package util import "strings" import "codit/config" import "codit/internal/models" func TLSSettingsFromConfig(appCfg config.Config) models.TLSSettings { var settings models.TLSSettings var addrs []string addrs = config.NormalizeHTTPAddrs(appCfg.CTL.Service.Addrs) settings = models.TLSSettings{ EndpointPolicies: DefaultTLSEndpointPolicies(), TLSServerCertSource: normalizeTLSServerCertSource(appCfg.CTL.TLS.ServerCertSource), TLSCertFile: strings.TrimSpace(appCfg.CTL.TLS.CertFile), TLSKeyFile: strings.TrimSpace(appCfg.CTL.TLS.KeyFile), TLSPKIServerCertID: strings.TrimSpace(appCfg.CTL.TLS.PKIServerCertID), TLSClientAuth: normalizeTLSClientAuth(appCfg.CTL.TLS.ClientAuth), TLSClientCAFile: strings.TrimSpace(appCfg.CTL.TLS.ClientCAFile), TLSPKIClientCAID: strings.TrimSpace(appCfg.CTL.TLS.PKIClientCAID), TLSMinVersion: normalizeTLSMinVersion(appCfg.CTL.TLS.MinVersion), } if appCfg.CTL.TLS.Enabled { settings.HTTPSAddrs = addrs } else { settings.HTTPAddrs = addrs } return settings } func DefaultTLSEndpointPolicies() []models.TLSEndpointPolicy { var services []string var items []models.TLSEndpointPolicy var i int services = []string{"api", "git", "rpm", "v2"} for i = 0; i < len(services); i++ { items = append(items, models.TLSEndpointPolicy{ Service: services[i], PolicyID: "tls-auth-default", }) } return items } func normalizeTLSServerCertSource(value string) string { var v string v = strings.ToLower(strings.TrimSpace(value)) if v == "files" { return "files" } return "pki" } func normalizeTLSClientAuth(value string) string { var v string v = strings.ToLower(strings.TrimSpace(value)) if v == "request" || v == "require" || v == "verify_if_given" || v == "require_and_verify" { return v } return "none" } func normalizeTLSMinVersion(value string) string { var v string v = strings.ToLower(strings.TrimSpace(value)) if v == "1.0" || v == "1.1" || v == "1.3" || v == "tls1.0" || v == "tls1.1" || v == "tls1.3" { return v } return "1.2" }