Peter Kurfer
7c2a41ad25
- apply changes in proxy plugin and TLS interceptor - add HTTPS proxy support - move ca-generation command to main app - minor refactoring to improve API stability - move mocks to extra packages to avoid cycling imports - fix bug in multi-port configuration - change HTTP proxy to redirect to HTTP mock instead of maintaining custom rules
79 lines
2 KiB
Go
79 lines
2 KiB
Go
package cert
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/spf13/viper"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
var (
|
|
requiredConfigKeys = []string{
|
|
publicKeyConfigKey,
|
|
privateKeyPathConfigKey,
|
|
}
|
|
)
|
|
|
|
type CurveType string
|
|
|
|
type File struct {
|
|
PublicKeyPath string
|
|
PrivateKeyPath string
|
|
}
|
|
|
|
type ValidityDuration struct {
|
|
NotBeforeRelative time.Duration
|
|
NotAfterRelative time.Duration
|
|
}
|
|
|
|
type ValidityByPurpose struct {
|
|
CA ValidityDuration
|
|
Server ValidityDuration
|
|
}
|
|
|
|
type Options struct {
|
|
RootCACert File
|
|
CertCachePath string
|
|
Curve CurveType
|
|
Validity ValidityByPurpose
|
|
}
|
|
|
|
func loadFromConfig(config *viper.Viper) (Options, error) {
|
|
missingKeys := make([]string, 0)
|
|
for _, requiredKey := range requiredConfigKeys {
|
|
if !config.IsSet(requiredKey) {
|
|
missingKeys = append(missingKeys, requiredKey)
|
|
}
|
|
}
|
|
|
|
if len(missingKeys) > 0 {
|
|
return Options{}, fmt.Errorf("config keys are missing: %s", strings.Join(missingKeys, ", "))
|
|
}
|
|
|
|
config.SetDefault(certCachePathConfigKey, os.TempDir())
|
|
config.SetDefault(ecdsaCurveConfigKey, string(CurveTypeED25519))
|
|
config.SetDefault(caCertValidityNotBeforeKey, defaultCAValidityDuration)
|
|
config.SetDefault(caCertValidityNotAfterKey, defaultCAValidityDuration)
|
|
config.SetDefault(serverCertValidityNotBeforeKey, defaultServerValidityDuration)
|
|
config.SetDefault(serverCertValidityNotAfterKey, defaultServerValidityDuration)
|
|
|
|
return Options{
|
|
CertCachePath: config.GetString(certCachePathConfigKey),
|
|
Curve: CurveType(config.GetString(ecdsaCurveConfigKey)),
|
|
Validity: ValidityByPurpose{
|
|
CA: ValidityDuration{
|
|
NotBeforeRelative: config.GetDuration(caCertValidityNotBeforeKey),
|
|
NotAfterRelative: config.GetDuration(caCertValidityNotAfterKey),
|
|
},
|
|
Server: ValidityDuration{
|
|
NotBeforeRelative: config.GetDuration(serverCertValidityNotBeforeKey),
|
|
NotAfterRelative: config.GetDuration(serverCertValidityNotAfterKey),
|
|
},
|
|
},
|
|
RootCACert: File{
|
|
PublicKeyPath: config.GetString(publicKeyConfigKey),
|
|
PrivateKeyPath: config.GetString(privateKeyPathConfigKey),
|
|
},
|
|
}, nil
|
|
}
|