Upgrade certmagic from v0.14.1 to v0.15.2 (#18138)

2025-06-18 15:15:18 +00:00 · 2022-01-01 17:43:28 +08:00 · 2022-01-01 17:43:28 +08:00 · e9c9a35a61
commit e9c9a35a61
parent 385dc6a992
20 changed files with 294 additions and 142 deletions
--- a/vendor/github.com/caddyserver/certmagic/cache.go
+++ b/vendor/github.com/caddyserver/certmagic/cache.go
@ -194,6 +194,14 @@ func (certCache *Cache) cacheCertificate(cert Certificate) {
 func (certCache *Cache) unsyncedCacheCertificate(cert Certificate) {
 	// no-op if this certificate already exists in the cache
 	if _, ok := certCache.cache[cert.hash]; ok {
+		if certCache.logger != nil {
+			certCache.logger.Debug("certificate already cached",
+				zap.Strings("subjects", cert.Names),
+				zap.Time("expiration", cert.Leaf.NotAfter),
+				zap.Bool("managed", cert.managed),
+				zap.String("issuer_key", cert.issuerKey),
+				zap.String("hash", cert.hash))
+		}
 		return
 	}

@ -209,6 +217,13 @@ func (certCache *Cache) unsyncedCacheCertificate(cert Certificate) {
 		i := 0
 		for _, randomCert := range certCache.cache {
 			if i == rnd {
+				if certCache.logger != nil {
+					certCache.logger.Debug("cache full; evicting random certificate",
+						zap.Strings("removing_subjects", randomCert.Names),
+						zap.String("removing_hash", randomCert.hash),
+						zap.Strings("inserting_subjects", cert.Names),
+						zap.String("inserting_hash", cert.hash))
+				}
 				certCache.removeCertificate(randomCert)
 				break
 			}
@ -223,6 +238,17 @@ func (certCache *Cache) unsyncedCacheCertificate(cert Certificate) {
 	for _, name := range cert.Names {
 		certCache.cacheIndex[name] = append(certCache.cacheIndex[name], cert.hash)
 	}
+
+	if certCache.logger != nil {
+		certCache.logger.Debug("added certificate to cache",
+			zap.Strings("subjects", cert.Names),
+			zap.Time("expiration", cert.Leaf.NotAfter),
+			zap.Bool("managed", cert.managed),
+			zap.String("issuer_key", cert.issuerKey),
+			zap.String("hash", cert.hash),
+			zap.Int("cache_size", len(certCache.cache)),
+			zap.Int("cache_capacity", certCache.options.Capacity))
+	}
 }

 // removeCertificate removes cert from the cache.
@ -233,9 +259,10 @@ func (certCache *Cache) removeCertificate(cert Certificate) {
 	// delete all mentions of this cert from the name index
 	for _, name := range cert.Names {
 		keyList := certCache.cacheIndex[name]
-		for i, cacheKey := range keyList {
-			if cacheKey == cert.hash {
+		for i := 0; i < len(keyList); i++ {
+			if keyList[i] == cert.hash {
 				keyList = append(keyList[:i], keyList[i+1:]...)
+				i--
 			}
 		}
 		if len(keyList) == 0 {
@ -247,6 +274,17 @@ func (certCache *Cache) removeCertificate(cert Certificate) {

 	// delete the actual cert from the cache
 	delete(certCache.cache, cert.hash)
+
+	if certCache.logger != nil {
+		certCache.logger.Debug("removed certificate from cache",
+			zap.Strings("subjects", cert.Names),
+			zap.Time("expiration", cert.Leaf.NotAfter),
+			zap.Bool("managed", cert.managed),
+			zap.String("issuer_key", cert.issuerKey),
+			zap.String("hash", cert.hash),
+			zap.Int("cache_size", len(certCache.cache)),
+			zap.Int("cache_capacity", certCache.options.Capacity))
+	}
 }

 // replaceCertificate atomically replaces oldCert with newCert in
@ -260,7 +298,7 @@ func (certCache *Cache) replaceCertificate(oldCert, newCert Certificate) {
 	certCache.mu.Unlock()
 	if certCache.logger != nil {
 		certCache.logger.Info("replaced certificate in cache",
-			zap.Strings("identifiers", newCert.Names),
+			zap.Strings("subjects", newCert.Names),
 			zap.Time("new_expiration", newCert.Leaf.NotAfter))
 	}
 }