/
https.go
99 lines (90 loc) · 3.09 KB
/
https.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package netservice
import (
"crypto/tls"
"errors"
"fmt"
"net/http"
)
func NewHttpsServer() *HttpsServer {
return &HttpsServer{}
}
//certificate config
type CertificateConfig struct {
Domain string
CertFile string
KeyFile string
}
//https server
type HttpsServer struct {
http.Server
//If GetCertificate is set, the leaf certificate is returned by calling this function.
GetCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error)
}
//If the GetCertificate field is not set, defaultGetCertificate will be used as the default value
func (self *HttpsServer) defaultGetCertificate(clientInfo *tls.ClientHelloInfo) (*tls.Certificate, error) {
if x509Cert, ok := self.TLSConfig.NameToCertificate[clientInfo.ServerName]; ok {
return x509Cert, nil
}
clientInfo.Conn.Close()
return nil, errors.New("Did't find the specified digital certificate")
}
//Add the certificate to the tls.Config.Certificates list, and add the domain name mapping
func (self *HttpsServer) AddDomainCertificateItem(domain, certFile, keyFile string) error {
if domain == "" || certFile == "" || keyFile == "" {
errMsg := fmt.Sprintf(
"The parameters of the addDomainCertificate function are incorrect!,Domain:%s,certFile:%s,keyFile:%s",
domain,
certFile,
keyFile)
return errors.New(errMsg)
}
if x509Cert, err := tls.LoadX509KeyPair(certFile, keyFile); err != nil {
return err
} else {
if self.TLSConfig == nil {
self.TLSConfig = &tls.Config{}
}
if self.TLSConfig.NameToCertificate == nil {
self.TLSConfig.NameToCertificate = make(map[string]*tls.Certificate)
}
self.TLSConfig.Certificates = append(self.TLSConfig.Certificates, x509Cert)
self.TLSConfig.NameToCertificate[domain] = &x509Cert
}
return nil
}
//Add the certificate to the tls.Config.Certificates list, and add the domain name mapping
func (self *HttpsServer) AddDomainCertificateConfig(config []*CertificateConfig) error {
for _, v := range config {
if err := self.AddDomainCertificateItem(v.Domain, v.CertFile, v.KeyFile); err != nil {
return err
}
}
return nil
}
//Check the legitimacy of https access
func (self *HttpsServer) checkValidHttpsReq(host string) bool {
if _, ok := self.TLSConfig.NameToCertificate[host]; ok {
return true
}
return false
}
//Start the https server
//If the two parameters certFile and keyFile are empty,
//you must call the addDomainCertificate function or the addDomainCertificate function
//to add a list of digital certificates to multiple certificates list
func (self *HttpsServer) RunHttpsService(addr, certFile, keyFile string, handler http.Handler) error {
self.Addr = addr
self.Handler = handler
if self.TLSConfig == nil {
self.TLSConfig = &tls.Config{}
}
if self.GetCertificate != nil {
self.TLSConfig.GetCertificate = self.GetCertificate
} else {
self.TLSConfig.GetCertificate = self.defaultGetCertificate
}
if self.GetCertificate == nil && self.TLSConfig == nil {
return errors.New("RunHttpsService:No Https configuration,Please call AddDomainCertificateConfig AddDomainCertificateItem or AddDomainCertificateItem function......")
}
return self.ListenAndServeTLS(certFile, keyFile)
}