Merge pull request #67 from freakhill/master

support for client certificate
This commit is contained in:
Iwasaki Yudai 2015-10-04 20:43:55 -07:00
commit 57923e98c4

View File

@ -2,6 +2,8 @@ package app
import (
"crypto/rand"
"crypto/tls"
"crypto/x509"
"encoding/base64"
"errors"
"io/ioutil"
@ -46,6 +48,8 @@ type Options struct {
EnableTLS bool `hcl:"enable_tls"`
TLSCrtFile string `hcl:"tls_crt_file"`
TLSKeyFile string `hcl:"tls_key_file"`
VerifyClientCert bool `hcl:"verify_client_cert"`
ClientCAs []string `hcl:"client_cas"`
TitleFormat string `hcl:"title_format"`
EnableReconnect bool `hcl:"enable_reconnect"`
ReconnectTime int `hcl:"reconnect_time"`
@ -67,6 +71,8 @@ var DefaultOptions = Options{
EnableTLS: false,
TLSCrtFile: "~/.gotty.crt",
TLSKeyFile: "~/.gotty.key",
VerifyClientCert: false,
ClientCAs: []string{},
TitleFormat: "GoTTY - {{ .Command }} ({{ .Hostname }})",
EnableReconnect: false,
ReconnectTime: 10,
@ -191,9 +197,44 @@ func (app *App) Run() error {
}
}
serverMaker := func() *http.Server {
return &http.Server{
Addr: endpoint,
Handler: siteHandler}
}
if app.options.VerifyClientCert && app.options.EnableTLS {
serverMaker = func() *http.Server {
clientCaPool := x509.NewCertPool()
for _, path := range app.options.ClientCAs {
pem, err := ioutil.ReadFile(path)
if err != nil {
log.Printf("Could not read pem file at: " + path)
return nil
}
if clientCaPool.AppendCertsFromPEM(pem) {
log.Printf("Could not parse pem file at: " + path)
return nil
}
}
return &http.Server{
Addr: endpoint,
Handler: siteHandler,
TLSConfig: &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: clientCaPool,
PreferServerCipherSuites: true}}
}
}
server := serverMaker()
if server == nil {
log.Printf("Failed to build server.")
return errors.New("Failed to build server.")
}
var err error
app.server = manners.NewWithServer(
&http.Server{Addr: endpoint, Handler: siteHandler},
server,
)
if app.options.EnableTLS {
crtFile := ExpandHomeDir(app.options.TLSCrtFile)