123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 |
- package qlight
- import (
- "crypto/tls"
- "crypto/x509"
- "fmt"
- "os"
- "strings"
- "github.com/ethereum/go-ethereum/plugin/security"
- )
- type TLSConfig struct {
- CACertFileName string
- ClientCACertFileName string
- ClientAuth int
- CertFileName string
- KeyFileName string
- InsecureSkipVerify bool
- CipherSuites string
- ServerName string
- }
- func NewTLSConfig(config *TLSConfig) (*tls.Config, error) {
- if config.InsecureSkipVerify {
- return &tls.Config{
- InsecureSkipVerify: true,
- }, nil
- }
- var (
- CA_Pool *x509.CertPool
- err error
- )
- if len(config.CACertFileName) > 0 {
- CA_Pool, err = x509.SystemCertPool()
- if err != nil {
- CA_Pool = x509.NewCertPool()
- }
- cert, err := os.ReadFile(config.CACertFileName)
- if err != nil {
- return nil, err
- }
- CA_Pool.AppendCertsFromPEM(cert)
- }
- var (
- ClientCA_Pool *x509.CertPool
- ClientAuth tls.ClientAuthType
- )
- if len(config.ClientCACertFileName) > 0 {
- ClientCA_Pool, err = x509.SystemCertPool()
- if err != nil {
- ClientCA_Pool = x509.NewCertPool()
- }
- cert, err := os.ReadFile(config.ClientCACertFileName)
- if err != nil {
- return nil, err
- }
- ClientCA_Pool.AppendCertsFromPEM(cert)
- if config.ClientAuth < 0 || config.ClientAuth > 4 {
- return nil, fmt.Errorf("Invalid ClientAuth value: %d", config.ClientAuth)
- }
- ClientAuth = tls.ClientAuthType(config.ClientAuth)
- }
- var certificates []tls.Certificate
- if len(config.CertFileName) > 0 && len(config.KeyFileName) > 0 {
- cert, err := tls.LoadX509KeyPair(config.CertFileName, config.KeyFileName)
- if err != nil {
- return nil, err
- }
- certificates = []tls.Certificate{cert}
- }
- var CipherSuites []uint16
- if len(config.CipherSuites) > 0 {
- cipherSuitesStrings := strings.FieldsFunc(config.CipherSuites, func(r rune) bool {
- return r == ','
- })
- if len(cipherSuitesStrings) > 0 {
- cipherSuiteList := make(security.CipherSuiteList, len(cipherSuitesStrings))
- for i, s := range cipherSuitesStrings {
- cipherSuiteList[i] = security.CipherSuite(strings.TrimSpace(s))
- }
- CipherSuites, err = cipherSuiteList.ToUint16Array()
- if err != nil {
- return nil, err
- }
- }
- }
- return &tls.Config{
- RootCAs: CA_Pool,
- Certificates: certificates,
- ServerName: config.ServerName,
- ClientCAs: ClientCA_Pool,
- ClientAuth: ClientAuth,
- CipherSuites: CipherSuites,
- }, nil
- }
|