탐색 도움말
로그인
malz
/
ekuiper-new
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 1.11.0-alp
브랜치 태그
ekuiper-new
/
internal
/
pkg
/
cert
/
cert.go

cert.go 1.5 KB
고유링크 히스토리 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. package cert
    2. 

  2. 

  3. import (
    4. 

  4. 	"crypto/tls"
    5. 

  5. 	"crypto/x509"
    6. 

  6. 	"os"
    7. 

  7. 

  8. 	"github.com/lf-edge/ekuiper/internal/conf"
    9. 

  9. )
    10. 

  10. 

  11. type TlsConfigurationOptions struct {
    12. 

  12. 	SkipCertVerify bool
    13. 

  13. 	CertFile       string
    14. 

  14. 	KeyFile        string
    15. 

  15. 	CaFile         string
    16. 

  16. }
    17. 

  17. 

  18. func GenerateTLSForClient(
    19. 

  19. 	Opts TlsConfigurationOptions,
    20. 

  20. ) (*tls.Config, error) {
    21. 

  21. 	tlsConfig := &tls.Config{
    22. 

  22. 		InsecureSkipVerify: Opts.SkipCertVerify,
    23. 

  23. 	}
    24. 

  24. 

  25. 	if len(Opts.CertFile) <= 0 && len(Opts.KeyFile) <= 0 {
    26. 

  26. 		tlsConfig.Certificates = nil
    27. 

  27. 	} else {
    28. 

  28. 		if cert, err := certLoader(Opts.CertFile, Opts.KeyFile); err != nil {
    29. 

  29. 			return nil, err
    30. 

  30. 		} else {
    31. 

  31. 			tlsConfig.Certificates = []tls.Certificate{cert}
    32. 

  32. 		}
    33. 

  33. 	}
    34. 

  34. 

  35. 	if len(Opts.CaFile) > 0 {
    36. 

  36. 		root, err := caLoader(Opts.CaFile)
    37. 

  37. 		if err != nil {
    38. 

  38. 			return nil, err
    39. 

  39. 		}
    40. 

  40. 		tlsConfig.RootCAs = root
    41. 

  41. 	}
    42. 

  42. 

  43. 	return tlsConfig, nil
    44. 

  44. }
    45. 

  45. 

  46. func certLoader(certFilePath, keyFilePath string) (tls.Certificate, error) {
    47. 

  47. 	if cp, err := conf.ProcessPath(certFilePath); err == nil {
    48. 

  48. 		if kp, err1 := conf.ProcessPath(keyFilePath); err1 == nil {
    49. 

  49. 			if cer, err2 := tls.LoadX509KeyPair(cp, kp); err2 != nil {
    50. 

  50. 				return tls.Certificate{}, err2
    51. 

  51. 			} else {
    52. 

  52. 				return cer, nil
    53. 

  53. 			}
    54. 

  54. 		} else {
    55. 

  55. 			return tls.Certificate{}, err1
    56. 

  56. 		}
    57. 

  57. 	} else {
    58. 

  58. 		return tls.Certificate{}, err
    59. 

  59. 	}
    60. 

  60. }
    61. 

  61. 

  62. func caLoader(caFilePath string) (*x509.CertPool, error) {
    63. 

  63. 	if cp, err := conf.ProcessPath(caFilePath); err == nil {
    64. 

  64. 		pool := x509.NewCertPool()
    65. 

  65. 		caCrt, err1 := os.ReadFile(cp)
    66. 

  66. 		if err1 != nil {
    67. 

  67. 			return nil, err1
    68. 

  68. 		}
    69. 

  69. 		pool.AppendCertsFromPEM(caCrt)
    70. 

  70. 		return pool, err1
    71. 

  71. 	} else {
    72. 

  72. 		return nil, err
    73. 

  73. 	}
    74. 

  74. }
    75.