chore: rename server_cert to peer_cert

Signed-off-by: themanforfree <[email protected]>
xline-kv · Mar 8, 2024 · 0709eea · 0709eea
1 parent 23b6b03
commit 0709eea
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 36 deletions.
diff --git a/crates/utils/src/config.rs b/crates/utils/src/config.rs
@@ -945,16 +945,16 @@ impl AuthConfig {
 #[non_exhaustive]
 #[derive(Clone, Debug, Deserialize, PartialEq, Eq, Getters, Default)]
 pub struct TlsConfig {
-    /// The CA certificate file used by server to verify client certificates
+    /// The CA certificate file used by peer to verify client certificates
     #[getset(get = "pub")]
-    pub server_ca_cert_path: Option<PathBuf>,
-    /// The public key file used by server
+    pub peer_ca_cert_path: Option<PathBuf>,
+    /// The public key file used by peer
     #[getset(get = "pub")]
-    pub server_cert_path: Option<PathBuf>,
-    /// The private key file used by server
+    pub peer_cert_path: Option<PathBuf>,
+    /// The private key file used by peer
     #[getset(get = "pub")]
-    pub server_key_path: Option<PathBuf>,
-    /// The CA certificate file used by client to verify server certificates
+    pub peer_key_path: Option<PathBuf>,
+    /// The CA certificate file used by client to verify peer certificates
     #[getset(get = "pub")]
     pub client_ca_cert_path: Option<PathBuf>,
     /// The public key file used by client
@@ -970,17 +970,17 @@ impl TlsConfig {
     #[must_use]
     #[inline]
     pub fn new(
-        server_ca_cert_path: Option<PathBuf>,
-        server_cert_path: Option<PathBuf>,
-        server_key_path: Option<PathBuf>,
+        peer_ca_cert_path: Option<PathBuf>,
+        peer_cert_path: Option<PathBuf>,
+        peer_key_path: Option<PathBuf>,
         client_ca_cert_path: Option<PathBuf>,
         client_cert_path: Option<PathBuf>,
         client_key_path: Option<PathBuf>,
     ) -> Self {
         Self {
-            server_ca_cert_path,
-            server_cert_path,
-            server_key_path,
+            peer_ca_cert_path,
+            peer_cert_path,
+            peer_key_path,
             client_ca_cert_path,
             client_cert_path,
             client_key_path,
@@ -991,7 +991,7 @@ impl TlsConfig {
     #[must_use]
     #[inline]
     pub fn server_tls_enabled(&self) -> bool {
-        self.server_cert_path.is_some() && self.server_key_path.is_some()
+        self.peer_cert_path.is_some() && self.peer_key_path.is_some()
     }
 }
 
@@ -1237,8 +1237,8 @@ mod tests {
             auth_private_key = './private_key.pem'
 
             [tls]
-            server_cert_path = './cert.pem'
-            server_key_path = './key.pem'
+            peer_cert_path = './cert.pem'
+            peer_key_path = './key.pem'
             client_ca_cert_path = './ca.pem'
 
             [metrics]
@@ -1344,8 +1344,8 @@ mod tests {
         assert_eq!(
             config.tls,
             TlsConfig {
-                server_cert_path: Some(PathBuf::from("./cert.pem")),
-                server_key_path: Some(PathBuf::from("./key.pem")),
+                peer_cert_path: Some(PathBuf::from("./cert.pem")),
+                peer_key_path: Some(PathBuf::from("./key.pem")),
                 client_ca_cert_path: Some(PathBuf::from("./ca.pem")),
                 ..Default::default()
             }

diff --git a/crates/xline/src/server/xline_server.rs b/crates/xline/src/server/xline_server.rs
@@ -662,9 +662,9 @@ impl XlineServer {
             _ => None,
         };
         let server_tls_config = match (
-            tls_config.server_ca_cert_path().as_ref(),
-            tls_config.server_cert_path().as_ref(),
-            tls_config.server_key_path().as_ref(),
+            tls_config.peer_ca_cert_path().as_ref(),
+            tls_config.peer_cert_path().as_ref(),
+            tls_config.peer_key_path().as_ref(),
         ) {
             (Some(ca_path), Some(cert_path), Some(key_path)) => {
                 let ca = fs::read(ca_path).await?;
@@ -682,9 +682,7 @@ impl XlineServer {
                 Some(ServerTlsConfig::new().identity(Identity::from_pem(cert, key)))
             }
             (_, Some(_), None) | (_, None, Some(_)) => {
-                return Err(anyhow!(
-                    "client_cert_path and client_key_path must be both set"
-                ))
+                return Err(anyhow!("peer_cert_path and peer_key_path must be both set"))
             }
             _ => None,
         };

