apitls helper
This commit is contained in:
45
apitls/apitls.go
Normal file
45
apitls/apitls.go
Normal file
@@ -0,0 +1,45 @@
|
||||
package apitls
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
_ "embed"
|
||||
"errors"
|
||||
|
||||
"github.com/abh/certman"
|
||||
"go.ntppool.org/common/logger"
|
||||
)
|
||||
|
||||
//go:embed ca.pem
|
||||
var caBytes []byte
|
||||
|
||||
type CertificateProvider interface {
|
||||
GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
|
||||
GetClientCertificate(certRequestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error)
|
||||
}
|
||||
|
||||
func CAPool() (*x509.CertPool, error) {
|
||||
capool := x509.NewCertPool()
|
||||
if !capool.AppendCertsFromPEM(caBytes) {
|
||||
return nil, errors.New("credentials: failed to append certificates")
|
||||
}
|
||||
|
||||
return capool, nil
|
||||
}
|
||||
|
||||
// GetCertman sets up certman for the specified cert / key pair. It is
|
||||
// used in the monitor-api and (for now) in the client
|
||||
func GetCertman(certFile, keyFile string) (*certman.CertMan, error) {
|
||||
|
||||
cm, err := certman.New(certFile, keyFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
log := logger.NewStdLog("cm", false, nil)
|
||||
cm.Logger(log)
|
||||
err = cm.Watch()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return cm, nil
|
||||
}
|
||||
Reference in New Issue
Block a user