mirror of
https://github.com/minio/minio.git
synced 2025-11-07 12:52:58 -05:00
Remove errors package, add comments and simplify. (#2925)
This commit is contained in:
Harshavardhana
30
cmd/certs.go
30
cmd/certs.go
@@ -19,11 +19,10 @@ package cmd
|
||||
import (
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
// createCertsPath create certs path.
|
||||
@@ -93,46 +92,43 @@ func isSSL() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// Reads certificated file and returns a list of parsed certificates.
|
||||
func readCertificateChain() ([]*x509.Certificate, error) {
|
||||
certPath := filepath.Join(mustGetCertsPath(), globalMinioCertFile)
|
||||
file, err := os.Open(certPath)
|
||||
|
||||
file, err := os.Open(mustGetCertFile())
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "Could not open certificate for reading")
|
||||
return nil, err
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
bytes, err2 := ioutil.ReadAll(file)
|
||||
|
||||
if err2 != nil {
|
||||
return nil, errors.Wrapf(err2, "Could not read certificate contents")
|
||||
// Read the cert successfully.
|
||||
bytes, err := ioutil.ReadAll(file)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Proceed to parse the certificates.
|
||||
return parseCertificateChain(bytes)
|
||||
}
|
||||
|
||||
// Parses certificate chain
|
||||
// Parses certificate chain, returns a list of parsed certificates.
|
||||
func parseCertificateChain(bytes []byte) ([]*x509.Certificate, error) {
|
||||
var certs []*x509.Certificate
|
||||
var block *pem.Block
|
||||
current := bytes
|
||||
|
||||
// Parse all certs in the chain.
|
||||
for len(current) > 0 {
|
||||
block, current = pem.Decode(current)
|
||||
|
||||
if block == nil {
|
||||
return nil, errors.New("Could not PEM block")
|
||||
}
|
||||
|
||||
// Parse the decoded certificate.
|
||||
cert, err := x509.ParseCertificate(block.Bytes)
|
||||
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "Could not parse certficiate")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
certs = append(certs, cert)
|
||||
|
||||
}
|
||||
|
||||
return certs, nil
|
||||
}
|
||||
|
||||
@@ -36,7 +36,7 @@ const (
|
||||
globalMinioCertFile = "public.crt"
|
||||
globalMinioKeyFile = "private.key"
|
||||
globalMinioConfigFile = "config.json"
|
||||
globalMinioCertExpireWarnDays = 30
|
||||
globalMinioCertExpireWarnDays = time.Hour * 24 * 30 // 30 days.
|
||||
// Add new global values here.
|
||||
)
|
||||
|
||||
|
||||
@@ -54,7 +54,9 @@ func printStartupMessage(endPoints []string) {
|
||||
printStorageInfo(objAPI.StorageInfo())
|
||||
}
|
||||
|
||||
if certs, err := readCertificateChain(); err == nil {
|
||||
if isSSL() {
|
||||
certs, err := readCertificateChain()
|
||||
fatalIf(err, "Unable to read certificate chain.")
|
||||
printCertificateMsg(certs)
|
||||
}
|
||||
}
|
||||
@@ -160,22 +162,20 @@ func getCertificateChainMsg(certs []*x509.Certificate) string {
|
||||
msg := colorBlue("\nCertificate expiry info:\n")
|
||||
totalCerts := len(certs)
|
||||
var expiringCerts int
|
||||
|
||||
for i := totalCerts - 1; i >= 0; i-- {
|
||||
cert := certs[i]
|
||||
|
||||
if cert.NotAfter.Before(time.Now().Add(time.Hour * 24 * globalMinioCertExpireWarnDays)) {
|
||||
if cert.NotAfter.Before(time.Now().UTC().Add(globalMinioCertExpireWarnDays)) {
|
||||
expiringCerts++
|
||||
msg += fmt.Sprintf(colorBold("#%d %s will expire on %s\n"), expiringCerts, cert.Subject.CommonName, cert.NotAfter)
|
||||
}
|
||||
}
|
||||
|
||||
if expiringCerts > 0 {
|
||||
return msg
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
// Prints the certificate expiry message.
|
||||
func printCertificateMsg(certs []*x509.Certificate) {
|
||||
console.Println(getCertificateChainMsg(certs))
|
||||
}
|
||||
|
||||
@@ -47,10 +47,10 @@ func TestStorageInfoMsg(t *testing.T) {
|
||||
// Tests if certificate expiry warning will be printed
|
||||
func TestCertificateExpiryInfo(t *testing.T) {
|
||||
// given
|
||||
var expiredDate = time.Now().Add(time.Hour * 24 * (globalMinioCertExpireWarnDays - 1))
|
||||
var expiredDate = time.Now().Add(time.Hour * 24 * (30 - 1)) // 29 days.
|
||||
|
||||
var fakeCerts = []*x509.Certificate{
|
||||
&x509.Certificate{
|
||||
{
|
||||
NotAfter: expiredDate,
|
||||
Subject: pkix.Name{
|
||||
CommonName: "Test cert",
|
||||
@@ -61,10 +61,10 @@ func TestCertificateExpiryInfo(t *testing.T) {
|
||||
expectedMsg := colorBlue("\nCertificate expiry info:\n") +
|
||||
colorBold(fmt.Sprintf("#1 Test cert will expire on %s\n", expiredDate))
|
||||
|
||||
// when
|
||||
// When
|
||||
msg := getCertificateChainMsg(fakeCerts)
|
||||
|
||||
// then
|
||||
// Then
|
||||
if msg != expectedMsg {
|
||||
t.Fatalf("Expected message was: %s, got: %s", expectedMsg, msg)
|
||||
}
|
||||
@@ -73,10 +73,10 @@ func TestCertificateExpiryInfo(t *testing.T) {
|
||||
// Tests if certificate expiry warning will not be printed if certificate not expired
|
||||
func TestCertificateNotExpired(t *testing.T) {
|
||||
// given
|
||||
var expiredDate = time.Now().Add(time.Hour * 24 * (globalMinioCertExpireWarnDays + 1))
|
||||
var expiredDate = time.Now().Add(time.Hour * 24 * (30 + 1)) // 31 days.
|
||||
|
||||
var fakeCerts = []*x509.Certificate{
|
||||
&x509.Certificate{
|
||||
{
|
||||
NotAfter: expiredDate,
|
||||
Subject: pkix.Name{
|
||||
CommonName: "Test cert",
|
||||
|
||||
Reference in New Issue
Block a user