func listener(addr, cafile, certfile, keyfile string) (net.Listener, error) {
rex := regexp.MustCompile("(?:([a-z]+)://)?(.*)")
groups := rex.FindStringSubmatch(addr)
var l net.Listener
var err error
switch {
case groups == nil:
return nil, fmt.Errorf("bad listener address")
case groups[1] == "", groups[1] == "tcp":
if l, err = net.Listen("tcp", groups[2]); err != nil {
return nil, err
}
case groups[1] == "fd":
if l, err = fdListener(groups[2]); err != nil {
return nil, err
}
default:
return nil, fmt.Errorf("bad listener scheme")
}
tlsinfo := transport.TLSInfo{
CAFile: cafile,
CertFile: certfile,
KeyFile: keyfile,
}
if !tlsinfo.Empty() {
cfg, err := tlsinfo.ServerConfig()
if err != nil {
return nil, err
}
l = tls.NewListener(l, cfg)
}
return l, nil
}
// newSecuredLocalListener opens a port localhost using any port
// with SSL enable
func newSecuredLocalListener(t *testing.T, certFile, keyFile, caFile string) net.Listener {
var l net.Listener
l, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
t.Fatal(err)
}
tlsInfo := transport.TLSInfo{
CertFile: certFile,
KeyFile: keyFile,
CAFile: caFile,
}
tlscfg, err := tlsInfo.ServerConfig()
if err != nil {
t.Fatalf("unexpected serverConfig error: %v", err)
}
l, err = transport.NewKeepAliveListener(l, "https", tlscfg)
if err != nil {
t.Fatal(err)
}
return l
}