setConfigsFromStorage sets the ECH configs in memory to those in storage. It must be called in a write lock on ech.configsMu.
(ctx caddy.Context, logger *zap.Logger)
| 146 | // setConfigsFromStorage sets the ECH configs in memory to those in storage. |
| 147 | // It must be called in a write lock on ech.configsMu. |
| 148 | func (ech *ECH) setConfigsFromStorage(ctx caddy.Context, logger *zap.Logger) ([]string, error) { |
| 149 | storage := ctx.Storage() |
| 150 | |
| 151 | ech.configs = make(map[string][]echConfig) |
| 152 | |
| 153 | var outerNames []string |
| 154 | |
| 155 | // start by loading all the existing configs (even the older ones on the way out, |
| 156 | // since some clients may still be using them if they haven't yet picked up on the |
| 157 | // new configs) |
| 158 | cfgKeys, err := storage.List(ctx, echConfigsKey, false) |
| 159 | if err != nil && !errors.Is(err, fs.ErrNotExist) { // OK if dir doesn't exist; it will be created |
| 160 | return nil, err |
| 161 | } |
| 162 | for _, cfgKey := range cfgKeys { |
| 163 | cfg, err := loadECHConfig(ctx, path.Base(cfgKey)) |
| 164 | if err != nil { |
| 165 | return nil, err |
| 166 | } |
| 167 | // if any part of the config's folder was corrupted, the load function will |
| 168 | // clean it up and not return an error, since configs are immutable and |
| 169 | // fairly ephemeral... so just check that we actually got a populated config |
| 170 | if cfg.configBin == nil || cfg.privKeyBin == nil { |
| 171 | continue |
| 172 | } |
| 173 | logger.Debug("loaded ECH config", |
| 174 | zap.String("public_name", cfg.RawPublicName), |
| 175 | zap.Uint8("id", cfg.ConfigID)) |
| 176 | if _, seen := ech.configs[cfg.RawPublicName]; !seen { |
| 177 | outerNames = append(outerNames, cfg.RawPublicName) |
| 178 | } |
| 179 | ech.configs[cfg.RawPublicName] = append(ech.configs[cfg.RawPublicName], cfg) |
| 180 | } |
| 181 | |
| 182 | return outerNames, nil |
| 183 | } |
| 184 | |
| 185 | // rotateECHKeys updates the ECH keys/configs that are outdated if rotation is needed. |
| 186 | // It should be called in a write lock on ech.configsMu. If a lock is already obtained |
no test coverage detected