Пример #1
0
// optionally sets up TLS for the server - if no TLS configuration is
// specified, TLS is not enabled.
func serverTLS(configuration *viper.Viper) (*tls.Config, error) {
	tlsCertFile := configuration.GetString("server.tls_cert_file")
	tlsKeyFile := configuration.GetString("server.tls_key_file")

	if tlsCertFile == "" && tlsKeyFile == "" {
		return nil, nil
	} else if tlsCertFile == "" || tlsKeyFile == "" {
		return nil, fmt.Errorf("Partial TLS configuration found. Either include both a cert and key file in the configuration, or include neither to disable TLS.")
	}

	tlsConfig, err := utils.ConfigureServerTLS(&utils.ServerTLSOpts{
		ServerCertFile: tlsCertFile,
		ServerKeyFile:  tlsKeyFile,
	})
	if err != nil {
		return nil, fmt.Errorf("Unable to set up TLS: %s", err.Error())
	}
	return tlsConfig, nil
}
Пример #2
0
// parses and sets up the TLS for the signer http + grpc server
func signerTLS(configuration *viper.Viper, printUsage bool) (*tls.Config, error) {
	certFile := configuration.GetString("server.cert_file")
	keyFile := configuration.GetString("server.key_file")
	if certFile == "" || keyFile == "" {
		if printUsage {
			usage()
		}
		return nil, fmt.Errorf("Certificate and key are mandatory")
	}

	clientCAFile := configuration.GetString("server.client_ca_file")
	tlsConfig, err := utils.ConfigureServerTLS(&utils.ServerTLSOpts{
		ServerCertFile:    certFile,
		ServerKeyFile:     keyFile,
		RequireClientAuth: clientCAFile != "",
		ClientCAFile:      clientCAFile,
	})
	if err != nil {
		return nil, fmt.Errorf("Unable to set up TLS: %s", err.Error())
	}
	return tlsConfig, nil
}
Пример #3
0
// get the address for the HTTP server, and parses the optional TLS
// configuration for the server - if no TLS configuration is specified,
// TLS is not enabled.
func getAddrAndTLSConfig(configuration *viper.Viper) (string, *tls.Config, error) {
	httpAddr := configuration.GetString("server.http_addr")
	if httpAddr == "" {
		return "", nil, fmt.Errorf("http listen address required for server")
	}

	tlsOpts, err := utils.ParseServerTLS(configuration, false)
	if err != nil {
		return "", nil, fmt.Errorf(err.Error())
	}
	// do not support this yet since the client doesn't have client cert support
	if tlsOpts != nil {
		tlsOpts.ClientCAFile = ""
		tlsConfig, err := utils.ConfigureServerTLS(tlsOpts)
		if err != nil {
			return "", nil, fmt.Errorf(
				"unable to set up TLS for server: %s", err.Error())
		}
		return httpAddr, tlsConfig, nil
	}
	return httpAddr, nil, nil
}
Пример #4
0
func getAddrAndTLSConfig(configuration *viper.Viper) (string, string, *tls.Config, error) {
	tlsOpts, err := utils.ParseServerTLS(configuration, true)
	if err != nil {
		return "", "", nil, fmt.Errorf("unable to set up TLS: %s", err.Error())
	}
	tlsConfig, err := utils.ConfigureServerTLS(tlsOpts)
	if err != nil {
		return "", "", nil, fmt.Errorf("unable to set up TLS: %s", err.Error())
	}

	grpcAddr := configuration.GetString("server.grpc_addr")
	if grpcAddr == "" {
		return "", "", nil, fmt.Errorf("grpc listen address required for server")
	}

	httpAddr := configuration.GetString("server.http_addr")
	if httpAddr == "" {
		return "", "", nil, fmt.Errorf("http listen address required for server")
	}

	return httpAddr, grpcAddr, tlsConfig, nil
}