std::unique_ptr FizzConfigUtil::createCertManager()

in wangle/acceptor/FizzConfigUtil.cpp [32:75]

• 43 lines of code
• 8 McCabe index (conditional complexity)

std::unique_ptr<fizz::server::CertManager> FizzConfigUtil::createCertManager(
    const ServerSocketConfig& config,
    const std::shared_ptr<PasswordInFileFactory>& pwFactory) {
  auto certMgr = std::make_unique<fizz::server::CertManager>();
  auto loadedCert = false;
  for (const auto& sslConfig : config.sslContextConfigs) {
    for (const auto& cert : sslConfig.certificates) {
      try {
        std::unique_ptr<fizz::SelfCert> selfCert;
        if (cert.isBuffer) {
          selfCert = CertUtils::makeSelfCert(cert.certPath, cert.keyPath);
        } else {
          auto x509Chain = FizzUtil::readChainFile(cert.certPath);
          std::shared_ptr<folly::PasswordInFile> pw;
          if (pwFactory) {
            pw = pwFactory->getPasswordCollector(cert.passwordPath);
          } else {
            pw = std::make_shared<folly::PasswordInFile>(cert.passwordPath);
          }

          auto pkey = FizzUtil::readPrivateKey(cert.keyPath, pw);
          selfCert =
              CertUtils::makeSelfCert(std::move(x509Chain), std::move(pkey));
        }
        certMgr->addCert(std::move(selfCert), sslConfig.isDefault);
        loadedCert = true;
      } catch (const std::runtime_error& ex) {
        auto msg = folly::sformat(
            "Failed to load cert or key at key path {}, cert path {}",
            cert.keyPath,
            cert.certPath);
        if (config.strictSSL) {
          throw std::runtime_error(ex.what() + msg);
        } else {
          LOG(ERROR) << msg << ex.what();
        }
      }
    }
  }
  if (!loadedCert) {
    return nullptr;
  }
  return certMgr;
}