(ctx context.Context)
| 82 | } |
| 83 | |
| 84 | func (c *commandServerStart) maybeGenerateTLS(ctx context.Context) error { |
| 85 | if !c.serverStartTLSGenerateCert || c.serverStartTLSCertFile == "" || c.serverStartTLSKeyFile == "" { |
| 86 | return nil |
| 87 | } |
| 88 | |
| 89 | if _, err := os.Stat(c.serverStartTLSCertFile); err == nil { |
| 90 | return errors.Errorf("TLS cert file already exists: %q", c.serverStartTLSCertFile) |
| 91 | } |
| 92 | |
| 93 | if _, err := os.Stat(c.serverStartTLSKeyFile); err == nil { |
| 94 | return errors.Errorf("TLS key file already exists: %q", c.serverStartTLSKeyFile) |
| 95 | } |
| 96 | |
| 97 | cert, key, err := c.generateServerCertificate(ctx) |
| 98 | if err != nil { |
| 99 | return errors.Wrap(err, "unable to generate server cert") |
| 100 | } |
| 101 | |
| 102 | fingerprint := sha256.Sum256(cert.Raw) |
| 103 | fmt.Fprintf(c.out.stderr(), "SERVER CERT SHA256: %v\n", hex.EncodeToString(fingerprint[:])) //nolint:errcheck |
| 104 | |
| 105 | log(ctx).Infof("writing TLS certificate to %v", c.serverStartTLSCertFile) |
| 106 | |
| 107 | if err := tlsutil.WriteCertificateToFile(c.serverStartTLSCertFile, cert); err != nil { |
| 108 | return errors.Wrap(err, "unable to write private key") |
| 109 | } |
| 110 | |
| 111 | log(ctx).Infof("writing TLS private key to %v", c.serverStartTLSKeyFile) |
| 112 | |
| 113 | if err := tlsutil.WritePrivateKeyToFile(c.serverStartTLSKeyFile, key); err != nil { |
| 114 | return errors.Wrap(err, "unable to write private key") |
| 115 | } |
| 116 | |
| 117 | return nil |
| 118 | } |
| 119 | |
| 120 | func (c *commandServerStart) startServerWithOptionalTLSAndListener(ctx context.Context, httpServer *http.Server, listener net.Listener) error { |
| 121 | if err := c.maybeGenerateTLS(ctx); err != nil { |
no test coverage detected