Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add acceptor support for receiving pre-loaded certificates #284

Merged
merged 4 commits into from
May 2, 2023
Merged

Add acceptor support for receiving pre-loaded certificates #284

merged 4 commits into from
May 2, 2023

Conversation

felippeduran
Copy link
Member

This MR exposes a new constructor for the TCP acceptor that allows for pre-loaded certificates as arguments.

It also refactors internal code in order to make sure the new constructor is used by the old one and make appropriate changes to store a list of pre-loaded certificates instead of a certFile/certKey pair.

Tests were changed accordingly.

You could say that there's a tiny API change, which is that the NewTCPAcceptor might now panic if the provided certificate file paths are invalid, but it doesn't seem to me as something that relevant as its actually related to a failed initialization case where pitaya would panic somewhere else anyway (inside ListenAndServeTLS).

@coveralls
Copy link

coveralls commented Aug 15, 2022
edited
Loading

Pull Request Test Coverage Report for Build 4862396700

  • 14 of 15 (93.33%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.1%) to 62.056%
Changes Missing Coverage Covered Lines Changed/Added Lines %
acceptor/tcp_acceptor.go 14 15 93.33%
Totals Coverage Status
Change from base Build 4142734964: 0.1%
Covered Lines: 4720
Relevant Lines: 7606
💛 - Coveralls

vitorbaraujo
vitorbaraujo reviewed Mar 22, 2023
View reviewed changes
acceptor/tcp_acceptor.go Outdated Show resolved Hide resolved
acceptor/tcp_acceptor.go
keyFile = certs[1]
cert, err := tls.LoadX509KeyPair(certs[0], certs[1])
if err != nil {
panic(constants.ErrInvalidCertificates)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be good to add a test validating this behavior.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are some already: https://github.com/topfreegames/pitaya/pull/284/files#diff-91d8960c4bbf5e4ec59f1cc6232c15ea612244fef31e5a2e8c49edbd4c348997L52

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These current tests only seem to assert the case when it panics when len(certs) is 0 or different than 2. I believe we need to add a new entry to the test table with two invalid entries in certs so it tries to load the certificate and then panics.

rsafonseca
rsafonseca reviewed Apr 11, 2023
View reviewed changes
acceptor/tcp_acceptor.go
@@ -117,13 +121,13 @@ func (a *TCPAcceptor) Stop() {
}

func (a *TCPAcceptor) hasTLSCertificates() bool {
return a.certFile != "" && a.keyFile != ""
return len(a.certs) > 0
Copy link
Contributor

@rsafonseca rsafonseca Apr 11, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be == 2 ? Otherwise it will return true if it only has 1 cert or if it has 10

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I recall correctly, I think that the TLS API supports multiple certificates. So in order to make the "new" tcp acceptor API fully functional, I left it as a more generic checking.

The constraint for 2 files is only related to the "legacy" API that loads the files itself. I think we can remove this altogether in the future, making the code much more generic.

What do you think?

rsafonseca
rsafonseca reviewed Apr 11, 2023
View reviewed changes
acceptor/tcp_acceptor.go Outdated
return NewTCP(addr, certificates...)
}

func NewTCP(addr string, certs ...tls.Certificate) *TCPAcceptor {
Copy link
Contributor

@rsafonseca rsafonseca Apr 11, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This name seems fairly ambiguous, could we name it something like NewTLSAcceptor or something like that?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good question, I always struggle with naming in Golang.

I defined it as NewTCP so that it doesn't stutter when we have it on code like acceptor.NewTCP (instead of acceptor.NewTCPAcceptor). The more verbose option would also conflict with the previous existing definition.

Another option could be NewTCPWithCertificates.

What do you think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the current naming standards, I agree with Rafa on changing to NewTLSAcceptor

@felipejfc
Copy link
Contributor

@felippeduran can you fix the conflicts?

@reinaldooli reinaldooli merged commit c89065f into main May 2, 2023
4 checks passed
@reinaldooli reinaldooli deleted the feature/tls-certificates branch May 2, 2023 16:47
kekocola added a commit to kekocola/pitaya that referenced this pull request Oct 6, 2023
@kekocola
Squashed commit of the following:
d0d1f88 
commit f363e48
Author: Felipe Cavalcanti <fjfcavalcanti@gmail.com>
Date:   Tue May 9 19:35:53 2023 -0300

    fix for issues topfreegames#304 and topfreegames#303

commit c89065f
Merge: 8c6c7bc a318fda
Author: Reinaldo Oliveira <reinaldo.oliveira@wildlifestudios.com>
Date:   Tue May 2 13:47:00 2023 -0300

    Merge pull request topfreegames#284 from topfreegames/feature/tls-certificates

    Add acceptor support for receiving pre-loaded certificates

commit a318fda
Author: Reinaldo Oliveira <reinaldo.oliveira@wildlifestudios.com>
Date:   Tue May 2 11:29:40 2023 -0300

    Rename NewTCP to NewTLSAcceptor

commit 1cc28ec
Author: Reinaldo Oliveira <reinaldo.oliveira@wildlifestudios.com>
Date:   Thu Mar 23 15:04:35 2023 -0300

    Add a testcase to TCP Acceptor function
kekocola added a commit to kekocola/pitaya that referenced this pull request Oct 6, 2023
@kekocola
Squashed commit of the following:
3ea7b45 
commit f363e48
Author: Felipe Cavalcanti <fjfcavalcanti@gmail.com>
Date:   Tue May 9 19:35:53 2023 -0300

    fix for issues topfreegames#304 and topfreegames#303

commit c89065f
Merge: 8c6c7bc a318fda
Author: Reinaldo Oliveira <reinaldo.oliveira@wildlifestudios.com>
Date:   Tue May 2 13:47:00 2023 -0300

    Merge pull request topfreegames#284 from topfreegames/feature/tls-certificates

    Add acceptor support for receiving pre-loaded certificates

commit a318fda
Author: Reinaldo Oliveira <reinaldo.oliveira@wildlifestudios.com>
Date:   Tue May 2 11:29:40 2023 -0300

    Rename NewTCP to NewTLSAcceptor

commit 1cc28ec
Author: Reinaldo Oliveira <reinaldo.oliveira@wildlifestudios.com>
Date:   Thu Mar 23 15:04:35 2023 -0300

    Add a testcase to TCP Acceptor function
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reinaldooli reinaldooli reinaldooli left review comments

@rsafonseca rsafonseca rsafonseca left review comments

@felipejfc felipejfc felipejfc approved these changes

@vitorbaraujo vitorbaraujo vitorbaraujo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@felippeduran @coveralls @felipejfc @reinaldooli @rsafonseca @vitorbaraujo