Refactor AMQPS config to be all-optional, and style updates.

2015-06-22 08:15:10 -07:00 · 2015-06-22 08:15:10 -07:00 · a54f18f3d0
parent 503bbe4254
commit a54f18f3d0
1 changed files with 47 additions and 36 deletions
--- a/cmd/shell.go
+++ b/cmd/shell.go
@ -131,9 +131,9 @@ type Config struct {

 // TLSConfig reprents certificates and a key for authenticated TLS.
 type TLSConfig struct {
-	CertFile   string
-	KeyFile    string
-	CACertFile *string // Optional
+	CertFile   *string
+	KeyFile    *string
+	CACertFile *string
 }

 // Queue describes a queue name
@ -208,50 +208,61 @@ func FailOnError(err error, msg string) {
 // more aggressive error dropping
 func AmqpChannel(conf Config) (*amqp.Channel, error) {
 	var conn *amqp.Connection
+	var err error
+
+	log := blog.GetAuditLogger()

 	if conf.AMQP.TLS == nil {
-		// Configuration did not specify SSL options
-		conn, err := amqp.Dial(conf.AMQP.Server)
-		if err != nil {
+		// Configuration did not specify TLS options, but Dial will
+		// use TLS anyway if the URL scheme is "amqps"
+		conn, err = amqp.Dial(conf.AMQP.Server)
+
+	} else {
+		// They provided TLS options, so let's load them.
+		log.Info("AMQPS: Loading TLS Options.")
+
+		if strings.HasPrefix(conf.AMQP.Server, "amqps") == false {
+			err = fmt.Errorf("AMQPS: TLS configuration provided, but not using an AMQPS URL")
 			return nil, err
 		}

-		return conn.Channel()
-	}
+		cfg := new(tls.Config)

-	// They provided SSL options, so let's load them.
-	blog.GetAuditLogger().Info("Loading SSL Options.")
+		// If the configuration specified a certificate (or key), load them
+		if conf.AMQP.TLS.CertFile != nil || conf.AMQP.TLS.KeyFile != nil {
+			// But they have to give both.
+			if conf.AMQP.TLS.CertFile == nil || conf.AMQP.TLS.KeyFile == nil {
+				err = fmt.Errorf("AMQPS: You must set both of the configuration values AMQP.TLS.KeyFile and AMQP.TLS.CertFile.")
+				return nil, err
+			}

-	if strings.HasPrefix(conf.AMQP.Server, "amqps") == false {
-		err := fmt.Errorf("SSL configuration provided, but not using an AMQPS URL")
-		return nil, err
-	}
-	if len(conf.AMQP.TLS.CertFile) == 0 || len(conf.AMQP.TLS.KeyFile) == 0 {
-		err := fmt.Errorf("Configuration values AMQP.SSL.KeyFile and AMQP.SSL.CertFile may not be nil.")
-		return nil, err
-	}
+			cert, err := tls.LoadX509KeyPair(*conf.AMQP.TLS.CertFile, *conf.AMQP.TLS.KeyFile)
+			if err != nil {
+				err = fmt.Errorf("AMQPS: Could not load Client Certificate or Key: %s", err)
+				return nil, err
+			}

-	cfg := new(tls.Config)
-
-	cert, err := tls.LoadX509KeyPair(conf.AMQP.TLS.CertFile, conf.AMQP.TLS.KeyFile)
-	if err != nil {
-		err = fmt.Errorf("Could not load Client Certificate or Key: %s", err)
-		return nil, err
-	}
-	cfg.Certificates = append(cfg.Certificates, cert)
-
-	if conf.AMQP.TLS.CACertFile != nil {
-		cfg.RootCAs = x509.NewCertPool()
-
-		ca, err := ioutil.ReadFile(*conf.AMQP.TLS.CACertFile)
-		if err != nil {
-			err = fmt.Errorf("Could not load CA Certificate: %s", err)
-			return nil, err
+			log.Info("AMQPS: Configured client certificate for AMQPS.")
+			cfg.Certificates = append(cfg.Certificates, cert)
 		}
-		cfg.RootCAs.AppendCertsFromPEM(ca)
+
+		// If the configuration specified a CA certificate, make it the only
+		// available root.
+		if conf.AMQP.TLS.CACertFile != nil {
+			cfg.RootCAs = x509.NewCertPool()
+
+			ca, err := ioutil.ReadFile(*conf.AMQP.TLS.CACertFile)
+			if err != nil {
+				err = fmt.Errorf("AMQPS: Could not load CA Certificate: %s", err)
+				return nil, err
+			}
+			cfg.RootCAs.AppendCertsFromPEM(ca)
+			log.Info("AMQPS: Configured CA certificate for AMQPS.")
+		}
+
+		conn, err = amqp.DialTLS(conf.AMQP.Server, cfg)
 	}

-	conn, err = amqp.DialTLS(conf.AMQP.Server, cfg)
 	if err != nil {
 		return nil, err
 	}