Remove old global config and use new static config
This commit is contained in:
SALLEYRON Julien
Traefiker Bot
parent
c39d21c178
commit
5d91c7e15c
114 changed files with 2485 additions and 3646 deletions
|
|
@ -2,6 +2,7 @@ package tls
|
|||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"net"
|
||||
"sort"
|
||||
"strings"
|
||||
|
|
@ -15,7 +16,6 @@ import (
|
|||
// CertificateStore store for dynamic and static certificates
|
||||
type CertificateStore struct {
|
||||
DynamicCerts *safe.Safe
|
||||
StaticCerts *safe.Safe
|
||||
DefaultCertificate *tls.Certificate
|
||||
CertCache *cache.Cache
|
||||
SniStrict bool
|
||||
|
|
@ -24,23 +24,42 @@ type CertificateStore struct {
|
|||
// NewCertificateStore create a store for dynamic and static certificates
|
||||
func NewCertificateStore() *CertificateStore {
|
||||
return &CertificateStore{
|
||||
StaticCerts: &safe.Safe{},
|
||||
DynamicCerts: &safe.Safe{},
|
||||
CertCache: cache.New(1*time.Hour, 10*time.Minute),
|
||||
}
|
||||
}
|
||||
|
||||
// GetAllDomains return a slice with all the certificate domain
|
||||
func (c CertificateStore) GetAllDomains() []string {
|
||||
func (c CertificateStore) getDefaultCertificateDomains() []string {
|
||||
var allCerts []string
|
||||
|
||||
// Get static certificates
|
||||
if c.StaticCerts != nil && c.StaticCerts.Get() != nil {
|
||||
for domains := range c.StaticCerts.Get().(map[string]*tls.Certificate) {
|
||||
allCerts = append(allCerts, domains)
|
||||
}
|
||||
if c.DefaultCertificate == nil {
|
||||
return allCerts
|
||||
}
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(c.DefaultCertificate.Certificate[0])
|
||||
if err != nil {
|
||||
log.WithoutContext().Errorf("Could not parse default certicate: %v", err)
|
||||
return allCerts
|
||||
}
|
||||
|
||||
if len(x509Cert.Subject.CommonName) > 0 {
|
||||
allCerts = append(allCerts, x509Cert.Subject.CommonName)
|
||||
}
|
||||
|
||||
allCerts = append(allCerts, x509Cert.DNSNames...)
|
||||
|
||||
for _, ipSan := range x509Cert.IPAddresses {
|
||||
allCerts = append(allCerts, ipSan.String())
|
||||
}
|
||||
|
||||
return allCerts
|
||||
}
|
||||
|
||||
// GetAllDomains return a slice with all the certificate domain
|
||||
func (c CertificateStore) GetAllDomains() []string {
|
||||
|
||||
allCerts := c.getDefaultCertificateDomains()
|
||||
|
||||
// Get dynamic certificates
|
||||
if c.DynamicCerts != nil && c.DynamicCerts.Get() != nil {
|
||||
for domains := range c.DynamicCerts.Get().(map[string]*tls.Certificate) {
|
||||
|
|
@ -77,16 +96,6 @@ func (c CertificateStore) GetBestCertificate(clientHello *tls.ClientHelloInfo) *
|
|||
}
|
||||
}
|
||||
|
||||
if c.StaticCerts != nil && c.StaticCerts.Get() != nil {
|
||||
for domains, cert := range c.StaticCerts.Get().(map[string]*tls.Certificate) {
|
||||
for _, certDomain := range strings.Split(domains, ",") {
|
||||
if MatchDomain(domainToCheck, certDomain) {
|
||||
matchedCerts[certDomain] = cert
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if len(matchedCerts) > 0 {
|
||||
// sort map by keys
|
||||
keys := make([]string, 0, len(matchedCerts))
|
||||
|
|
@ -103,11 +112,6 @@ func (c CertificateStore) GetBestCertificate(clientHello *tls.ClientHelloInfo) *
|
|||
return nil
|
||||
}
|
||||
|
||||
// ContainsCertificates checks if there are any certs in the store
|
||||
func (c CertificateStore) ContainsCertificates() bool {
|
||||
return c.StaticCerts.Get() != nil || c.DynamicCerts.Get() != nil
|
||||
}
|
||||
|
||||
// ResetCache clears the cache in the store
|
||||
func (c CertificateStore) ResetCache() {
|
||||
if c.CertCache != nil {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue