api: Extracted client cert & HTTP JSON Render to utils.

quay · Dec 4, 2015 · 9946382 · 9946382
1 parent 20a126c
commit 9946382
Show file tree

Hide file tree

Showing 8 changed files with 178 additions and 188 deletions.
diff --git a/api/api.go b/api/api.go
@@ -17,18 +17,16 @@
 package api
 
 import (
-	"io/ioutil"
 	"net"
 	"net/http"
 	"strconv"
 	"time"
 
-	"crypto/tls"
-	"crypto/x509"
-
 	"github.com/coreos/pkg/capnslog"
-	"github.com/coreos/clair/utils"
 	"github.com/tylerb/graceful"
+
+	"github.com/coreos/clair/utils"
+	httputils "github.com/coreos/clair/utils/http"
 )
 
 var log = capnslog.NewPackageLogger("github.com/coreos/clair", "api")
@@ -49,12 +47,20 @@ func RunMain(conf *Config, st *utils.Stopper) {
 		st.End()
 	}()
 
+	tlsConfig, err := httputils.LoadTLSClientConfigForServer(conf.CAFile)
+	if err != nil {
+		log.Fatalf("could not initialize client cert authentification: %s\n", err)
+	}
+	if tlsConfig != nil {
+		log.Info("api configured with client certificate authentification")
+	}
+
 	srv := &graceful.Server{
 		Timeout:          0,    // Already handled by our TimeOut middleware
 		NoSignalHandling: true, // We want to use our own Stopper
 		Server: &http.Server{
 			Addr:      ":" + strconv.Itoa(conf.Port),
-			TLSConfig: setupClientCert(conf.CAFile),
+			TLSConfig: tlsConfig,
 			Handler:   NewVersionRouter(conf.TimeOut),
 		},
 	}
@@ -102,25 +108,3 @@ func listenAndServeWithStopper(srv *graceful.Server, st *utils.Stopper, certFile
 		log.Fatal(err)
 	}
 }
-
-// setupClientCert creates a tls.Config instance using a CA file path
-// (if provided) and and calls log.Fatal if it does not exist.
-func setupClientCert(caFile string) *tls.Config {
-	if len(caFile) > 0 {
-		log.Info("API: Client Certificate Authentification Enabled")
-		caCert, err := ioutil.ReadFile(caFile)
-		if err != nil {
-			log.Fatal(err)
-		}
-		caCertPool := x509.NewCertPool()
-		caCertPool.AppendCertsFromPEM(caCert)
-		return &tls.Config{
-			ClientCAs:  caCertPool,
-			ClientAuth: tls.RequireAndVerifyClientCert,
-		}
-	}
-
-	return &tls.Config{
-		ClientAuth: tls.NoClientCert,
-	}
-}
diff --git a/api/jsonhttp/json.go b/api/jsonhttp/json.go
diff --git a/api/logic/general.go b/api/logic/general.go
@@ -20,18 +20,19 @@ import (
 	"net/http"
 	"strconv"
 
-	"github.com/coreos/clair/api/jsonhttp"
+	"github.com/julienschmidt/httprouter"
+
 	"github.com/coreos/clair/health"
+	httputils "github.com/coreos/clair/utils/http"
 	"github.com/coreos/clair/worker"
-	"github.com/julienschmidt/httprouter"
 )
 
 // Version is an integer representing the API version.
 const Version = 1
 
 // GETVersions returns API and Engine versions.
 func GETVersions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	jsonhttp.Render(w, http.StatusOK, struct {
+	httputils.WriteHTTP(w, http.StatusOK, struct {
 		APIVersion    string
 		EngineVersion string
 	}{
@@ -49,6 +50,6 @@ func GETHealth(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 		httpStatus = http.StatusServiceUnavailable
 	}
 
-	jsonhttp.Render(w, httpStatus, statuses)
+	httputils.WriteHTTP(w, httpStatus, statuses)
 	return
 }