dubbo.apache.org/dubbo-go/v3@v3.1.1/config/tls_config.go (about)

     1  /*
     2   * Licensed to the Apache Software Foundation (ASF) under one or more
     3   * contributor license agreements.  See the NOTICE file distributed with
     4   * this work for additional information regarding copyright ownership.
     5   * The ASF licenses this file to You under the Apache License, Version 2.0
     6   * (the "License"); you may not use this file except in compliance with
     7   * the License.  You may obtain a copy of the License at
     8   *
     9   *     http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   */
    17  
    18  package config
    19  
    20  import (
    21  	"crypto/tls"
    22  	"crypto/x509"
    23  	"os"
    24  
    25  	"dubbo.apache.org/dubbo-go/v3/common/constant"
    26  )
    27  
    28  // TLSConfig tls config
    29  type TLSConfig struct {
    30  	CACertFile    string `yaml:"ca-cert-file" json:"ca-cert-file" property:"ca-cert-file"`
    31  	TLSCertFile   string `yaml:"tls-cert-file" json:"tls-cert-file" property:"tls-cert-file"`
    32  	TLSKeyFile    string `yaml:"tls-key-file" json:"tls-key-file" property:"tls-key-file"`
    33  	TLSServerName string `yaml:"tls-server-name" json:"tls-server-name" property:"tls-server-name"`
    34  }
    35  
    36  func (t *TLSConfig) Prefix() string {
    37  	return constant.TLSConfigPrefix
    38  }
    39  
    40  // GetServerTlsConfig build server tls config from TLSConfig
    41  func GetServerTlsConfig(opt *TLSConfig) (*tls.Config, error) {
    42  	//no TLS
    43  	if opt.TLSCertFile == "" && opt.TLSKeyFile == "" {
    44  		return nil, nil
    45  	}
    46  	var ca *x509.CertPool
    47  	cfg := &tls.Config{}
    48  	//need mTLS
    49  	if opt.CACertFile != "" {
    50  		ca = x509.NewCertPool()
    51  		caBytes, err := os.ReadFile(opt.CACertFile)
    52  		if err != nil {
    53  			return nil, err
    54  		}
    55  		if ok := ca.AppendCertsFromPEM(caBytes); !ok {
    56  			return nil, err
    57  		}
    58  		cfg.ClientAuth = tls.RequireAndVerifyClientCert
    59  		cfg.ClientCAs = ca
    60  	}
    61  	cert, err := tls.LoadX509KeyPair(opt.TLSCertFile, opt.TLSKeyFile)
    62  	if err != nil {
    63  		return nil, err
    64  	}
    65  	cfg.Certificates = []tls.Certificate{cert}
    66  	cfg.ServerName = opt.TLSServerName
    67  
    68  	return cfg, nil
    69  }
    70  
    71  // GetClientTlsConfig build client tls config from TLSConfig
    72  func GetClientTlsConfig(opt *TLSConfig) (*tls.Config, error) {
    73  	//no TLS
    74  	if opt.CACertFile == "" {
    75  		return nil, nil
    76  	}
    77  	cfg := &tls.Config{
    78  		ServerName: opt.TLSServerName,
    79  	}
    80  	ca := x509.NewCertPool()
    81  	caBytes, err := os.ReadFile(opt.CACertFile)
    82  	if err != nil {
    83  		return nil, err
    84  	}
    85  	if ok := ca.AppendCertsFromPEM(caBytes); !ok {
    86  		return nil, err
    87  	}
    88  	cfg.RootCAs = ca
    89  	//need mTls
    90  	if opt.TLSCertFile != "" {
    91  		var cert tls.Certificate
    92  		cert, err = tls.LoadX509KeyPair(opt.TLSCertFile, opt.TLSKeyFile)
    93  		if err != nil {
    94  			return nil, err
    95  		}
    96  		cfg.Certificates = []tls.Certificate{cert}
    97  	}
    98  	return cfg, err
    99  }
   100  
   101  type TLSConfigBuilder struct {
   102  	tlsConfig *TLSConfig
   103  }
   104  
   105  func NewTLSConfigBuilder() *TLSConfigBuilder {
   106  	return &TLSConfigBuilder{}
   107  }
   108  
   109  func (tcb *TLSConfigBuilder) SetCACertFile(caCertFile string) *TLSConfigBuilder {
   110  	if tcb.tlsConfig == nil {
   111  		tcb.tlsConfig = &TLSConfig{}
   112  	}
   113  	tcb.tlsConfig.CACertFile = caCertFile
   114  	return tcb
   115  }
   116  
   117  func (tcb *TLSConfigBuilder) SetTLSCertFile(tlsCertFile string) *TLSConfigBuilder {
   118  	if tcb.tlsConfig == nil {
   119  		tcb.tlsConfig = &TLSConfig{}
   120  	}
   121  	tcb.tlsConfig.TLSCertFile = tlsCertFile
   122  	return tcb
   123  }
   124  
   125  func (tcb *TLSConfigBuilder) SetTLSKeyFile(tlsKeyFile string) *TLSConfigBuilder {
   126  	if tcb.tlsConfig == nil {
   127  		tcb.tlsConfig = &TLSConfig{}
   128  	}
   129  	tcb.tlsConfig.TLSKeyFile = tlsKeyFile
   130  	return tcb
   131  }
   132  
   133  func (tcb *TLSConfigBuilder) SetTLSServerName(tlsServerName string) *TLSConfigBuilder {
   134  	if tcb.tlsConfig == nil {
   135  		tcb.tlsConfig = &TLSConfig{}
   136  	}
   137  	tcb.tlsConfig.TLSServerName = tlsServerName
   138  	return tcb
   139  }
   140  
   141  func (tcb *TLSConfigBuilder) Build() *TLSConfig {
   142  	return tcb.tlsConfig
   143  }