This repository has been archived by the owner on Nov 8, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
config.go
91 lines (79 loc) · 1.9 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package server
import (
"crypto/tls"
"crypto/x509"
"encoding/json"
"fmt"
"io/ioutil"
log "github.com/cihub/seelog"
)
const (
CONFIGFILE = "broker.json"
)
func LoadConfig() (*Info, error) {
content, err := ioutil.ReadFile(CONFIGFILE)
if err != nil {
log.Error("Read config file error: ", err)
return nil, err
}
var info Info
err = json.Unmarshal(content, &info)
if err != nil {
log.Error("Unmarshal config file error: ", err)
return nil, err
}
if info.TlsPort != "" {
if info.TlsInfo.CertFile == "" || info.TlsInfo.KeyFile == "" {
log.Error("tls config error, no cert or key file.")
return nil, err
}
if info.TlsHost == "" {
info.TlsHost = "0.0.0.0"
}
}
if info.Port != "" {
if info.Host == "" {
info.Host = "0.0.0.0"
}
}
if info.Cluster.Port != "" {
if info.Cluster.Host == "" {
info.Cluster.Host = "0.0.0.0"
}
}
return &info, nil
}
func NewTLSConfig(tlsInfo TLSInfo) (*tls.Config, error) {
cert, err := tls.LoadX509KeyPair(tlsInfo.CertFile, tlsInfo.KeyFile)
if err != nil {
return nil, fmt.Errorf("error parsing X509 certificate/key pair: %v", err)
}
cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return nil, fmt.Errorf("error parsing certificate: %v", err)
}
// Create TLSConfig
// We will determine the cipher suites that we prefer.
config := tls.Config{
Certificates: []tls.Certificate{cert},
MinVersion: tls.VersionTLS12,
}
// Require client certificates as needed
if tlsInfo.Verify {
config.ClientAuth = tls.RequireAndVerifyClientCert
}
// Add in CAs if applicable.
if tlsInfo.CaFile != "" {
rootPEM, err := ioutil.ReadFile(tlsInfo.CaFile)
if err != nil || rootPEM == nil {
return nil, err
}
pool := x509.NewCertPool()
ok := pool.AppendCertsFromPEM([]byte(rootPEM))
if !ok {
return nil, fmt.Errorf("failed to parse root ca certificate")
}
config.ClientCAs = pool
}
return &config, nil
}