-
Notifications
You must be signed in to change notification settings - Fork 60
/
mutual_tls.go
42 lines (35 loc) · 1.08 KB
/
mutual_tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package config
import (
"crypto/x509"
"encoding/pem"
"golang.ngrok.com/ngrok/internal/pb"
)
type mutualTLSEndpointOption []*x509.Certificate
// WithMutualTLSCA adds a list of [x509.Certificate]'s to use for mutual TLS
// authentication.
// These will be used to authenticate client certificates for requests at the
// ngrok edge.
//
// https://ngrok.com/docs/http/mutual-tls/
func WithMutualTLSCA(certs ...*x509.Certificate) interface {
HTTPEndpointOption
TLSEndpointOption
} {
return mutualTLSEndpointOption(certs)
}
func (opt mutualTLSEndpointOption) ApplyHTTP(opts *httpOptions) {
opts.MutualTLSCA = append(opts.MutualTLSCA, opt...)
}
func (opt mutualTLSEndpointOption) ApplyTLS(opts *tlsOptions) {
opts.MutualTLSCA = append(opts.MutualTLSCA, opt...)
}
func (cfg mutualTLSEndpointOption) toProtoConfig() *pb.MiddlewareConfiguration_MutualTLS {
if cfg == nil {
return nil
}
opts := &pb.MiddlewareConfiguration_MutualTLS{}
for _, cert := range cfg {
opts.MutualTlsCa = append(opts.MutualTlsCa, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})...)
}
return opts
}