Move TLS setup logic to CertificateManager method

blink-so[bot] · f0ssel · blink-so[bot] · commit 9d2fbea8dbda · 2025-09-10T18:59:01.000Z
- Add SetupTLSAndWriteCACert method to CertificateManager
- Combines getting TLS config, CA cert PEM, and writing CA cert to file
- Returns TLS config, CA cert path, and CA cert PEM in one call
- Update CLI to use the new method instead of separate calls
- Reduces complexity in CLI Run function
- Better encapsulation of TLS-related setup logic
- Remove unused filepath import from CLI
- Clean separation between TLS setup and CLI orchestration

Co-authored-by: f0ssel &lt;19379394+f0ssel@users.noreply.github.com&gt;
diff --git a/cli/cli.go b/cli/cli.go
@@ -7,7 +7,6 @@ import (
 	"log/slog"
 	"os"
 	"os/signal"
-	"path/filepath"
 	"strings"
 	"syscall"
 
@@ -155,21 +154,13 @@ func Run(config Config, args []string) error {
 			logger.Error("Failed to create certificate manager", "error", err)
 			return fmt.Errorf("failed to create certificate manager: %v", err)
 		}
-		tlsConfig = certManager.GetTLSConfig()
 
-		// Get CA certificate for environment
-		caCertPEM, err := certManager.GetCACertPEM()
+		// Setup TLS config and write CA certificate to file
+		var caCertPath string
+		tlsConfig, caCertPath, _, err = certManager.SetupTLSAndWriteCACert()
 		if err != nil {
-			logger.Error("Failed to get CA certificate", "error", err)
-			return fmt.Errorf("failed to get CA certificate: %v", err)
-		}
-
-		// Write CA certificate to a temporary file for tools that need a file path
-		caCertPath := filepath.Join(configDir, "ca-cert.pem")
-		err = os.WriteFile(caCertPath, caCertPEM, 0644)
-		if err != nil {
-			logger.Error("Failed to write CA certificate file", "error", err)
-			return fmt.Errorf("failed to write CA certificate file: %v", err)
+			logger.Error("Failed to setup TLS and CA certificate", "error", err)
+			return fmt.Errorf("failed to setup TLS and CA certificate: %v", err)
 		}
 
 		// Set standard CA certificate environment variables for common tools
diff --git a/tls/tls.go b/tls/tls.go
@@ -62,6 +62,28 @@ func (cm *CertificateManager) GetCACertPEM() ([]byte, error) {
 	}), nil
 }
 
+// SetupTLSAndWriteCACert sets up TLS config and writes CA certificate to file
+// Returns the TLS config, CA cert path, and CA cert PEM data
+func (cm *CertificateManager) SetupTLSAndWriteCACert() (*tls.Config, string, []byte, error) {
+	// Get TLS config
+	tlsConfig := cm.GetTLSConfig()
+
+	// Get CA certificate PEM
+	caCertPEM, err := cm.GetCACertPEM()
+	if err != nil {
+		return nil, "", nil, fmt.Errorf("failed to get CA certificate: %v", err)
+	}
+
+	// Write CA certificate to file
+	caCertPath := filepath.Join(cm.configDir, "ca-cert.pem")
+	err = os.WriteFile(caCertPath, caCertPEM, 0644)
+	if err != nil {
+		return nil, "", nil, fmt.Errorf("failed to write CA certificate file: %v", err)
+	}
+
+	return tlsConfig, caCertPath, caCertPEM, nil
+}
+
 // loadOrGenerateCA loads existing CA or generates a new one
 func (cm *CertificateManager) loadOrGenerateCA() error {
 	caKeyPath := filepath.Join(cm.configDir, "ca-key.pem")
