/tls/configure -- certificates/keys are now transferred encoded with base64

This commit is contained in:
Eugene Bujak 2019-02-01 14:10:39 +03:00 committed by Eugene Bujak
parent 93847bd309
commit d42718465d
1 changed files with 18 additions and 2 deletions

View File

@ -5,6 +5,7 @@ import (
"context" "context"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/base64"
"encoding/json" "encoding/json"
"encoding/pem" "encoding/pem"
"fmt" "fmt"
@ -1048,7 +1049,21 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
return return
} }
_, err = tls.X509KeyPair([]byte(data.CertificateChain), []byte(data.PrivateKey)) certPEM, err := base64.StdEncoding.DecodeString(data.CertificateChain)
if err != nil {
httpError(w, http.StatusBadRequest, "Failed to base64-decode certificate chain: %s", err)
return
}
keyPEM, err := base64.StdEncoding.DecodeString(data.PrivateKey)
if err != nil {
httpError(w, http.StatusBadRequest, "Failed to base64-decode private key: %s", err)
return
}
log.Printf("got certificate: %s", certPEM)
_, err = tls.X509KeyPair(certPEM, keyPEM)
if err != nil { if err != nil {
httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err) httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err)
return return
@ -1058,7 +1073,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
var certs []*pem.Block // PEM-encoded certificates var certs []*pem.Block // PEM-encoded certificates
var skippedBytes []string // skipped bytes var skippedBytes []string // skipped bytes
pemblock := []byte(data.CertificateChain) pemblock := []byte(certPEM)
for { for {
var decoded *pem.Block var decoded *pem.Block
decoded, pemblock = pem.Decode(pemblock) decoded, pemblock = pem.Decode(pemblock)
@ -1109,6 +1124,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
mainCert := parsedCerts[0] mainCert := parsedCerts[0]
_, err = mainCert.Verify(opts) _, err = mainCert.Verify(opts)
if err != nil { if err != nil {
// TODO: let self-signed certs through
httpError(w, http.StatusBadRequest, "Your certificate does not verify: %s", err) httpError(w, http.StatusBadRequest, "Your certificate does not verify: %s", err)
return return
} }