-
Notifications
You must be signed in to change notification settings - Fork 60
/
tls_termination.go
85 lines (76 loc) · 2.43 KB
/
tls_termination.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package config
type TLSTerminationLocation int
const (
// Terminate TLS at the ngrok edge. The backend will receive a plaintext
// stream.
TLSAtEdge TLSTerminationLocation = iota
// Terminate TLS in the ngrok library. The library will receive the
// handshake and perform TLS termination, and the backend will receive the
// plaintext stream.
// TODO: export this once implemented
tlsAtLibrary
)
type tlsTermination struct {
location TLSTerminationLocation
key []byte
cert []byte
}
func (tt tlsTermination) ApplyTLS(cfg *tlsOptions) {
switch tt.location {
case tlsAtLibrary:
cfg.KeyPEM = nil
cfg.CertPEM = nil
// TODO: implement this in the tunnel `Accept` call.
panic("automatic tls termination in-app is not yet supported")
case TLSAtEdge:
cfg.terminateAtEdge = true
cfg.KeyPEM = tt.key
cfg.CertPEM = tt.cert
return
}
}
type TLSTerminationOption func(tt *tlsTermination)
// WithTLSTermination arranges for incoming TLS connections to be automatically terminated.
// The backend will then receive plaintext streams, rather than raw TLS connections.
// Defaults to terminating TLS at the ngrok edge with an automatically-provisioned keypair.
//
// https://ngrok.com/docs/tls/tls-termination/
func WithTLSTermination(opts ...TLSTerminationOption) TLSEndpointOption {
tt := tlsTermination{
location: TLSAtEdge,
key: []byte{},
cert: []byte{},
}
for _, opt := range opts {
opt(&tt)
}
return tt
}
// WithTermination sets the key and certificate in PEM format for TLS termination at the ngrok
// edge.
//
// Deprecated: Use WithCustomEdgeTermination instead.
func WithTermination(certPEM, keyPEM []byte) TLSEndpointOption {
return tlsOptionFunc(func(cfg *tlsOptions) {
cfg.terminateAtEdge = true
cfg.CertPEM = certPEM
cfg.KeyPEM = keyPEM
})
}
// WithTLSTerminationAt determines where TLS termination should occur.
// Currently, only `TLSAtEdge` is supported.
func WithTLSTerminationAt(location TLSTerminationLocation) TLSTerminationOption {
return TLSTerminationOption(func(cfg *tlsTermination) {
cfg.location = location
})
}
// WithTLSTerminationKeyPair sets a custom key and certificate in PEM format for
// TLS termination.
// If terminating at the ngrok edge, this uploads the private key and
// certificate to the ngrok servers.
func WithTLSTerminationKeyPair(certPEM, keyPEM []byte) TLSTerminationOption {
return TLSTerminationOption(func(cfg *tlsTermination) {
cfg.cert = certPEM
cfg.key = keyPEM
})
}