go.ligato.io/vpp-agent/v3@v3.5.0/cmd/agentctl/client/tlsconfig/tlsconfig.go

go.ligato.io/vpp-agent/v3@v3.5.0/cmd/agentctl/client/tlsconfig/tlsconfig.go (about)

     1  //  Copyright (c) 2019 Cisco and/or its affiliates.
     2  //
     3  //  Licensed under the Apache License, Version 2.0 (the "License");
     4  //  you may not use this file except in compliance with the License.
     5  //  You may obtain a copy of the License at:
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  //  Unless required by applicable law or agreed to in writing, software
    10  //  distributed under the License is distributed on an "AS IS" BASIS,
    11  //  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  //  See the License for the specific language governing permissions and
    13  //  limitations under the License.
    14  
    15  // Package tlsconfig provides more convenient way to create "tls.Config".
    16  //
    17  // Usage:
    18  //
    19  //	package main
    20  //
    21  //	import "fmt"
    22  //	import "go.ligato.io/vpp-agent/v3/cmd/agentctl/client/tlsconfig"
    23  //
    24  //	func main() {
    25  //		tc, err := tlsconfig.New(
    26  //			tlsconfig.CA("/path/to/ca.crt"),
    27  //			tlsconfig.CertKey("/path/to/server.crt", "/path/to/server.key"),
    28  //		)
    29  //
    30  //		if err != nil {
    31  //			fmt.Printf("Error while creating TLS config: %v\n", err)
    32  //			return
    33  //		}
    34  //		fmt.Println("TLS config is ready to use")
    35  //
    36  //		// `tc` usage
    37  //	}
    38  
    39  package tlsconfig
    40  
    41  import (
    42  	"crypto/tls"
    43  	"crypto/x509"
    44  	"fmt"
    45  	"os"
    46  )
    47  
    48  // New returns tls.Config with all options applied.
    49  func New(options ...Option) (*tls.Config, error) {
    50  	config := &tls.Config{
    51  		MinVersion: tls.VersionTLS12,
    52  	}
    53  
    54  	for _, op := range options {
    55  		if err := op(config); err != nil {
    56  			return nil, err
    57  		}
    58  	}
    59  
    60  	return config, nil
    61  }
    62  
    63  // Option applies a modification on a tls.Config.
    64  type Option func(config *tls.Config) error
    65  
    66  // CA adds CA certificate from file to tls.Config.
    67  // If not using this Option, then TLS will be using the host's root CA set.
    68  func CA(path string) Option {
    69  	return func(config *tls.Config) error {
    70  		if config.RootCAs == nil {
    71  			config.RootCAs = x509.NewCertPool()
    72  		}
    73  
    74  		cert, err := os.ReadFile(path)
    75  		if err != nil {
    76  			return err
    77  		}
    78  
    79  		ok := config.RootCAs.AppendCertsFromPEM(cert)
    80  		if !ok {
    81  			return fmt.Errorf("unable to add CA from '%s' file", path)
    82  		}
    83  
    84  		return nil
    85  	}
    86  }
    87  
    88  // CertKey adds certificate with key to tls.Config.
    89  func CertKey(certPath, keyPath string) Option {
    90  	return func(config *tls.Config) error {
    91  		cert, err := tls.LoadX509KeyPair(certPath, keyPath)
    92  		if err != nil {
    93  			return err
    94  		}
    95  		config.Certificates = append(config.Certificates, cert)
    96  		return err
    97  	}
    98  }
    99  
   100  // SkipServerVerification turns off verification of server's certificate chain and host name.
   101  func SkipServerVerification() Option {
   102  	return func(config *tls.Config) error {
   103  		config.InsecureSkipVerify = true
   104  		return nil
   105  	}
   106  }