This repository has been archived by the owner on Dec 10, 2018. It is now read-only.
/
listener.go
112 lines (96 loc) · 2.62 KB
/
listener.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package server
import (
"crypto/tls"
"crypto/x509"
"io/ioutil"
"net"
"net/http"
bosherr "github.com/cloudfoundry/bosh-utils/errors"
boshlog "github.com/cloudfoundry/bosh-utils/logger"
)
const listenerLogTag = "RegistryServerListener"
type Listener struct {
config Config
handler *InstanceHandler
logger boshlog.Logger
listener net.Listener
}
func NewListener(
config Config,
handler *InstanceHandler,
logger boshlog.Logger,
) Listener {
return Listener{
config: config,
handler: handler,
logger: logger,
}
}
func (l *Listener) ListenAndServe() <-chan error {
errChan := make(chan error, 1)
tcpListener, err := net.ListenTCP(
"tcp",
&net.TCPAddr{
IP: net.ParseIP(l.config.Address),
Port: l.config.Port,
},
)
if err != nil {
errChan <- bosherr.WrapError(err, "Starting Registry TCP Listener")
return errChan
}
if l.config.Protocol == "https" {
certificates, err := tls.LoadX509KeyPair(l.config.TLS.CertFile, l.config.TLS.KeyFile)
if err != nil {
errChan <- bosherr.WrapError(err, "Loading X509 Key Pair")
return errChan
}
certPool := x509.NewCertPool()
if l.config.TLS.CACertFile != "" {
caCert, err := ioutil.ReadFile(l.config.TLS.CACertFile)
if err != nil {
errChan <- bosherr.WrapError(err, "Loading CA certificate")
return errChan
}
if !certPool.AppendCertsFromPEM(caCert) {
errChan <- bosherr.WrapError(err, "Invalid CA Certificate")
return errChan
}
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{certificates},
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: certPool,
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
},
PreferServerCipherSuites: true,
SessionTicketsDisabled: true,
}
l.listener = tls.NewListener(tcpListener, tlsConfig)
} else {
l.listener = tcpListener
}
httpServer := http.Server{}
mux := http.NewServeMux()
mux.HandleFunc("/instances/", l.handler.HandleFunc)
httpServer.Handler = mux
l.logger.Debug(listenerLogTag, "Starting Registry Server at %s://%s:%d", l.config.Protocol, l.config.Address, l.config.Port)
go func() {
err := httpServer.Serve(l.listener)
errChan <- err
}()
return errChan
}
func (l *Listener) Stop() {
l.logger.Debug(listenerLogTag, "Stopping Registry Server")
l.listener.Close()
}