publishECHConfigs publishes any configs that are configured for publication and which haven't been published already.
(logger *zap.Logger)
| 312 | |
| 313 | // publishECHConfigs publishes any configs that are configured for publication and which haven't been published already. |
| 314 | func (t *TLS) publishECHConfigs(logger *zap.Logger) error { |
| 315 | // make publication exclusive, since we don't need to repeat this unnecessarily |
| 316 | storage := t.ctx.Storage() |
| 317 | const echLockName = "ech_publish" |
| 318 | if err := storage.Lock(t.ctx, echLockName); err != nil { |
| 319 | return err |
| 320 | } |
| 321 | defer func() { |
| 322 | if err := storage.Unlock(t.ctx, echLockName); err != nil { |
| 323 | logger.Error("unable to unlock ECH provisioning in storage", zap.Error(err)) |
| 324 | } |
| 325 | }() |
| 326 | |
| 327 | // get the publication config, or use a default if not specified |
| 328 | // (the default publication config should be to publish all ECH |
| 329 | // configs to the app-global DNS provider; if no DNS provider is |
| 330 | // configured, then this whole function is basically a no-op) |
| 331 | publicationList := t.EncryptedClientHello.Publication |
| 332 | if publicationList == nil { |
| 333 | if dnsProv, ok := t.dns.(ECHDNSProvider); ok { |
| 334 | publicationList = []*ECHPublication{ |
| 335 | { |
| 336 | publishers: []ECHPublisher{ |
| 337 | &ECHDNSPublisher{ |
| 338 | provider: dnsProv, |
| 339 | logger: logger, |
| 340 | }, |
| 341 | }, |
| 342 | }, |
| 343 | } |
| 344 | } |
| 345 | } |
| 346 | |
| 347 | // for each publication config, build the list of ECH configs to |
| 348 | // publish with it, and figure out which inner names to publish |
| 349 | // to/for, then publish |
| 350 | for _, publication := range publicationList { |
| 351 | t.EncryptedClientHello.configsMu.RLock() |
| 352 | // this publication is either configured for specific ECH configs, |
| 353 | // or we just use an implied default of all ECH configs |
| 354 | var echCfgList echConfigList |
| 355 | var configIDs []uint8 // TODO: use IDs or the outer names? |
| 356 | if publication.Configs == nil { |
| 357 | // by default, publish all configs |
| 358 | for _, configs := range t.EncryptedClientHello.configs { |
| 359 | echCfgList = append(echCfgList, configs...) |
| 360 | for _, c := range configs { |
| 361 | configIDs = append(configIDs, c.ConfigID) |
| 362 | } |
| 363 | } |
| 364 | } else { |
| 365 | for _, cfgOuterName := range publication.Configs { |
| 366 | if cfgList, ok := t.EncryptedClientHello.configs[cfgOuterName]; ok { |
| 367 | echCfgList = append(echCfgList, cfgList...) |
| 368 | for _, c := range cfgList { |
| 369 | configIDs = append(configIDs, c.ConfigID) |
| 370 | } |
| 371 | } |
no test coverage detected