-
Notifications
You must be signed in to change notification settings - Fork 471
/
Tls.go
76 lines (70 loc) · 2.09 KB
/
Tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/*
* Copyright (c) 2020 Devtron Labs
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package argocdServer
import (
"crypto/ecdsa"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"fmt"
"google.golang.org/grpc/credentials"
"os"
)
func GetTLS(cert *tls.Certificate) credentials.TransportCredentials {
//These certificates are to be read from secret create by argocd
//cert, err := tls.X509KeyPair([]byte(TLSCert), []byte(TLSKey))
//if err != nil {
// log.Fatal(err)
//}
certPool := x509.NewCertPool()
pemCertBytes, _ := EncodeX509KeyPair(*cert)
ok := certPool.AppendCertsFromPEM(pemCertBytes)
if !ok {
panic("bad certs")
}
/* #nosec */
tlsConfig := &tls.Config{
RootCAs: certPool,
}
dCreds := credentials.NewTLS(tlsConfig)
return dCreds
}
// EncodeX509KeyPair encodes a TLS Certificate into its pem encoded format for storage
func EncodeX509KeyPair(cert tls.Certificate) ([]byte, []byte) {
certpem := []byte{}
for _, certtmp := range cert.Certificate {
certpem = append(certpem, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certtmp})...)
}
keypem := pem.EncodeToMemory(pemBlockForKey(cert.PrivateKey))
return certpem, keypem
}
func pemBlockForKey(priv interface{}) *pem.Block {
switch k := priv.(type) {
case *rsa.PrivateKey:
return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
case *ecdsa.PrivateKey:
b, err := x509.MarshalECPrivateKey(k)
if err != nil {
fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err)
os.Exit(2)
}
return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
default:
return nil
}
}