api/pkg/plugins/tls_interceptor/protocol_options.go
Peter Kurfer a720b0ee41
Initial working version
* supports HTTP
* support TLS interception e.g. for HTTPS
* support CA generation via cli
* first draft of plugin API
* support commands from plugins
* includes Dockerfile
* includes basic configuration
2020-04-01 04:08:21 +02:00

78 lines
2.1 KiB
Go

package main
import (
"fmt"
"github.com/spf13/viper"
"time"
)
const (
certCachePathConfigKey = "certCachePath"
ecdsaCurveConfigKey = "ecdsaCurve"
targetIpAddressConfigKey = "target.ipAddress"
targetPortConfigKey = "target.port"
publicKeyConfigKey = "rootCaCert.publicKey"
privateKeyPathConfigKey = "rootCaCert.privateKey"
caCertValidityNotBeforeKey = "validity.ca.notBeforeRelative"
caCertValidityNotAfterKey = "validity.ca.notAfterRelative"
domainCertValidityNotBeforeKey = "validity.domain.notBeforeRelative"
domainCertValidityNotAfterKey = "validity.domain.notAfterRelative"
)
type cert struct {
publicKeyPath string
privateKeyPath string
}
type certValidity struct {
notBeforeRelative time.Duration
notAfterRelative time.Duration
}
type validity struct {
ca certValidity
domain certValidity
}
type redirectionTarget struct {
ipAddress string
port uint16
}
func (rt redirectionTarget) address() string {
return fmt.Sprintf("%s:%d", rt.ipAddress, rt.port)
}
type tlsOptions struct {
rootCaCert cert
certCachePath string
redirectionTarget redirectionTarget
ecdsaCurve curveType
validity validity
}
func loadFromConfig(config *viper.Viper) *tlsOptions {
return &tlsOptions{
certCachePath: config.GetString(certCachePathConfigKey),
ecdsaCurve: curveType(config.GetString(ecdsaCurveConfigKey)),
redirectionTarget: redirectionTarget{
ipAddress: config.GetString(targetIpAddressConfigKey),
port: uint16(config.GetInt(targetPortConfigKey)),
},
validity: validity{
ca: certValidity{
notBeforeRelative: config.GetDuration(caCertValidityNotBeforeKey),
notAfterRelative: config.GetDuration(caCertValidityNotAfterKey),
},
domain: certValidity{
notBeforeRelative: config.GetDuration(domainCertValidityNotBeforeKey),
notAfterRelative: config.GetDuration(domainCertValidityNotAfterKey),
},
},
rootCaCert: cert{
publicKeyPath: config.GetString(publicKeyConfigKey),
privateKeyPath: config.GetString(privateKeyPathConfigKey),
},
}
}