[GitHub] [apisix] membphis commented on a change in pull request #2179: bugfix: supported the encryption/decryption for multi priv keys

[GitBox <gi...@apache.org>]

membphis commented on a change in pull request #2179:
URL: https://github.com/apache/apisix/pull/2179#discussion_r489233605



##########
File path: apisix/http/router/radixtree_sni.lua
##########
@@ -62,6 +62,20 @@ local function parse_pem_priv_key(sni, pkey)
 end
 
 
+local function decrypt_priv_pkey(iv, key)
+    if str_find(key, "---") then

Review comment:
       should we use `core.string.has_prefix` here?

##########
File path: apisix/http/router/radixtree_sni.lua
##########
@@ -95,14 +109,22 @@ local function create_router(ssl_items)
             end
 
             -- decrypt private key
-            if aes_128_cbc_with_iv ~= nil and
-                not core.string.has_prefix(ssl.value.key, "---") then
-                local decrypted = aes_128_cbc_with_iv:decrypt(ngx_decode_base64(ssl.value.key))
-                if decrypted == nil then
-                    core.log.error("decrypt ssl key failed. key[", ssl.value.key, "] ")
-                else
+            if aes_128_cbc_with_iv ~= nil then
+                local decrypted = decrypt_priv_pkey(aes_128_cbc_with_iv,

Review comment:
       the `ssl.value.key` maybe nil. how about this code style?
   
   ```lua
   if ssl.value.key then
      ...
   end
   
   if ssl.value.keys then
       ...
   end
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org