mirror of
https://github.com/ProtonMail/proton-bridge.git
synced 2025-12-23 10:26:44 +00:00
feat(GODT-2374): Import TLS certs via shell
This commit is contained in:
James Houlahan
@ -17,12 +17,40 @@
|
||||
|
||||
package vault
|
||||
|
||||
func (vault *Vault) GetBridgeTLSCert() []byte {
|
||||
return vault.get().Certs.Bridge.Cert
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// GetBridgeTLSCert returns the PEM-encoded certificate for the bridge.
|
||||
// If CertPEMPath is set, it will attempt to read the certificate from the file.
|
||||
// Otherwise, or on read/validation failure, it will return the certificate from the vault.
|
||||
func (vault *Vault) GetBridgeTLSCert() ([]byte, []byte) {
|
||||
if certPath, keyPath := vault.get().Certs.CustomCertPath, vault.get().Certs.CustomKeyPath; certPath != "" && keyPath != "" {
|
||||
if certPEM, keyPEM, err := readPEMCert(certPath, keyPath); err == nil {
|
||||
return certPEM, keyPEM
|
||||
}
|
||||
|
||||
logrus.Error("Failed to read certificate from file, using default")
|
||||
}
|
||||
|
||||
return vault.get().Certs.Bridge.Cert, vault.get().Certs.Bridge.Key
|
||||
}
|
||||
|
||||
func (vault *Vault) GetBridgeTLSKey() []byte {
|
||||
return vault.get().Certs.Bridge.Key
|
||||
// SetBridgeTLSCertPath sets the path to PEM-encoded certificates for the bridge.
|
||||
func (vault *Vault) SetBridgeTLSCertPath(certPath, keyPath string) error {
|
||||
if _, _, err := readPEMCert(certPath, keyPath); err != nil {
|
||||
return fmt.Errorf("invalid certificate: %w", err)
|
||||
}
|
||||
|
||||
return vault.mod(func(data *Data) {
|
||||
data.Certs.CustomCertPath = certPath
|
||||
data.Certs.CustomKeyPath = keyPath
|
||||
})
|
||||
}
|
||||
|
||||
func (vault *Vault) GetCertsInstalled() bool {
|
||||
@ -34,3 +62,21 @@ func (vault *Vault) SetCertsInstalled(installed bool) error {
|
||||
data.Certs.Installed = installed
|
||||
})
|
||||
}
|
||||
|
||||
func readPEMCert(certPEMPath, keyPEMPath string) ([]byte, []byte, error) {
|
||||
certPEM, err := os.ReadFile(filepath.Clean(certPEMPath))
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
keyPEM, err := os.ReadFile(filepath.Clean(keyPEMPath))
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
if _, err := tls.X509KeyPair(certPEM, keyPEM); err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
return certPEM, keyPEM, nil
|
||||
}
|
||||
|
||||
@ -28,8 +28,9 @@ func TestVault_TLSCerts(t *testing.T) {
|
||||
s := newVault(t)
|
||||
|
||||
// Check the default bridge TLS certs.
|
||||
require.NotEmpty(t, s.GetBridgeTLSCert())
|
||||
require.NotEmpty(t, s.GetBridgeTLSKey())
|
||||
cert, key := s.GetBridgeTLSCert()
|
||||
require.NotEmpty(t, cert)
|
||||
require.NotEmpty(t, key)
|
||||
|
||||
// Check the certificates are not installed.
|
||||
require.False(t, s.GetCertsInstalled())
|
||||
|
||||
@ -22,6 +22,10 @@ import "github.com/ProtonMail/proton-bridge/v3/internal/certs"
|
||||
type Certs struct {
|
||||
Bridge Cert
|
||||
Installed bool
|
||||
|
||||
// If non-empty, the path to the PEM-encoded certificate file.
|
||||
CustomCertPath string
|
||||
CustomKeyPath string
|
||||
}
|
||||
|
||||
type Cert struct {
|
||||
|
||||
Reference in New Issue
Block a user