Implement loading of certificates from a directory
This commit is contained in:
parent
065ed828fb
commit
322e66ca1e
30
cert.go
30
cert.go
@ -10,6 +10,7 @@ import (
|
|||||||
"math/big"
|
"math/big"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
@ -33,10 +34,10 @@ func (c *CertificateStore) Lookup(hostname string) (*tls.Certificate, error) {
|
|||||||
if !ok {
|
if !ok {
|
||||||
return nil, ErrUnknownCertificate
|
return nil, ErrUnknownCertificate
|
||||||
}
|
}
|
||||||
// TODO: Ensure that the certificate is not expired
|
// Ensure that the certificate is not expired
|
||||||
// if expired {
|
if cert.Leaf != nil && cert.Leaf.NotAfter.Before(time.Now()) {
|
||||||
// return nil, ErrInvalidCertificate
|
return &cert, ErrInvalidCertificate
|
||||||
// }
|
}
|
||||||
return &cert, nil
|
return &cert, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -46,7 +47,22 @@ func (c *CertificateStore) Lookup(hostname string) (*tls.Certificate, error) {
|
|||||||
// For example, the hostname "localhost" would have the corresponding files
|
// For example, the hostname "localhost" would have the corresponding files
|
||||||
// localhost.crt (certificate) and localhost.key (private key).
|
// localhost.crt (certificate) and localhost.key (private key).
|
||||||
func (c *CertificateStore) Load(path string) error {
|
func (c *CertificateStore) Load(path string) error {
|
||||||
// TODO: Implement this
|
if c.store == nil {
|
||||||
|
c.store = map[string]tls.Certificate{}
|
||||||
|
}
|
||||||
|
matches, err := filepath.Glob(filepath.Join(path, "*.crt"))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
for _, crtPath := range matches {
|
||||||
|
keyPath := strings.TrimSuffix(crtPath, ".crt") + ".key"
|
||||||
|
cert, err := tls.LoadX509KeyPair(crtPath, keyPath)
|
||||||
|
if err != nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
hostname := filepath.Base(crtPath)
|
||||||
|
c.store[hostname] = cert
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -131,9 +147,9 @@ func NewRawCertificate(host string, duration time.Duration) (crt, key []byte, er
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// WriteCertificate writes the provided certificate and private key
|
// WriteX509KeyPair writes the provided certificate and private key
|
||||||
// to path.crt and path.key respectively.
|
// to path.crt and path.key respectively.
|
||||||
func WriteCertificate(path string, crt, key []byte) error {
|
func WriteX509KeyPair(path string, crt, key []byte) error {
|
||||||
// Write the certificate
|
// Write the certificate
|
||||||
crtPath := path + ".crt"
|
crtPath := path + ".crt"
|
||||||
crtOut, err := os.OpenFile(crtPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
crtOut, err := os.OpenFile(crtPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
||||||
|
@ -18,7 +18,7 @@ func main() {
|
|||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := gmi.WriteCertificate(host, crt, key); err != nil {
|
if err := gmi.WriteX509KeyPair(host, crt, key); err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user