rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-04-27 19:25:44 +00:00
Code Issues Releases Wiki Activity

Improve logging when using custom certs

Browse Source
This commit is contained in:
Sebastiaan van Steenis 2021-01-21 23:09:09 +01:00
parent e395badf82
commit f885ebbaa1
1 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pki/util.go
View File

@ -592,18 +592,20 @@ func ReadCertsAndKeysFromDir(certDir string) (map[string]CertificatePKI, error)
for _, file := range files {
logrus.Debugf("[certificates] reading file %s from directory [%s]", file.Name(), certDir)
// fetching cert
cert, err := getCertFromFile(certDir, file.Name())
if err != nil {
continue
if !strings.HasSuffix(file.Name(), "-key.pem") && !strings.HasSuffix(file.Name(), "-csr.pem") {
// fetching cert
cert, err := getCertFromFile(certDir, file.Name())
if err != nil {
return nil, err
}
// fetching the cert's key
certName := strings.TrimSuffix(file.Name(), ".pem")
key, err := getKeyFromFile(certDir, certName+"-key.pem")
if err != nil {
return nil, err
}
certMap[certName] = ToCertObject(certName, getCommonName(certName), getOUName(certName), cert, key, nil)
}
// fetching the cert's key
certName := strings.TrimSuffix(file.Name(), ".pem")
key, err := getKeyFromFile(certDir, certName+"-key.pem")
if err != nil {
continue
}
certMap[certName] = ToCertObject(certName, getCommonName(certName), getOUName(certName), cert, key, nil)
}
return certMap, nil
@ -633,6 +635,7 @@ func getCertFromFile(certDir string, fileName string) (*x509.Certificate, error)
var certificate *x509.Certificate
certPEM, _ := ioutil.ReadFile(filepath.Join(certDir, fileName))
if len(certPEM) > 0 {
logrus.Debugf("Certificate file [%s/%s] content is greater than 0", certDir, fileName)
certificates, err := cert.ParseCertsPEM(certPEM)
if err != nil {
return nil, fmt.Errorf("failed to read certificate [%s]: %v", fileName, err)
@ -648,7 +651,7 @@ func getKeyFromFile(certDir string, fileName string) (*rsa.PrivateKey, error) {
if len(keyPEM) > 0 {
keyInterface, err := cert.ParsePrivateKeyPEM(keyPEM)
if err != nil {
return nil, fmt.Errorf("failed to read key [%s]: %v", fileName, err)
return nil, fmt.Errorf("failed to read key [%s], make sure it is not encrypted: %v", fileName, err)
}
key = keyInterface.(*rsa.PrivateKey)
}