feature-cgo
CL-Softwares:feature-demo
CL-Softwares:feature-panelDataCommunication
CL-Softwares:feature-circuitUpdate
CL-Softwares:feature-realTimeData
CL-Softwares:feature-loadCircuitDiagram

No commits in common. "581153ed8d5b964e82c52b873b9d56cfebbd04e9" and "9be984899cace942cccfeb72ec96213238bb034c" have entirely different histories.
581153ed8d ... 9be984899c

2 changed files with 32 additions and 32 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -27,4 +27,3 @@ go.work
/log/ /log/
# Shield config files in the configs folder # Shield config files in the configs folder
/configs/**/*.yaml /configs/**/*.yaml
/configs/**/*.pem

63
mq/rabbitmq_init.go
View File

@ -48,9 +48,9 @@ func GetConn() *amqp.Connection {
// InitRabbitProxy return instance of rabbitMQ connection // InitRabbitProxy return instance of rabbitMQ connection
func InitRabbitProxy(ctx context.Context, rCfg config.RabbitMQConfig) *RabbitMQProxy { func InitRabbitProxy(ctx context.Context, rCfg config.RabbitMQConfig) *RabbitMQProxy {
amqpURI := generateRabbitMQURI(rCfg) amqpURI := generateRabbitMQURI(rCfg)
certConf, err := initCertConf(rCfg) certConf, err := readCertFiles(ctx, rCfg)
if err != nil { if err != nil {
logger.Error(ctx, "init rabbitMQ cert config failed", "error", err) logger.Error(ctx, "read rabbitMQ cert files failed", "error", err)
panic(err) panic(err)
} }
rabbitMQOnce.Do(func() { rabbitMQOnce.Do(func() {
@ -63,7 +63,7 @@ func InitRabbitProxy(ctx context.Context, rCfg config.RabbitMQConfig) *RabbitMQP
// initRabbitMQ return instance of rabbitMQ connection // initRabbitMQ return instance of rabbitMQ connection
func initRabbitMQ(ctx context.Context, rabbitMQURI string, certConf *RabbitMQCertConf) *amqp.Connection { func initRabbitMQ(ctx context.Context, rabbitMQURI string, certConf *RabbitMQCertConf) *amqp.Connection {
logger.Info(ctx, "connecting to rabbitMQ server", "rabbit_uri", rabbitMQURI) logger.Info(ctx, fmt.Sprintf("connecting to rabbitMQ server at: %s", rabbitMQURI))
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
Certificates: []tls.Certificate{certConf.clientCert}, Certificates: []tls.Certificate{certConf.clientCert},
@ -78,7 +78,7 @@ func initRabbitMQ(ctx context.Context, rabbitMQURI string, certConf *RabbitMQCer
Heartbeat: 10 * time.Second, Heartbeat: 10 * time.Second,
}) })
if err != nil { if err != nil {
logger.Error(ctx, "init rabbitMQ connection failed", "error", err) logger.Error(ctx, "Error opening connection: ", "error", err)
} }
defer conn.Close() defer conn.Close()
@ -131,54 +131,55 @@ func generateRabbitMQURI(rCfg config.RabbitMQConfig) string {
return amqpURI return amqpURI
} }
func initCertConf(rCfg config.RabbitMQConfig) (*RabbitMQCertConf, error) { func readCertFiles(ctx context.Context, rCfg config.RabbitMQConfig) (*RabbitMQCertConf, error) {
certConf := &RabbitMQCertConf{ var initFailedFlag bool
certConf := RabbitMQCertConf{
insecureSkipVerify: rCfg.InsecureSkipVerify, insecureSkipVerify: rCfg.InsecureSkipVerify,
serverName: rCfg.ServerName,
} }
caCert, err := os.ReadFile(rCfg.CACertPath) caCert, err := os.ReadFile(rCfg.CACertPath)
if err != nil { if err != nil {
return nil, fmt.Errorf("read server ca file failed: %w", err) logger.Error(ctx, "read server ca file failed", "error", err)
initFailedFlag = true
} }
caCertPool := x509.NewCertPool() caCertPool := x509.NewCertPool()
if ok := caCertPool.AppendCertsFromPEM(caCert); !ok { caCertPool.AppendCertsFromPEM(caCert)
return nil, fmt.Errorf("failed to parse root certificate from %s", rCfg.CACertPath)
}
certConf.caCertPool = caCertPool certConf.caCertPool = caCertPool
certPEM, err := os.ReadFile(rCfg.ClientCertPath)
if err != nil {
return nil, fmt.Errorf("read client cert file failed: %w", err)
}
keyData, err := os.ReadFile(rCfg.ClientKeyPath) keyData, err := os.ReadFile(rCfg.ClientKeyPath)
if err != nil { if err != nil {
return nil, fmt.Errorf("read private key file failed: %w", err) logger.Error(ctx, "read private key file failed", "error", err)
initFailedFlag = true
} }
block, _ := pem.Decode(keyData) block, _ := pem.Decode(keyData)
if block == nil { privateKey, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes, []byte(rCfg.ClientKeyPassword))
return nil, fmt.Errorf("failed to decode PEM block from private key")
}
der, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes, []byte(rCfg.ClientKeyPassword))
if err != nil { if err != nil {
return nil, fmt.Errorf("parse password-protected private key failed: %w", err) logger.Error(ctx, "parse private key failed", "error", err)
initFailedFlag = true
} }
privBytes, err := x509.MarshalPKCS8PrivateKey(der) pemBytes, err := x509.MarshalPKCS8PrivateKey(privateKey)
if err != nil { if err != nil {
return nil, fmt.Errorf("marshal private key failed: %w", err) logger.Error(ctx, "parse private key failed", "error", err)
initFailedFlag = true
} }
pemBlock := &pem.Block{Type: "PRIVATE KEY", Bytes: pemBytes}
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}) certPEM, err := os.ReadFile(rCfg.ClientCertPath)
clientCert, err := tls.X509KeyPair(certPEM, keyPEM)
if err != nil { if err != nil {
return nil, fmt.Errorf("create x509 key pair failed: %w", err) logger.Error(ctx, "parse private key failed", "error", err)
initFailedFlag = true
} }
clientCert, err := tls.X509KeyPair(certPEM, pem.EncodeToMemory(pemBlock))
if err != nil {
logger.Error(ctx, "load client cert failed", "error", err)
initFailedFlag = true
}
certConf.serverName = rCfg.ServerName
certConf.clientCert = clientCert certConf.clientCert = clientCert
return certConf, nil if initFailedFlag {
return nil, fmt.Errorf("rabbitMQ cert files init failed")
}
return &certConf, nil
} }