gitee.com/lh-her-team/common@v1.5.1/crypto/tls/config/config.go (about) 1 package config 2 3 import ( 4 "io/ioutil" 5 6 cmtls "gitee.com/lh-her-team/common/crypto/tls" 7 cmx509 "gitee.com/lh-her-team/common/crypto/x509" 8 ) 9 10 // GetConfig return a config for tls 11 func GetConfig(certFile, keyFile, caCertFile string, isServer bool) (*cmtls.Config, error) { 12 sigCert, err := cmtls.LoadX509KeyPair(certFile, keyFile) 13 if err != nil { 14 return nil, err 15 } 16 // 信任的根证书 17 certPool := cmx509.NewCertPool() 18 cacert, err := ioutil.ReadFile(caCertFile) 19 if err != nil { 20 return nil, err 21 } 22 certPool.AppendCertsFromPEM(cacert) 23 if isServer { 24 return &cmtls.Config{ 25 Certificates: []cmtls.Certificate{sigCert}, 26 ClientCAs: certPool, 27 }, nil 28 } 29 return &cmtls.Config{ 30 Certificates: []cmtls.Certificate{sigCert}, 31 RootCAs: certPool, 32 }, nil 33 } 34 35 //GetGMConfigForDoubleCert returns a config for GM double cert tls 36 func GetGMTLSConfig(certFile, keyFile, encCertFile, encKeyFile, caCertFile string, isServer bool) (*cmtls.Config, error) { 37 sigCert, err := cmtls.LoadX509KeyPair(certFile, keyFile) 38 if err != nil { 39 return nil, err 40 } 41 encCert, err := cmtls.LoadX509KeyPair(encCertFile, encKeyFile) 42 if err != nil { 43 return nil, err 44 } 45 // 信任的根证书 46 certPool := cmx509.NewCertPool() 47 caCert, err := ioutil.ReadFile(caCertFile) 48 if err != nil { 49 return nil, err 50 } 51 certPool.AppendCertsFromPEM(caCert) 52 if isServer { 53 return &cmtls.Config{ 54 GMSupport: cmtls.NewGMSupport(), 55 Certificates: []cmtls.Certificate{sigCert, encCert}, 56 ClientCAs: certPool, 57 }, nil 58 } 59 return &cmtls.Config{ 60 GMSupport: cmtls.NewGMSupport(), 61 Certificates: []cmtls.Certificate{sigCert, encCert}, 62 RootCAs: certPool, 63 }, nil 64 }