|
|
@ -21,17 +21,20 @@ import (
|
|
|
|
"crypto/x509"
|
|
|
|
"crypto/x509"
|
|
|
|
"fmt"
|
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
|
|
|
"io/ioutil"
|
|
|
|
|
|
|
|
"k8s.io/helm/pkg/urlutil"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
// NewClientTLS returns tls.Config appropriate for client auth.
|
|
|
|
func newTLSConfigCommon(certFile, keyFile, caFile string) (*tls.Config, error) {
|
|
|
|
func NewClientTLS(certFile, keyFile, caFile string) (*tls.Config, error) {
|
|
|
|
config := tls.Config{}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if certFile != "" && keyFile != "" {
|
|
|
|
cert, err := CertFromFilePair(certFile, keyFile)
|
|
|
|
cert, err := CertFromFilePair(certFile, keyFile)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
config := tls.Config{
|
|
|
|
config.Certificates = []tls.Certificate{*cert}
|
|
|
|
Certificates: []tls.Certificate{*cert},
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if caFile != "" {
|
|
|
|
if caFile != "" {
|
|
|
|
cp, err := CertPoolFromFile(caFile)
|
|
|
|
cp, err := CertPoolFromFile(caFile)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
@ -39,9 +42,32 @@ func NewClientTLS(certFile, keyFile, caFile string) (*tls.Config, error) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
config.RootCAs = cp
|
|
|
|
config.RootCAs = cp
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &config, nil
|
|
|
|
return &config, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// NewClientTLS returns tls.Config appropriate for client auth.
|
|
|
|
|
|
|
|
func NewClientTLS(certFile, keyFile, caFile string) (*tls.Config, error) {
|
|
|
|
|
|
|
|
return newTLSConfigCommon(certFile, keyFile, caFile)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// NewTLSConfig returns tls.Config appropriate for client and/or server auth.
|
|
|
|
|
|
|
|
func NewTLSConfig(url, certFile, keyFile, caFile string) (*tls.Config, error) {
|
|
|
|
|
|
|
|
config, err := newTLSConfigCommon(certFile, keyFile, caFile)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
config.BuildNameToCertificate()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
serverName, err := urlutil.ExtractHostname(url)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
config.ServerName = serverName
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return config, nil
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// CertPoolFromFile returns an x509.CertPool containing the certificates
|
|
|
|
// CertPoolFromFile returns an x509.CertPool containing the certificates
|
|
|
|
// in the given PEM-encoded file.
|
|
|
|
// in the given PEM-encoded file.
|
|
|
|
// Returns an error if the file could not be read, a certificate could not
|
|
|
|
// Returns an error if the file could not be read, a certificate could not
|
|
|
|