support for client certificate

run go fmt
This commit is contained in:
Johan Gall 2015-09-29 00:22:39 +09:00
parent 783254c3be
commit 7e11f664d9

View File

@ -2,6 +2,8 @@ package app
import (
"crypto/rand"
"crypto/tls"
"crypto/x509"
"encoding/base64"
"errors"
"io/ioutil"
@ -45,6 +47,8 @@ type Options struct {
EnableTLS bool `hcl:"enable_tls"`
TLSCrtFile string `hcl:"tls_crt_file"`
TLSKeyFile string `hcl:"tls_key_file"`
VerifyClientCert bool `hcl:"verify_client_cert"`
ClientCAs []string `hcl:"client_cas"`
TitleFormat string `hcl:"title_format"`
EnableReconnect bool `hcl:"enable_reconnect"`
ReconnectTime int `hcl:"reconnect_time"`
@ -64,6 +68,8 @@ var DefaultOptions = Options{
EnableTLS: false,
TLSCrtFile: "~/.gotty.crt",
TLSKeyFile: "~/.gotty.key",
VerifyClientCert: false,
ClientCAs: []string{},
TitleFormat: "GoTTY - {{ .Command }} ({{ .Hostname }})",
EnableReconnect: false,
ReconnectTime: 10,
@ -186,9 +192,44 @@ func (app *App) Run() error {
}
}
serverMaker := func() *http.Server {
return &http.Server{
Addr: endpoint,
Handler: siteHandler}
}
if app.options.VerifyClientCert && app.options.EnableTLS {
serverMaker = func() *http.Server {
clientCaPool := x509.NewCertPool()
for _, path := range app.options.ClientCAs {
pem, err := ioutil.ReadFile(path)
if err != nil {
log.Printf("Could not read pem file at: " + path)
return nil
}
if clientCaPool.AppendCertsFromPEM(pem) {
log.Printf("Could not parse pem file at: " + path)
return nil
}
}
return &http.Server{
Addr: endpoint,
Handler: siteHandler,
TLSConfig: &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: clientCaPool,
PreferServerCipherSuites: true}}
}
}
server := serverMaker()
if server == nil {
log.Printf("Failed to build server.")
return errors.New("Failed to build server.")
}
var err error
app.server = manners.NewWithServer(
&http.Server{Addr: endpoint, Handler: siteHandler},
server,
)
if app.options.EnableTLS {
crtFile := ExpandHomeDir(app.options.TLSCrtFile)