mirror of
https://github.com/XTLS/Xray-core.git
synced 2025-04-30 17:38:41 +00:00
Refactor log (#3446)
* Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot
This commit is contained in:
yuhan6665
GitHub
parent
8320732743
commit
079d0bd8a9
291 changed files with 1837 additions and 2368 deletions
|
|
@ -1,6 +1,7 @@
|
|||
package tls
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/hmac"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
|
|
@ -10,6 +11,7 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/xtls/xray-core/common/errors"
|
||||
"github.com/xtls/xray-core/common/net"
|
||||
"github.com/xtls/xray-core/common/ocsp"
|
||||
"github.com/xtls/xray-core/common/platform/filesystem"
|
||||
|
|
@ -35,7 +37,7 @@ func (c *Config) loadSelfCertPool() (*x509.CertPool, error) {
|
|||
root := x509.NewCertPool()
|
||||
for _, cert := range c.Certificate {
|
||||
if !root.AppendCertsFromPEM(cert.Certificate) {
|
||||
return nil, newError("failed to append cert").AtWarning()
|
||||
return nil, errors.New("failed to append cert").AtWarning()
|
||||
}
|
||||
}
|
||||
return root, nil
|
||||
|
|
@ -50,12 +52,12 @@ func (c *Config) BuildCertificates() []*tls.Certificate {
|
|||
}
|
||||
keyPair, err := tls.X509KeyPair(entry.Certificate, entry.Key)
|
||||
if err != nil {
|
||||
newError("ignoring invalid X509 key pair").Base(err).AtWarning().WriteToLog()
|
||||
errors.LogWarningInner(context.Background(), err, "ignoring invalid X509 key pair")
|
||||
continue
|
||||
}
|
||||
keyPair.Leaf, err = x509.ParseCertificate(keyPair.Certificate[0])
|
||||
if err != nil {
|
||||
newError("ignoring invalid certificate").Base(err).AtWarning().WriteToLog()
|
||||
errors.LogWarningInner(context.Background(), err, "ignoring invalid certificate")
|
||||
continue
|
||||
}
|
||||
certs = append(certs, &keyPair)
|
||||
|
|
@ -73,25 +75,25 @@ func (c *Config) BuildCertificates() []*tls.Certificate {
|
|||
if entry.CertificatePath != "" && entry.KeyPath != "" {
|
||||
newCert, err := filesystem.ReadFile(entry.CertificatePath)
|
||||
if err != nil {
|
||||
newError("failed to parse certificate").Base(err).AtError().WriteToLog()
|
||||
errors.LogErrorInner(context.Background(), err, "failed to parse certificate")
|
||||
<-t.C
|
||||
continue
|
||||
}
|
||||
newKey, err := filesystem.ReadFile(entry.KeyPath)
|
||||
if err != nil {
|
||||
newError("failed to parse key").Base(err).AtError().WriteToLog()
|
||||
errors.LogErrorInner(context.Background(), err, "failed to parse key")
|
||||
<-t.C
|
||||
continue
|
||||
}
|
||||
if string(newCert) != string(entry.Certificate) && string(newKey) != string(entry.Key) {
|
||||
newKeyPair, err := tls.X509KeyPair(newCert, newKey)
|
||||
if err != nil {
|
||||
newError("ignoring invalid X509 key pair").Base(err).AtError().WriteToLog()
|
||||
errors.LogErrorInner(context.Background(), err, "ignoring invalid X509 key pair")
|
||||
<-t.C
|
||||
continue
|
||||
}
|
||||
if newKeyPair.Leaf, err = x509.ParseCertificate(newKeyPair.Certificate[0]); err != nil {
|
||||
newError("ignoring invalid certificate").Base(err).AtError().WriteToLog()
|
||||
errors.LogErrorInner(context.Background(), err, "ignoring invalid certificate")
|
||||
<-t.C
|
||||
continue
|
||||
}
|
||||
|
|
@ -100,7 +102,7 @@ func (c *Config) BuildCertificates() []*tls.Certificate {
|
|||
}
|
||||
if isOcspstapling {
|
||||
if newOCSPData, err := ocsp.GetOCSPForCert(cert.Certificate); err != nil {
|
||||
newError("ignoring invalid OCSP").Base(err).AtWarning().WriteToLog()
|
||||
errors.LogWarningInner(context.Background(), err, "ignoring invalid OCSP")
|
||||
} else if string(newOCSPData) != string(cert.OCSPStaple) {
|
||||
cert.OCSPStaple = newOCSPData
|
||||
}
|
||||
|
|
@ -128,11 +130,11 @@ func isCertificateExpired(c *tls.Certificate) bool {
|
|||
func issueCertificate(rawCA *Certificate, domain string) (*tls.Certificate, error) {
|
||||
parent, err := cert.ParseCertificate(rawCA.Certificate, rawCA.Key)
|
||||
if err != nil {
|
||||
return nil, newError("failed to parse raw certificate").Base(err)
|
||||
return nil, errors.New("failed to parse raw certificate").Base(err)
|
||||
}
|
||||
newCert, err := cert.Generate(parent, cert.CommonName(domain), cert.DNSNames(domain))
|
||||
if err != nil {
|
||||
return nil, newError("failed to generate new certificate for ", domain).Base(err)
|
||||
return nil, errors.New("failed to generate new certificate for ", domain).Base(err)
|
||||
}
|
||||
newCertPEM, newKeyPEM := newCert.ToPEM()
|
||||
cert, err := tls.X509KeyPair(newCertPEM, newKeyPEM)
|
||||
|
|
@ -176,7 +178,7 @@ func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.Cli