diff --git a/crates/xline/src/utils/args.rs b/crates/xline/src/utils/args.rs
@@ -193,13 +193,13 @@ pub struct ServerArgs {
     quota: Option<u64>,
     /// Server ca certificate path, used to verify client certificate
     #[clap(long)]
-    server_ca_cert_path: Option<PathBuf>,
+    peer_ca_cert_path: Option<PathBuf>,
     /// Server certificate path
     #[clap(long)]
-    server_cert_path: Option<PathBuf>,
+    peer_cert_path: Option<PathBuf>,
     /// Server private key path
     #[clap(long)]
-    server_key_path: Option<PathBuf>,
+    peer_key_path: Option<PathBuf>,
     /// Client ca certificate path, used to verify server certificate
     #[clap(long)]
     client_ca_cert_path: Option<PathBuf>,
@@ -315,9 +315,9 @@ impl From<ServerArgs> for XlineServerConfig {
             auto_compactor_cfg,
         );
         let tls = TlsConfig::new(
-            args.server_ca_cert_path,
-            args.server_cert_path,
-            args.server_key_path,
+            args.peer_ca_cert_path,
+            args.peer_cert_path,
+            args.peer_key_path,
             args.client_ca_cert_path,
             args.client_cert_path,
             args.client_key_path,

diff --git a/scripts/certgen.sh b/scripts/certgen.sh
@@ -1,21 +1,27 @@
 #!/usr/bin/bash -x
 DIR=$(cd $(dirname $0); pwd)
 
+# root ca key and cert
 CA_KEY=${DIR}/certs/ca.key
 CA_CRT=${DIR}/certs/ca.crt
 
-SERVER_KEY=${DIR}/certs/server.key
-SERVER_CSR=${DIR}/certs/server.csr
-SERVER_CRT=${DIR}/certs/server.crt
+# the peer key and cert
+PEER_KEY=${DIR}/certs/peer.key
+PEER_CSR=${DIR}/certs/peer.csr
+PEER_CRT=${DIR}/certs/peer.crt
 
+
+# the client key and cert of user "root"
 ROOT_CLIENT_KEY=${DIR}/certs/root_client.key
 ROOT_CLIENT_CSR=${DIR}/certs/root_client.csr
 ROOT_CLIENT_CRT=${DIR}/certs/root_client.crt
 
+# the client key and cert of user "u1"
 U1_CLIENT_KEY=${DIR}/certs/u1_client.key
 U1_CLIENT_CSR=${DIR}/certs/u1_client.csr
 U1_CLIENT_CRT=${DIR}/certs/u1_client.crt
 
+# the client key and cert of user "u2"
 U2_CLIENT_KEY=${DIR}/certs/u2_client.key
 U2_CLIENT_CSR=${DIR}/certs/u2_client.csr
 U2_CLIENT_CRT=${DIR}/certs/u2_client.crt
@@ -45,9 +51,9 @@ EOF
 [ -f ${CA_CRT} ] || openssl req -x509 -new -nodes -key ${CA_KEY} -subj "/CN=ca" -days ${DAYS} -out ${CA_CRT} || exit 1
 
 
-[ -f ${SERVER_KEY} ] || openssl genrsa -out ${SERVER_KEY} 2048 || exit 1
-[ -f ${SERVER_CSR} ] || openssl req -new -key ${SERVER_KEY} -subj "/CN=server" -out ${SERVER_CSR} -config ${OPENSSL_CONF} || exit 1
-[ -f ${SERVER_CRT} ] || openssl x509 -req -in ${SERVER_CSR} -CA ${CA_CRT} -CAkey ${CA_KEY} -CAcreateserial -out ${SERVER_CRT} -days ${DAYS} -extensions v3_req  -extfile ${OPENSSL_CONF} || exit 1
+[ -f ${PEER_KEY} ] || openssl genrsa -out ${PEER_KEY} 2048 || exit 1
+[ -f ${PEER_CSR} ] || openssl req -new -key ${PEER_KEY} -subj "/CN=peer" -out ${PEER_CSR} -config ${OPENSSL_CONF} || exit 1
+[ -f ${PEER_CRT} ] || openssl x509 -req -in ${PEER_CSR} -CA ${CA_CRT} -CAkey ${CA_KEY} -CAcreateserial -out ${PEER_CRT} -days ${DAYS} -extensions v3_req  -extfile ${OPENSSL_CONF} || exit 1
 
 [ -f ${ROOT_CLIENT_KEY} ] || openssl genrsa -out ${ROOT_CLIENT_KEY} 2048 || exit 1
 [ -f ${ROOT_CLIENT_CSR} ] || openssl req -new -key ${ROOT_CLIENT_KEY} -subj "/CN=root" -out ${ROOT_CLIENT_CSR} -config ${OPENSSL_CONF} || exit 1