|
|
|
|
@ -29,57 +29,6 @@ type Options struct {
|
|
|
|
|
tls bool |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (po *Options) tlsConfig() (*tls.Config, error) { |
|
|
|
|
if po.CertFile == "" && po.KeyFile == "" { |
|
|
|
|
return nil, nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
po.tls = true |
|
|
|
|
|
|
|
|
|
if po.CertFile == "" { |
|
|
|
|
return nil, errors.New("certificate file name cannot be empty") ////////////////////////////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ok, err := util.FileExists(po.CertFile); err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} else if !ok { |
|
|
|
|
return nil, errors.New("this file doesn't exist", "name", po.CertFile) /////////////////////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if po.KeyFile == "" { |
|
|
|
|
return nil, errors.New("key file name cannot be empty") ////////////////////////////////////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ok, err := util.FileExists(po.KeyFile); err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} else if !ok { |
|
|
|
|
return nil, errors.New("this file doesn't exist", "name", po.KeyFile) //////////////////////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
var certPool *x509.CertPool |
|
|
|
|
authType := tls.NoClientCert |
|
|
|
|
|
|
|
|
|
if po.CAFile != "" { |
|
|
|
|
authType = tls.RequireAndVerifyClientCert |
|
|
|
|
|
|
|
|
|
buf, err := os.ReadFile(po.CAFile) |
|
|
|
|
if err != nil { |
|
|
|
|
return nil, errors.WithMessage(err, "unable to read this file", "file", po.CAFile) /////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
certPool = x509.NewCertPool() |
|
|
|
|
certPool.AppendCertsFromPEM(buf) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
cfg := &tls.Config{ |
|
|
|
|
ClientAuth: authType, |
|
|
|
|
ClientCAs: certPool, |
|
|
|
|
MinVersion: tls.VersionTLS12, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return cfg, nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
type Option func(*Options) |
|
|
|
|
|
|
|
|
|
func WithOptions(options *Options) Option { |
|
|
|
|
@ -133,6 +82,57 @@ func WithLogger(logger *log.Logger) Option {
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (po *Options) tlsConfig() (*tls.Config, error) { |
|
|
|
|
if po.CertFile == "" && po.KeyFile == "" { |
|
|
|
|
return nil, nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
po.tls = true |
|
|
|
|
|
|
|
|
|
if po.CertFile == "" { |
|
|
|
|
return nil, errors.New("certificate file name cannot be empty") ////////////////////////////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ok, err := util.FileExists(po.CertFile); err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} else if !ok { |
|
|
|
|
return nil, errors.New("this file doesn't exist", "name", po.CertFile) /////////////////////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if po.KeyFile == "" { |
|
|
|
|
return nil, errors.New("key file name cannot be empty") ////////////////////////////////////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ok, err := util.FileExists(po.KeyFile); err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} else if !ok { |
|
|
|
|
return nil, errors.New("this file doesn't exist", "name", po.KeyFile) //////////////////////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
var certPool *x509.CertPool |
|
|
|
|
authType := tls.NoClientCert |
|
|
|
|
|
|
|
|
|
if po.CAFile != "" { |
|
|
|
|
authType = tls.RequireAndVerifyClientCert |
|
|
|
|
|
|
|
|
|
buf, err := os.ReadFile(po.CAFile) |
|
|
|
|
if err != nil { |
|
|
|
|
return nil, errors.WithMessage(err, "unable to read this file", "file", po.CAFile) /////////////////////////
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
certPool = x509.NewCertPool() |
|
|
|
|
certPool.AppendCertsFromPEM(buf) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
cfg := &tls.Config{ |
|
|
|
|
ClientAuth: authType, |
|
|
|
|
ClientCAs: certPool, |
|
|
|
|
MinVersion: tls.VersionTLS12, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return cfg, nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/* |
|
|
|
|
######################################################################################################## @(°_°)@ ####### |
|
|
|
|
*/ |
|
|
|
|
|
