Skip to content

Commit c5045da

Browse files
f0sself0ssel
authored
interfaces (#20)
1 parent 8bec098 commit c5045da

File tree

2 files changed

+37
-33
lines changed

2 files changed

+37
-33
lines changed

jail.go

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package jail
22

33
import (
44
"context"
5+
cryptotls "crypto/tls"
56
"fmt"
67
"log/slog"
78
"os/exec"
@@ -10,7 +11,6 @@ import (
1011

1112
"github.com/coder/jail/namespace"
1213
"github.com/coder/jail/proxy"
13-
"github.com/coder/jail/tls"
1414
)
1515

1616
type Commander interface {
@@ -19,19 +19,23 @@ type Commander interface {
1919
Close() error
2020
}
2121

22+
type CertificateManager interface {
23+
SetupTLSAndWriteCACert() (*cryptotls.Config, string, string, error)
24+
}
25+
2226
type Config struct {
2327
RuleEngine proxy.RuleEvaluator
2428
Auditor proxy.Auditor
25-
CertManager *tls.CertificateManager
29+
CertManager CertificateManager
2630
Logger *slog.Logger
2731
}
2832

2933
type Jail struct {
30-
commandExecutor Commander
31-
proxyServer *proxy.ProxyServer
32-
logger *slog.Logger
33-
ctx context.Context
34-
cancel context.CancelFunc
34+
commander Commander
35+
proxyServer *proxy.ProxyServer
36+
logger *slog.Logger
37+
ctx context.Context
38+
cancel context.CancelFunc
3539
}
3640

3741
func New(ctx context.Context, config Config) (*Jail, error) {
@@ -75,17 +79,17 @@ func New(ctx context.Context, config Config) (*Jail, error) {
7579
ctx, cancel := context.WithCancel(ctx)
7680

7781
return &Jail{
78-
commandExecutor: commander,
79-
proxyServer: proxyServer,
80-
logger: config.Logger,
81-
ctx: ctx,
82-
cancel: cancel,
82+
commander: commander,
83+
proxyServer: proxyServer,
84+
logger: config.Logger,
85+
ctx: ctx,
86+
cancel: cancel,
8387
}, nil
8488
}
8589

8690
func (j *Jail) Start() error {
8791
// Open the command executor (network namespace)
88-
err := j.commandExecutor.Start()
92+
err := j.commander.Start()
8993
if err != nil {
9094
return fmt.Errorf("failed to open command executor: %v", err)
9195
}
@@ -105,7 +109,7 @@ func (j *Jail) Start() error {
105109
}
106110

107111
func (j *Jail) Command(command []string) *exec.Cmd {
108-
return j.commandExecutor.Command(command)
112+
return j.commander.Command(command)
109113
}
110114

111115
func (j *Jail) Close() error {
@@ -118,7 +122,7 @@ func (j *Jail) Close() error {
118122
}
119123

120124
// Close command executor
121-
return j.commandExecutor.Close()
125+
return j.commander.Close()
122126
}
123127

124128
// newCommander creates a new NetJail instance for the current platform

tls/tls.go

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -51,22 +51,6 @@ func NewCertificateManager(logger *slog.Logger) (*CertificateManager, error) {
5151
return cm, nil
5252
}
5353

54-
// GetTLSConfig returns a TLS config that generates certificates on-demand
55-
func (cm *CertificateManager) GetTLSConfig() *tls.Config {
56-
return &tls.Config{
57-
GetCertificate: cm.getCertificate,
58-
MinVersion: tls.VersionTLS12,
59-
}
60-
}
61-
62-
// GetCACertPEM returns the CA certificate in PEM format
63-
func (cm *CertificateManager) GetCACertPEM() ([]byte, error) {
64-
return pem.EncodeToMemory(&pem.Block{
65-
Type: "CERTIFICATE",
66-
Bytes: cm.caCert.Raw,
67-
}), nil
68-
}
69-
7054
// SetupTLSAndWriteCACert sets up TLS config and writes CA certificate to file
7155
// Returns the TLS config, CA cert path, and config directory
7256
func (cm *CertificateManager) SetupTLSAndWriteCACert() (*tls.Config, string, string, error) {
@@ -77,10 +61,10 @@ func (cm *CertificateManager) SetupTLSAndWriteCACert() (*tls.Config, string, str
7761
}
7862

7963
// Get TLS config
80-
tlsConfig := cm.GetTLSConfig()
64+
tlsConfig := cm.getTLSConfig()
8165

8266
// Get CA certificate PEM
83-
caCertPEM, err := cm.GetCACertPEM()
67+
caCertPEM, err := cm.getCACertPEM()
8468
if err != nil {
8569
return nil, "", "", fmt.Errorf("failed to get CA certificate: %v", err)
8670
}
@@ -111,6 +95,22 @@ func (cm *CertificateManager) loadOrGenerateCA() error {
11195
return cm.generateCA(caKeyPath, caCertPath)
11296
}
11397

98+
// getTLSConfig returns a TLS config that generates certificates on-demand
99+
func (cm *CertificateManager) getTLSConfig() *tls.Config {
100+
return &tls.Config{
101+
GetCertificate: cm.getCertificate,
102+
MinVersion: tls.VersionTLS12,
103+
}
104+
}
105+
106+
// getCACertPEM returns the CA certificate in PEM format
107+
func (cm *CertificateManager) getCACertPEM() ([]byte, error) {
108+
return pem.EncodeToMemory(&pem.Block{
109+
Type: "CERTIFICATE",
110+
Bytes: cm.caCert.Raw,
111+
}), nil
112+
}
113+
114114
// loadExistingCA attempts to load existing CA files
115115
func (cm *CertificateManager) loadExistingCA(keyPath, certPath string) bool {
116116
// Check if files exist

0 commit comments

Comments
 (0)