yesBad/proton-bridge
1
0
Fork 0
forked from Silverfish/proton-bridge
Code Actions Activity

feat(GODT-2374): Import TLS certs via shell

Browse Source
This commit is contained in:
James Houlahan
2023-02-17 14:02:39 +01:00
parent cac0cf35f6
commit 54c013012e
8 changed files with 104 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
internal/vault/certs.go
View File

@ -17,12 +17,40 @@
package vault
func (vault *Vault) GetBridgeTLSCert() []byte {
return vault.get().Certs.Bridge.Cert
import (
"crypto/tls"
"fmt"
"os"
"path/filepath"
"github.com/sirupsen/logrus"
)
// GetBridgeTLSCert returns the PEM-encoded certificate for the bridge.
// If CertPEMPath is set, it will attempt to read the certificate from the file.
// Otherwise, or on read/validation failure, it will return the certificate from the vault.
func (vault *Vault) GetBridgeTLSCert() ([]byte, []byte) {
if certPath, keyPath := vault.get().Certs.CustomCertPath, vault.get().Certs.CustomKeyPath; certPath != "" && keyPath != "" {
if certPEM, keyPEM, err := readPEMCert(certPath, keyPath); err == nil {
return certPEM, keyPEM
}
logrus.Error("Failed to read certificate from file, using default")
}
return vault.get().Certs.Bridge.Cert, vault.get().Certs.Bridge.Key
}
func (vault *Vault) GetBridgeTLSKey() []byte {
return vault.get().Certs.Bridge.Key
// SetBridgeTLSCertPath sets the path to PEM-encoded certificates for the bridge.
func (vault *Vault) SetBridgeTLSCertPath(certPath, keyPath string) error {
if _, _, err := readPEMCert(certPath, keyPath); err != nil {
return fmt.Errorf("invalid certificate: %w", err)
}
return vault.mod(func(data *Data) {
data.Certs.CustomCertPath = certPath
data.Certs.CustomKeyPath = keyPath
})
}
func (vault *Vault) GetCertsInstalled() bool {
@ -34,3 +62,21 @@ func (vault *Vault) SetCertsInstalled(installed bool) error {
data.Certs.Installed = installed
})
}
func readPEMCert(certPEMPath, keyPEMPath string) ([]byte, []byte, error) {
certPEM, err := os.ReadFile(filepath.Clean(certPEMPath))
if err != nil {
return nil, nil, err
}
keyPEM, err := os.ReadFile(filepath.Clean(keyPEMPath))
if err != nil {
return nil, nil, err
}
if _, err := tls.X509KeyPair(certPEM, keyPEM); err != nil {
return nil, nil, err
}
return certPEM, keyPEM, nil
}