github.com/safedep/dry@v0.0.0-20241016050132-a15651f0548b/adapters/tls.go

github.com/safedep/dry@v0.0.0-20241016050132-a15651f0548b/adapters/tls.go (about)

     1  package adapters
     2  
     3  import (
     4  	"crypto/tls"
     5  	"crypto/x509"
     6  	"io/ioutil"
     7  	"os"
     8  )
     9  
    10  func TlsConfigFromEnvironment(serverName string) (tls.Config, error) {
    11  	caCert, err := ioutil.ReadFile(os.Getenv("APP_SERVICE_TLS_ROOT_CA"))
    12  	if err != nil {
    13  		return tls.Config{}, err
    14  	}
    15  
    16  	caCertPool := x509.NewCertPool()
    17  	caCertPool.AppendCertsFromPEM(caCert)
    18  
    19  	cert, err := tls.LoadX509KeyPair(os.Getenv("APP_SERVICE_TLS_CERT"),
    20  		os.Getenv("APP_SERVICE_TLS_KEY"))
    21  	if err != nil {
    22  		return tls.Config{}, err
    23  	}
    24  
    25  	return tls.Config{
    26  		ServerName:   serverName,
    27  		Certificates: []tls.Certificate{cert},
    28  		RootCAs:      caCertPool,
    29  		MinVersion:   tls.VersionTLS12,
    30  	}, nil
    31  }