@@ -5,7 +5,7 @@ use const_oid::db::rfc5280::{ID_KP_CLIENT_AUTH, ID_KP_SERVER_AUTH};
55use rsa:: pkcs8:: EncodePublicKey ;
66use snafu:: { ResultExt , Snafu } ;
77use stackable_operator:: time:: Duration ;
8- use tracing:: { debug, warn} ;
8+ use tracing:: { debug, instrument , warn} ;
99use x509_cert:: {
1010 builder:: { Builder , Profile } ,
1111 der:: { DecodePem , asn1:: Ia5String } ,
@@ -98,12 +98,12 @@ where
9898 /// Optional list of subject alternative name DNS entries
9999/// that are added to the certificate.
100100#[ builder( default ) ]
101- subject_alterative_dns_names : & ' a [ & ' a str ] ,
101+ subject_alternative_dns_names : & ' a [ & ' a str ] ,
102102
103103 /// Optional list of subject alternative name IP address entries
104104/// that are added to the certificate.
105105#[ builder( default ) ]
106- subject_alterative_ip_addresses : & ' a [ IpAddr ] ,
106+ subject_alternative_ip_addresses : & ' a [ IpAddr ] ,
107107
108108 /// Validity/lifetime of the certificate.
109109///
@@ -132,19 +132,24 @@ where
132132 }
133133}
134134
135- impl < KP > CertificateBuilder < ' _ , KP >
135+ impl < SKP > CertificateBuilder < ' _ , SKP >
136136where
137- KP : CertificateKeypair ,
138- <KP :: SigningKey as signature:: Keypair >:: VerifyingKey : EncodePublicKey ,
137+ SKP : CertificateKeypair ,
138+ <SKP :: SigningKey as signature:: Keypair >:: VerifyingKey : EncodePublicKey ,
139139{
140- pub fn build ( self ) -> Result < CertificatePair < KP > , CreateCertificateError < KP :: Error > > {
140+ #[ instrument(
141+ name = "build_certificate" ,
142+ skip( self ) ,
143+ fields( subject = self . subject) ,
144+ ) ]
145+ pub fn build ( self ) -> Result < CertificatePair < SKP > , CreateCertificateError < SKP :: Error > > {
141146 let validity = Validity :: from_now ( * self . validity ) . context ( ParseValiditySnafu ) ?;
142147 let subject: Name = self . subject . parse ( ) . context ( ParseSubjectSnafu {
143148 subject : self . subject ,
144149 } ) ?;
145150 let key_pair = match self . key_pair {
146151 Some ( key_pair) => key_pair,
147- None => KP :: new ( ) . context ( CreateKeyPairSnafu ) ?,
152+ None => SKP :: new ( ) . context ( CreateKeyPairSnafu ) ?,
148153 } ;
149154 let serial_number = SerialNumber :: from ( rand:: random :: < u64 > ( ) ) ;
150155
@@ -170,6 +175,18 @@ where
170175 let spki = SubjectPublicKeyInfoOwned :: from_pem ( spki_pem. as_bytes ( ) )
171176 . context ( DecodeSpkiFromPemSnafu ) ?;
172177
178+ debug ! (
179+ certificate. subject = %subject,
180+ certificate. not_after = %validity. not_after,
181+ certificate. not_before = %validity. not_before,
182+ certificate. serial = %serial_number,
183+ certificate. san. dns_names = ?self . subject_alternative_dns_names,
184+ certificate. san. ip_addresses = ?self . subject_alternative_ip_addresses,
185+ certificate. signed_by. issuer = %self . signed_by. issuer_name( ) ,
186+ certificate. public_key. algorithm = SKP :: algorithm_name( ) ,
187+ certificate. public_key. size = SKP :: key_size( ) ,
188+ "creating and signing certificate"
189+ ) ;
173190 let signing_key = self . signed_by . signing_key ( ) ;
174191 let mut builder = x509_cert:: builder:: CertificateBuilder :: new (
175192 Profile :: Leaf {
@@ -194,28 +211,27 @@ where
194211 ] ) )
195212 . context ( AddCertificateExtensionSnafu ) ?;
196213
197- let san_dns = self . subject_alterative_dns_names . iter ( ) . map ( |dns_name| {
214+ let san_dns = self . subject_alternative_dns_names . iter ( ) . map ( |dns_name| {
198215 Ok ( GeneralName :: DnsName (
199216 Ia5String :: new ( dns_name) . with_context ( |_| ParseSubjectAlternativeDnsNameSnafu {
200217 subject_alternative_dns_name : dns_name. to_string ( ) ,
201218 } ) ?,
202219 ) )
203220 } ) ;
204221 let san_ips = self
205- . subject_alterative_ip_addresses
222+ . subject_alternative_ip_addresses
206223 . iter ( )
207224 . copied ( )
208225 . map ( GeneralName :: from)
209226 . map ( Result :: Ok ) ;
210227 let sans = san_dns
211228 . chain ( san_ips)
212- . collect :: < Result < Vec < _ > , CreateCertificateError < KP :: Error > > > ( ) ?;
229+ . collect :: < Result < Vec < _ > , CreateCertificateError < SKP :: Error > > > ( ) ?;
213230
214231 builder
215232 . add_extension ( & SubjectAltName ( sans) )
216233 . context ( AddCertificateExtensionSnafu ) ?;
217234
218- debug ! ( "create and sign leaf certificate" ) ;
219235 let certificate = builder. build ( ) . context ( BuildCertificateSnafu ) ?;
220236
221237 Ok ( CertificatePair {
@@ -271,8 +287,8 @@ mod tests {
271287
272288 let certificate = CertificatePair :: builder ( )
273289 . subject ( "CN=trino-coordinator-default-0" )
274- . subject_alterative_dns_names ( & sans)
275- . subject_alterative_ip_addresses ( & san_ips)
290+ . subject_alternative_dns_names ( & sans)
291+ . subject_alternative_ip_addresses ( & san_ips)
276292 . validity ( Duration :: from_days_unchecked ( 42 ) )
277293 . key_pair ( rsa:: SigningKey :: new ( ) . unwrap ( ) )
278294 . signed_by ( & ca)
0 commit comments