-
Notifications
You must be signed in to change notification settings - Fork 795
/
confighook.go
75 lines (66 loc) · 2.43 KB
/
confighook.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package mtls
import (
"crypto/x509"
"fmt"
"io/ioutil"
"strings"
"mosn.io/mosn/pkg/mtls/crypto/tls"
)
type defaultConfigHooks struct{}
// DefaultConfigHooks returns the default config hooks implement
func DefaultConfigHooks() ConfigHooks {
return &defaultConfigHooks{}
}
// GetCertificate returns certificate if the index is cert/key file or pem string
func (hook *defaultConfigHooks) GetCertificate(certIndex, keyIndex string) (tls.Certificate, error) {
if certIndex == "" || keyIndex == "" {
return tls.Certificate{}, ErrorNoCertConfigure
}
if strings.Contains(certIndex, "-----BEGIN") && strings.Contains(keyIndex, "-----BEGIN") {
return tls.X509KeyPair([]byte(certIndex), []byte(keyIndex))
}
return tls.LoadX509KeyPair(certIndex, keyIndex)
}
// GetX509Pool returns a CertPool with index's file or pem srting
func (hook *defaultConfigHooks) GetX509Pool(caIndex string) (*x509.CertPool, error) {
if caIndex == "" {
return nil, nil
}
var caBytes []byte
var err error
if strings.Contains(caIndex, "-----BEGIN") {
caBytes = []byte(caIndex)
} else {
caBytes, err = ioutil.ReadFile(caIndex)
}
if err != nil {
return nil, fmt.Errorf("load ca certificate error: %v", err)
}
pool := x509.NewCertPool()
if ok := pool.AppendCertsFromPEM(caBytes); !ok {
return nil, fmt.Errorf("load ca certificate error: no certificate")
}
return pool, nil
}
func (hook *defaultConfigHooks) ServerHandshakeVerify(cfg *tls.Config) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
return nil
}
func (hook *defaultConfigHooks) ClientHandshakeVerify(cfg *tls.Config) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
return nil
}