proxy: bring back auto tls cert creation (#44)

pingcap · Aug 18, 2022 · 9d6726a · 9d6726a
1 parent d6a5878
commit 9d6726a
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 8 deletions.
diff --git a/pkg/config/proxy.go b/pkg/config/proxy.go
@@ -97,8 +97,9 @@ func (c TLSCert) HasCA() bool {
 }
 
 type Security struct {
-	Server  TLSCert `toml:"server" json:"server"`
-	Cluster TLSCert `toml:"cluster" json:"cluster"`
+	RSAKeySize int     `toml:"rsa-key-size" json:"rsa-key-size"`
+	Server     TLSCert `toml:"server" json:"server"`
+	Cluster    TLSCert `toml:"cluster" json:"cluster"`
 }
 
 func NewConfig(data []byte) (*Config, error) {

diff --git a/pkg/config/proxy_test.go b/pkg/config/proxy_test.go
@@ -45,6 +45,7 @@ var testProxyConfig = Config{
 		},
 	},
 	Security: Security{
+		RSAKeySize: 64,
 		Server: TLSCert{
 			CA:   "a",
 			Cert: "b",

diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
@@ -51,7 +51,7 @@ type SQLServer struct {
 }
 
 // NewSQLServer creates a new SQLServer.
-func NewSQLServer(logger *zap.Logger, cfg config.ProxyServer, scfg config.Security, nsmgr *mgrns.NamespaceManager) (*SQLServer, error) {
+func NewSQLServer(logger *zap.Logger, workdir string, cfg config.ProxyServer, scfg config.Security, nsmgr *mgrns.NamespaceManager) (*SQLServer, error) {
 	var err error
 
 	s := &SQLServer{
@@ -65,7 +65,7 @@ func NewSQLServer(logger *zap.Logger, cfg config.ProxyServer, scfg config.Securi
 		},
 	}
 
-	if s.serverTLSConfig, err = security.CreateServerTLSConfig(scfg.Server.CA, scfg.Server.Key, scfg.Server.Cert); err != nil {
+	if s.serverTLSConfig, err = security.CreateServerTLSConfig(scfg.Server.CA, scfg.Server.Key, scfg.Server.Cert, scfg.RSAKeySize, workdir); err != nil {
 		return nil, err
 	}
 	if s.clusterTLSConfig, err = security.CreateClientTLSConfig(scfg.Cluster.CA, scfg.Cluster.Key, scfg.Cluster.Cert); err != nil {

diff --git a/pkg/server/server.go b/pkg/server/server.go
@@ -160,7 +160,7 @@ func NewServer(ctx context.Context, cfg *config.Config, logger *zap.Logger, name
 
 	// setup proxy server
 	{
-		srv.Proxy, err = proxy.NewSQLServer(logger.Named("proxy"), cfg.Proxy, cfg.Security, srv.NamespaceManager)
+		srv.Proxy, err = proxy.NewSQLServer(logger.Named("proxy"), cfg.Workdir, cfg.Proxy, cfg.Security, srv.NamespaceManager)
 		if err != nil {
 			err = errors.WithStack(err)
 			return

diff --git a/pkg/util/security/tls.go b/pkg/util/security/tls.go
@@ -34,10 +34,13 @@ import (
 )
 
 // CreateServerTLSConfig creates a tlsConfig that is used to connect to the client.
-func CreateServerTLSConfig(ca, key, cert string) (tlsConfig *tls.Config, err error) {
+func CreateServerTLSConfig(ca, key, cert string, rsaKeySize int, workdir string) (tlsConfig *tls.Config, err error) {
 	if len(cert) == 0 || len(key) == 0 {
-		cert = filepath.Join(cert, "cert.pem")
-		key = filepath.Join(key, "key.pem")
+		cert = filepath.Join(workdir, "cert.pem")
+		key = filepath.Join(workdir, "key.pem")
+		if err := createTLSCertificates(cert, key, rsaKeySize); err != nil {
+			return nil, err
+		}
 	}
 
 	var tlsCert tls.Certificate