apitls helper
This commit is contained in:
parent
cc6a6c0320
commit
fb5e781e94
45
apitls/apitls.go
Normal file
45
apitls/apitls.go
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
package apitls
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
|
_ "embed"
|
||||||
|
"errors"
|
||||||
|
|
||||||
|
"github.com/abh/certman"
|
||||||
|
"go.ntppool.org/common/logger"
|
||||||
|
)
|
||||||
|
|
||||||
|
//go:embed ca.pem
|
||||||
|
var caBytes []byte
|
||||||
|
|
||||||
|
type CertificateProvider interface {
|
||||||
|
GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
|
||||||
|
GetClientCertificate(certRequestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
func CAPool() (*x509.CertPool, error) {
|
||||||
|
capool := x509.NewCertPool()
|
||||||
|
if !capool.AppendCertsFromPEM(caBytes) {
|
||||||
|
return nil, errors.New("credentials: failed to append certificates")
|
||||||
|
}
|
||||||
|
|
||||||
|
return capool, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetCertman sets up certman for the specified cert / key pair. It is
|
||||||
|
// used in the monitor-api and (for now) in the client
|
||||||
|
func GetCertman(certFile, keyFile string) (*certman.CertMan, error) {
|
||||||
|
|
||||||
|
cm, err := certman.New(certFile, keyFile)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
log := logger.NewStdLog("cm", false, nil)
|
||||||
|
cm.Logger(log)
|
||||||
|
err = cm.Watch()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return cm, nil
|
||||||
|
}
|
||||||
45
apitls/ca.pem
Normal file
45
apitls/ca.pem
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
# ca.ntppool.org root
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDPjCCAiagAwIBAgIUQVMc/U43K+90+J9fuNzHKWaxdM8wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwGTEXMBUGA1UEAxMOY2EubnRwcG9vbC5vcmcwHhcNMjEwODE5MDA1MzU2WhcN
|
||||||
|
MzEwODE3MDA1NDI1WjAZMRcwFQYDVQQDEw5jYS5udHBwb29sLm9yZzCCASIwDQYJ
|
||||||
|
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2PR1iFODcYVZ6oepByjI6FZ8epM8r1
|
||||||
|
0xaUgZn83O1tOjxqST3R5UYYajVorOVsHfFwCPNlR3idBi6GEPPXq6KIWbwoRCfZ
|
||||||
|
bi7W2DvJG96RHXU1QlEZRp8KLsq8v3VGEeQl8J2N5BZVHcJVahvWR+hANMlvbKGk
|
||||||
|
XqYClImPO7sCxppHIadVQsWimfxkiqAPzXnH4sUZsWOz0Z0mxJzgM/lbzfxKc/wI
|
||||||
|
nE4OA2dY+SYjvwtnqoQk+GATp/SW9fi0naogXpAZQ66A3JHCojgc8UyuRZuritLT
|
||||||
|
VFV1gXtJjT4e9PGlYOF0pAAQfZtToN5h35O9d8KQ3ANy0fi/PoRhiP8CAwEAAaN+
|
||||||
|
MHwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFO4g
|
||||||
|
l4s+T/kutNRupAFOML56QNpyMB8GA1UdIwQYMBaAFO4gl4s+T/kutNRupAFOML56
|
||||||
|
QNpyMBkGA1UdEQQSMBCCDmNhLm50cHBvb2wub3JnMA0GCSqGSIb3DQEBCwUAA4IB
|
||||||
|
AQACZfcpV6SMyItG4h71x58sCvuLWGd35Q0EKh4jWqq+5VKjHJkxAer+Q9D4VU5Q
|
||||||
|
ZoFIBRwDEXMd1O9wik8byc9DAYAIP96/iolPesCKygHBD5ijP7PPpZrT1bkYxa2M
|
||||||
|
K07cBgMWiSJ7uIK4ts49/MOwwbvk3SSGcx+OgghNzlNRgt2l/kEU1BkMplkQO4m5
|
||||||
|
EpgbpNPkonaOwA9MUvF4oWYzy7zICcUR9d1omCsy/9eA3pLNNoUIzkYp2NnWHooS
|
||||||
|
sbGknkQhe7ONqV2bIIVkANdDVkzRfRfWCmZdbr0s1rbmJOHRbINW9oY7uB6oPp5g
|
||||||
|
MQBzqrVek5I75ZU3lMajUICZ
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
# ca.ntppool.org -- servers sub CA
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDnjCCAoagAwIBAgIUW4mGdSTZaOd89zLzGzH2TMnYFxgwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwGTEXMBUGA1UEAxMOY2EubnRwcG9vbC5vcmcwHhcNMjEwODE5MDMwOTIyWhcN
|
||||||
|
MjYwODE4MDMwOTUyWjAuMSwwKgYDVQQDEyNjYS5udHBwb29sLm9yZyBzdWItc3lz
|
||||||
|
dGVtIGF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKfA
|
||||||
|
y/z6C0L9T9i6kif9LPkjwOpAz69a+kDIVuuAC84NJgqLvEDEwRl4l/bpJR1MC509
|
||||||
|
x4WUxIrAKinT2y1Olj+oEjTR+asvgXcxhjX5fup9ywDQW75om0ARDCUWg6gN5SX7
|
||||||
|
NksZEMcHr7N48GyA76EpmRFU+yGt4rIpCo6EAG+lzhRdB6YS71zSHl1TQ6sZ4oIl
|
||||||
|
JYPediXmG+TDvxJWlVOr/eKwgFruL6T/vQ/HTBpo04KTOEt2imnNYZPF2FjHMXP3
|
||||||
|
3ql90VcqzYJI2/DhAa38bkB40Z3Jz8Zp0mvXMMfF0cEYqmnSXPYaiBFpRJjk742s
|
||||||
|
zaya2+meE1P8+zQHiQcCAwEAAaOByDCBxTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
|
||||||
|
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUilIROXDi5YJ2vdp6JaFbT+1P7GEwHwYDVR0j
|
||||||
|
BBgwFoAU7iCXiz5P+S601G6kAU4wvnpA2nIwNQYIKwYBBQUHAQEEKTAnMCUGCCsG
|
||||||
|
AQUFBzAChhlodHRwczovL2NhLm50cHBvb2wub3JnL2NhMCsGA1UdHwQkMCIwIKAe
|
||||||
|
oByGGmh0dHBzOi8vY2EubnRwcG9vbC5vcmcvY3JsMA0GCSqGSIb3DQEBCwUAA4IB
|
||||||
|
AQC+XthXZr1kGgfRxlP6sumbzeIFBcZgMoKlMUImjZjMdmov0ZwDAmdqO27GuhwU
|
||||||
|
T5gVcp6D1EmgzYKTb2QgLr4pnfy28St8oF3UFD9GMZjJH4xrnE4emQqZhQBYrfSg
|
||||||
|
KRbwZl5x9ZnYju433/6rBBfHnpoc9FyqtYF8V8OXprtiYBn/mT3gnM2otd3WJW+B
|
||||||
|
ar9V59Au0kHSkJJR/y59TPOiXAHih2wHXTKSZgKtSI9Lgqb81TDtobY5Xf+xuMlb
|
||||||
|
UxrW/IuQWHEC1p1hXHWYs1amxLCGFpH934uM3NladEaQaAvGOE6zYCbL54+xUvU4
|
||||||
|
jcwQMhg44B7rPwJ5OS0d4x+G
|
||||||
|
-----END CERTIFICATE-----
|
||||||
Loading…
x
Reference in New Issue
Block a user