Add acceptor support for receiving pre-loaded certificates

acceptor/tcp_acceptor.go

@@ -38,8 +38,7 @@ type TCPAcceptor struct {
 	connChan      chan PlayerConn
 	listener      net.Listener
 	running       bool
-	certFile      string
-	keyFile       string
+	certs         []tls.Certificate
 	proxyProtocol bool
 }
 
@@ -78,21 +77,26 @@ func (t *tcpPlayerConn) GetNextMessage() (b []byte, err error) {
 
 // NewTCPAcceptor creates a new instance of tcp acceptor
 func NewTCPAcceptor(addr string, certs ...string) *TCPAcceptor {
-	keyFile := ""
-	certFile := ""
+	certificates := []tls.Certificate{}
 	if len(certs) != 2 && len(certs) != 0 {
 		panic(constants.ErrInvalidCertificates)
 	} else if len(certs) == 2 {
-		certFile = certs[0]
-		keyFile = certs[1]
+		cert, err := tls.LoadX509KeyPair(certs[0], certs[1])
+		if err != nil {
+			panic(constants.ErrInvalidCertificates)
+		}
+		certificates = append(certificates, cert)
 	}
 
+	return NewTCP(addr, certificates...)
+}
+
+func NewTCP(addr string, certs ...tls.Certificate) *TCPAcceptor {
 	return &TCPAcceptor{
 		addr:          addr,
 		connChan:      make(chan PlayerConn),
 		running:       false,
-		certFile:      certFile,
-		keyFile:       keyFile,
+		certs:         certs,
 		proxyProtocol: false,
 	}
 }
@@ -117,13 +121,13 @@ func (a *TCPAcceptor) Stop() {
 }
 
 func (a *TCPAcceptor) hasTLSCertificates() bool {
-	return a.certFile != "" && a.keyFile != ""
+	return len(a.certs) > 0
 }
 
 // ListenAndServe using tcp acceptor
 func (a *TCPAcceptor) ListenAndServe() {
 	if a.hasTLSCertificates() {
-		a.ListenAndServeTLS(a.certFile, a.keyFile)
+		a.listenAndServeTLS()
 		return
 	}
 
@@ -143,7 +147,14 @@ func (a *TCPAcceptor) ListenAndServeTLS(cert, key string) {
 		logger.Log.Fatalf("Failed to listen: %s", err.Error())
 	}
 
-	tlsCfg := &tls.Config{Certificates: []tls.Certificate{crt}}
+	a.certs = append(a.certs, crt)
+
+	a.listenAndServeTLS()
+}
+
+// ListenAndServeTLS listens using tls
+func (a *TCPAcceptor) listenAndServeTLS() {
+	tlsCfg := &tls.Config{Certificates: a.certs}
 
 	listener, err := tls.Listen("tcp", a.addr, tlsCfg)
 	if err != nil {

acceptor/tcp_acceptor_test.go

@@ -40,7 +40,8 @@ var tcpAcceptorTables = []struct {
 	{"test_1", "0.0.0.0:0", []string{"./fixtures/server.crt", "./fixtures/server.key"}, nil},
 	{"test_2", "0.0.0.0:0", []string{}, nil},
 	{"test_3", "127.0.0.1:0", []string{"wqd"}, constants.ErrInvalidCertificates},
-	{"test_4", "127.0.0.1:0", []string{"wqd", "wqdqwd", "wqdqdqwd"}, constants.ErrInvalidCertificates},
+	{"test_4", "127.0.0.1:0", []string{"wqd", "wqdqwd"}, constants.ErrInvalidCertificates},
+	{"test_5", "127.0.0.1:0", []string{"wqd", "wqdqwd", "wqdqdqwd"}, constants.ErrInvalidCertificates},
 }
 
 func TestNewTCPAcceptorGetConnChanAndGetAddr(t *testing.T) {
@@ -58,11 +59,9 @@ func TestNewTCPAcceptorGetConnChanAndGetAddr(t *testing.T) {
 				})
 
 				if len(table.certs) == 2 {
-					assert.Equal(t, table.certs[0], a.certFile)
-					assert.Equal(t, table.certs[1], a.keyFile)
+					assert.Len(t, a.certs, 1)
 				} else {
-					assert.Equal(t, "", a.certFile)
-					assert.Equal(t, "", a.keyFile)
+					assert.Len(t, a.certs, 0)
 				}
 				assert.NotNil(t, a)
 			}