Other(refactor): Move TLS to Bridge

2025-12-26 19:56:43 +00:00 · 2022-08-18 15:34:27 +02:00
parent 743a2f8dac
commit 2aaec3b6bd
10 changed files with 101 additions and 68 deletions
--- a/internal/bridge/bridge.go
+++ b/internal/bridge/bridge.go
@ -27,6 +27,7 @@ import (
 	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/go-autostart"
 	"github.com/ProtonMail/proton-bridge/v2/internal/config/settings"
+	"github.com/ProtonMail/proton-bridge/v2/internal/config/tls"
 	"github.com/ProtonMail/proton-bridge/v2/internal/constants"
 	"github.com/ProtonMail/proton-bridge/v2/internal/metrics"
 	"github.com/ProtonMail/proton-bridge/v2/internal/sentry"
@ -52,6 +53,7 @@ type Bridge struct {
 	clientManager pmapi.Manager
 	updater       Updater
 	versioner     Versioner
+	tls           *tls.TLS
 	cacheProvider CacheProvider
 	autostart     *autostart.App
 	// Bridge's global errors list.
@ -69,6 +71,7 @@ func New(
 	sentryReporter *sentry.Reporter,
 	panicHandler users.PanicHandler,
 	eventListener listener.Listener,
+	tls *tls.TLS,
 	cache cache.Cache,
 	builder *message.Builder,
 	clientManager pmapi.Manager,
@ -99,6 +102,7 @@ func New(
 		clientManager:    clientManager,
 		updater:          updater,
 		versioner:        versioner,
+		tls:              tls,
 		cacheProvider:    cacheProvider,
 		autostart:        autostart,
 		isFirstStart:     false,
--- a/internal/bridge/bridge_tls.go
+++ b/internal/bridge/bridge_tls.go
@ -0,0 +1,64 @@
+// Copyright (c) 2022 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package bridge
+
+import (
+	"crypto/tls"
+
+	pkgTLS "github.com/ProtonMail/proton-bridge/v2/internal/config/tls"
+	"github.com/pkg/errors"
+	logrus "github.com/sirupsen/logrus"
+)
+
+func (b *Bridge) GetTLSConfig() (*tls.Config, error) {
+	if !b.tls.HasCerts() {
+		if err := b.generateTLSCerts(); err != nil {
+			return nil, err
+		}
+	}
+
+	tlsConfig, err := b.tls.GetConfig()
+	if err == nil {
+		return tlsConfig, nil
+	}
+
+	logrus.WithError(err).Error("Failed to load TLS config, regenerating certificates")
+
+	if err := b.generateTLSCerts(); err != nil {
+		return nil, err
+	}
+
+	return b.tls.GetConfig()
+}
+
+func (b *Bridge) generateTLSCerts() error {
+	template, err := pkgTLS.NewTLSTemplate()
+	if err != nil {
+		return errors.Wrap(err, "failed to generate TLS template")
+	}
+
+	if err := b.tls.GenerateCerts(template); err != nil {
+		return errors.Wrap(err, "failed to generate TLS certs")
+	}
+
+	if err := b.tls.InstallCerts(); err != nil {
+		return errors.Wrap(err, "failed to install TLS certs")
+	}
+
+	return nil
+}