Separate certificate handler code

kyma-project · May 3, 2024 · 27d7508 · 27d7508
1 parent 9d96561
commit 27d7508
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 14 deletions.
diff --git a/runtime-watcher/internal/cacertificatehandler/ca_certificate_handler.go b/runtime-watcher/internal/cacertificatehandler/ca_certificate_handler.go
@@ -0,0 +1,49 @@
+package cacertificatehandler
+
+import (
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"os"
+
+	"github.com/go-logr/logr"
+)
+
+// TODO: Remove logger after debugging
+func GetCertificatePool(certPath string, logger logr.Logger) (*x509.CertPool, error) {
+	certBytes, err := getCertBytes(certPath)
+	if err != nil {
+		return nil, err
+	}
+	logger.Info("Certificate bytes: " + string(certBytes))
+
+	certificate, err := parseCertificate(certBytes)
+	if err != nil {
+		return nil, err
+	}
+	logger.Info("Certificate:  " + certificate.SerialNumber.String())
+	rootCertPool := x509.NewCertPool()
+	rootCertPool.AddCert(certificate)
+	return rootCertPool, nil
+}
+
+func getCertBytes(certPath string) ([]byte, error) {
+	certBytes, err := os.ReadFile(certPath)
+	if err != nil {
+		msg := "could not load CA certificate"
+		return nil, fmt.Errorf("%s :%w", msg, err)
+	}
+
+	return certBytes, nil
+}
+
+func parseCertificate(certBytes []byte) (*x509.Certificate, error) {
+	publicPemBlock, _ := pem.Decode(certBytes)
+	rootPubCrt, errParse := x509.ParseCertificate(publicPemBlock.Bytes)
+	if errParse != nil {
+		msg := "failed to parse public key"
+		return nil, fmt.Errorf("%s :%w", msg, errParse)
+	}
+
+	return rootPubCrt, nil
+}
diff --git a/runtime-watcher/internal/handler.go b/runtime-watcher/internal/handler.go
@@ -3,14 +3,11 @@ package internal
 import (
 	"bytes"
 	"crypto/tls"
-	"crypto/x509"
 	"encoding/json"
-	"encoding/pem"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
-	"os"
 	"reflect"
 	"strings"
 	"time"
@@ -26,6 +23,7 @@ import (
 	"github.com/go-logr/logr"
 	listenerTypes "github.com/kyma-project/runtime-watcher/listener/pkg/types"
 
+	"github.com/kyma-project/runtime-watcher/skr/internal/cacertificatehandler"
 	"github.com/kyma-project/runtime-watcher/skr/internal/requestparser"
 	"github.com/kyma-project/runtime-watcher/skr/internal/serverconfig"
 	"github.com/kyma-project/runtime-watcher/skr/internal/watchermetrics"
@@ -324,19 +322,11 @@ func (h *Handler) getHTTPSClient() (*http.Client, error) {
 		msg := "could not load tls certificate"
 		return nil, fmt.Errorf("%s :%w", msg, err)
 	}
-	caCertBytes, err := os.ReadFile(h.config.CACertPath)
+
+	rootCertPool, err := cacertificatehandler.GetCertificatePool(h.config.CACertPath, h.logger)
 	if err != nil {
-		msg := "could not load CA certificate"
-		return nil, fmt.Errorf("%s :%w", msg, err)
-	}
-	publicPemBlock, _ := pem.Decode(caCertBytes)
-	rootPubCrt, errParse := x509.ParseCertificate(publicPemBlock.Bytes)
-	if errParse != nil {
-		msg := "failed to parse public key"
-		return nil, fmt.Errorf("%s :%w", msg, errParse)
+		return nil, fmt.Errorf("failed to get certificate pool:%w", err)
 	}
-	rootCertPool := x509.NewCertPool()
-	rootCertPool.AddCert(rootPubCrt)
 
 	httpsClient.Timeout = HTTPTimeout
 	//nolint:gosec