Add preliminary CertificateStore API
This commit is contained in:
parent
872f6e2683
commit
6458420454
15
client.go
15
client.go
@ -170,6 +170,13 @@ type Client struct {
|
||||
// KnownHosts is a list of known hosts that the client trusts.
|
||||
KnownHosts *KnownHosts
|
||||
|
||||
// CertificateStore contains all the certificates that the client has stored.
|
||||
CertificateStore *CertificateStore
|
||||
|
||||
// GetCertificate, if not nil, will be called to determine which certificate
|
||||
// (if any) should be used for a request.
|
||||
GetCertificate func(req *Request, store *CertificateStore) *tls.Certificate
|
||||
|
||||
// TrustCertificate, if not nil, will be called to determine whether the
|
||||
// client should trust the given certificate.
|
||||
// If error is not nil, the connection will be aborted.
|
||||
@ -183,6 +190,14 @@ func (c *Client) Send(req *Request) (*Response, error) {
|
||||
InsecureSkipVerify: true,
|
||||
MinVersion: tls.VersionTLS12,
|
||||
Certificates: []tls.Certificate{req.Certificate},
|
||||
GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
|
||||
if c.GetCertificate != nil {
|
||||
if cert := c.GetCertificate(req, c.CertificateStore); cert != nil {
|
||||
return cert, nil
|
||||
}
|
||||
}
|
||||
return &req.Certificate, nil
|
||||
},
|
||||
VerifyPeerCertificate: func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
|
||||
// Parse the certificate
|
||||
cert, err := x509.ParseCertificate(rawCerts[0])
|
||||
|
24
store.go
Normal file
24
store.go
Normal file
@ -0,0 +1,24 @@
|
||||
package gemini
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
)
|
||||
|
||||
// CertificateStore maps hostnames to certificates.
|
||||
type CertificateStore struct {
|
||||
store map[string]*x509.Certificate // map of hostnames to certificates
|
||||
}
|
||||
|
||||
func NewCertificateStore() *CertificateStore {
|
||||
return &CertificateStore{
|
||||
store: map[string]*x509.Certificate{},
|
||||
}
|
||||
}
|
||||
|
||||
func (c *CertificateStore) Put(hostname string, cert *x509.Certificate) {
|
||||
c.store[hostname] = cert
|
||||
}
|
||||
|
||||
func (c *CertificateStore) Get(hostname string) *x509.Certificate {
|
||||
return c.store[hostname]
|
||||
}
|
Loading…
Reference in New Issue
Block a user