|
|||
newCerts = append(newCerts, certificate)
|
||||
} else if certificate.Leaf != nil {
|
||||
expTime := certificate.Leaf.NotAfter.Format(time.RFC3339)
|
||||
newError("old certificate for ", domain, " (expire on ", expTime, ") discarded").AtInfo().WriteToLog()
|
||||
errors.LogInfo(context.Background(), "old certificate for ", domain, " (expire on ", expTime, ") discarded")
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -191,16 +193,16 @@ func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.Cli
|
|||
if rawCert.Usage == Certificate_AUTHORITY_ISSUE {
|
||||
newCert, err := issueCertificate(rawCert, domain)
|
||||
if err != nil {
|
||||
newError("failed to issue new certificate for ", domain).Base(err).WriteToLog()
|
||||
errors.LogInfoInner(context.Background(), err, "failed to issue new certificate for ", domain)
|
||||
continue
|
||||
}
|
||||
parsed, err := x509.ParseCertificate(newCert.Certificate[0])
|
||||
if err == nil {
|
||||
newCert.Leaf = parsed
|
||||
expTime := parsed.NotAfter.Format(time.RFC3339)
|
||||
newError("new certificate for ", domain, " (expire on ", expTime, ") issued").AtInfo().WriteToLog()
|
||||
errors.LogInfo(context.Background(), "new certificate for ", domain, " (expire on ", expTime, ") issued")
|
||||
} else {
|
||||
newError("failed to parse new certificate for ", domain).Base(err).WriteToLog()
|
||||
errors.LogInfoInner(context.Background(), err, "failed to parse new certificate for ", domain)
|
||||
}
|
||||
|
||||
access.Lock()
|
||||
|
|
@ -212,7 +214,7 @@ func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.Cli
|
|||
}
|
||||
|
||||
if issuedCertificate == nil {
|
||||
return nil, newError("failed to create a new certificate for ", domain)
|
||||
return nil, errors.New("failed to create a new certificate for ", domain)
|
||||
}
|
||||
|
||||
access.Lock()
|
||||
|
|
@ -265,7 +267,7 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
|
|||
return nil
|
||||
}
|
||||
}
|
||||
return newError("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue))
|
||||
return errors.New("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue))
|
||||
}
|
||||
|
||||
if c.PinnedPeerCertificatePublicKeySha256 != nil {
|
||||
|
|
@ -279,7 +281,7 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
|
|||
}
|
||||
}
|
||||
}
|
||||
return newError("peer public key is unrecognized.")
|
||||
return errors.New("peer public key is unrecognized.")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
@ -288,7 +290,7 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
|
|||
func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
|
||||
root, err := c.getCertPool()
|
||||
if err != nil {
|
||||
newError("failed to load system root certificate").AtError().Base(err).WriteToLog()
|
||||
errors.LogErrorInner(context.Background(), err, "failed to load system root certificate")
|
||||
}
|
||||
|
||||
if c == nil {
|
||||
|
|
@ -366,7 +368,7 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
|
|||
if len(c.MasterKeyLog) > 0 && c.MasterKeyLog != "none" {
|
||||
writer, err := os.OpenFile(c.MasterKeyLog, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0644)
|
||||
if err != nil {
|
||||
newError("failed to open ", c.MasterKeyLog, " as master key log").AtError().Base(err).WriteToLog()
|
||||
errors.LogErrorInner(context.Background(), err, "failed to open ", c.MasterKeyLog, " as master key log")
|
||||
} else {
|
||||
config.KeyLogWriter = writer
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ package tls
|
|||
import (
|
||||
"crypto/x509"
|
||||
"sync"
|
||||
|
||||
"github.com/xtls/xray-core/common/errors"
|
||||
)
|
||||
|
||||
type rootCertsCache struct {
|
||||
|
|
@ -42,11 +44,11 @@ func (c *Config) getCertPool() (*x509.CertPool, error) {
|
|||
|
||||
pool, err := x509.SystemCertPool()
|
||||
if err != nil {
|
||||
return nil, newError("system root").AtWarning().Base(err)
|
||||
return nil, errors.New("system root").AtWarning().Base(err)
|
||||
}
|
||||
for _, cert := range c.Certificate {
|
||||
if !pool.AppendCertsFromPEM(cert.Certificate) {
|
||||
return nil, newError("append cert to root").AtWarning().Base(err)
|
||||
return nil, errors.New("append cert to root").AtWarning().Base(err)
|
||||
}
|
||||
}
|
||||
return pool, err
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
package tls
|
||||
|
||||
import "github.com/xtls/xray-core/common/errors"
|
||||
|
||||
type errPathObjHolder struct{}
|
||||
|
||||
func newError(values ...interface{}) *errors.Error {
|
||||
return errors.New(values...).WithPathObj(errPathObjHolder{})
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue