Add client certificate fields to the configuration struct

Add relevant logic
This commit is contained in:
Andrea Lusuardi - uovobw 2015-09-30 19:06:55 +02:00
parent 5eb5959c93
commit 7321b43f67

View File

@ -2,6 +2,8 @@ package app
import ( import (
"crypto/rand" "crypto/rand"
"crypto/tls"
"crypto/x509"
"encoding/base64" "encoding/base64"
"errors" "errors"
"io/ioutil" "io/ioutil"
@ -34,41 +36,47 @@ type App struct {
} }
type Options struct { type Options struct {
Address string `hcl:"address"` Address string `hcl:"address"`
Port string `hcl:"port"` Port string `hcl:"port"`
PermitWrite bool `hcl:"permit_write"` PermitWrite bool `hcl:"permit_write"`
EnableBasicAuth bool `hcl:"enable_basic_auth"` EnableBasicAuth bool `hcl:"enable_basic_auth"`
Credential string `hcl:"credential"` Credential string `hcl:"credential"`
EnableRandomUrl bool `hcl:"enable_random_url"` EnableRandomUrl bool `hcl:"enable_random_url"`
RandomUrlLength int `hcl:"random_url_length"` RandomUrlLength int `hcl:"random_url_length"`
IndexFile string `hcl:"index_file"` IndexFile string `hcl:"index_file"`
EnableTLS bool `hcl:"enable_tls"` EnableTLS bool `hcl:"enable_tls"`
TLSCrtFile string `hcl:"tls_crt_file"` TLSCrtFile string `hcl:"tls_crt_file"`
TLSKeyFile string `hcl:"tls_key_file"` TLSKeyFile string `hcl:"tls_key_file"`
TitleFormat string `hcl:"title_format"` EnableClientCertificate bool `hcl:"enable_client_certificate"`
EnableReconnect bool `hcl:"enable_reconnect"` ClientCAFile string `hcl:"client_ca_file"`
ReconnectTime int `hcl:"reconnect_time"` EnableClientCertificateVerification bool `hcl:"enable_client_certificate_verification"`
Once bool `hcl:"once"` TitleFormat string `hcl:"title_format"`
Preferences map[string]interface{} `hcl:"preferences"` EnableReconnect bool `hcl:"enable_reconnect"`
ReconnectTime int `hcl:"reconnect_time"`
Once bool `hcl:"once"`
Preferences map[string]interface{} `hcl:"preferences"`
} }
var DefaultOptions = Options{ var DefaultOptions = Options{
Address: "", Address: "",
Port: "8080", Port: "8080",
PermitWrite: false, PermitWrite: false,
EnableBasicAuth: false, EnableBasicAuth: false,
Credential: "", Credential: "",
EnableRandomUrl: false, EnableRandomUrl: false,
RandomUrlLength: 8, RandomUrlLength: 8,
IndexFile: "", IndexFile: "",
EnableTLS: false, EnableTLS: false,
TLSCrtFile: "~/.gotty.crt", TLSCrtFile: "~/.gotty.crt",
TLSKeyFile: "~/.gotty.key", TLSKeyFile: "~/.gotty.key",
TitleFormat: "GoTTY - {{ .Command }} ({{ .Hostname }})", EnableClientCertificate: false,
EnableReconnect: false, ClientCAFile: "~/.gotty.ca.crt",
ReconnectTime: 10, EnableClientCertificateVerification: false,
Once: false, TitleFormat: "GoTTY - {{ .Command }} ({{ .Hostname }})",
Preferences: make(map[string]interface{}), EnableReconnect: false,
ReconnectTime: 10,
Once: false,
Preferences: make(map[string]interface{}),
} }
func New(command []string, options *Options) (*App, error) { func New(command []string, options *Options) (*App, error) {
@ -195,6 +203,28 @@ func (app *App) Run() error {
keyFile := ExpandHomeDir(app.options.TLSKeyFile) keyFile := ExpandHomeDir(app.options.TLSKeyFile)
log.Printf("TLS crt file: " + crtFile) log.Printf("TLS crt file: " + crtFile)
log.Printf("TLS key file: " + keyFile) log.Printf("TLS key file: " + keyFile)
if app.options.EnableClientCertificate {
caFile := ExpandHomeDir(app.options.ClientCAFile)
log.Printf("Client CA file: " + caFile)
caCert, err := ioutil.ReadFile(caFile)
if err != nil {
return errors.New("Cannot open CA file " + caFile)
}
caCertPool := x509.NewCertPool()
if !caCertPool.AppendCertsFromPEM(caCert) {
return errors.New("Cannot parse CA file data in " + caFile)
}
tlsVerifyPolicy := tls.RequireAnyClientCert
if app.options.EnableClientCertificateVerification {
log.Print("Enabling verification of client certificate")
tlsVerifyPolicy = tls.RequireAndVerifyClientCert
}
tlsConfig := &tls.Config{
ClientCAs: caCertPool,
ClientAuth: tlsVerifyPolicy,
}
app.server.TLSConfig = tlsConfig
}
err = app.server.ListenAndServeTLS(crtFile, keyFile) err = app.server.ListenAndServeTLS(crtFile, keyFile)
} else { } else {
err = app.server.ListenAndServe() err = app.server.ListenAndServe()