portainer/api/crypto/tls.go

package crypto

import (
	"crypto/tls"
	"crypto/x509"
	"io/ioutil"
)

// CreateTLSConfigurationFromBytes initializes a tls.Config using a CA certificate, a certificate and a key
// loaded from memory.
func CreateTLSConfigurationFromBytes(caCert, cert, key []byte, skipClientVerification, skipServerVerification bool) (*tls.Config, error) {
	config := &tls.Config{}
	config.InsecureSkipVerify = skipServerVerification

	if !skipClientVerification {
		certificate, err := tls.X509KeyPair(cert, key)
		if err != nil {
			return nil, err
		}
		config.Certificates = []tls.Certificate{certificate}
	}

	if !skipServerVerification {
		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(caCert)
		config.RootCAs = caCertPool
	}

	return config, nil
}

// CreateTLSConfigurationFromDisk initializes a tls.Config using a CA certificate, a certificate and a key
// loaded from disk.
func CreateTLSConfigurationFromDisk(caCertPath, certPath, keyPath string, skipServerVerification bool) (*tls.Config, error) {
	config := &tls.Config{}
	config.InsecureSkipVerify = skipServerVerification

	if certPath != "" && keyPath != "" {
		cert, err := tls.LoadX509KeyPair(certPath, keyPath)
		if err != nil {
			return nil, err
		}

		config.Certificates = []tls.Certificate{cert}
	}

	if !skipServerVerification && caCertPath != "" {
		caCert, err := ioutil.ReadFile(caCertPath)
		if err != nil {
			return nil, err
		}

		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(caCert)
		config.RootCAs = caCertPool
	}

	return config, nil
}
feat(global): introduce user teams and new UAC system (#868) 2017-05-23 18:56:10 +00:00			`package crypto`
refactor(api): create a new structure for the Go api (#94) * refactor(api): create a new structure for the Go api * refactor(api): update the way keyFile parameter is managed 2016-08-01 01:40:12 +00:00
			`import (`
			`"crypto/tls"`
			`"crypto/x509"`
			`"io/ioutil"`
			`)`

fix(api): refactor TLS support (#1909) * refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement 2018-05-19 14:25:11 +00:00			`// CreateTLSConfigurationFromBytes initializes a tls.Config using a CA certificate, a certificate and a key`
			`// loaded from memory.`
			`func CreateTLSConfigurationFromBytes(caCert, cert, key []byte, skipClientVerification, skipServerVerification bool) (*tls.Config, error) {`
feat(api): ping the endpoint at creation time (#1817) 2018-04-16 11:19:24 +00:00			`config := &tls.Config{}`
			`config.InsecureSkipVerify = skipServerVerification`

			`if !skipClientVerification {`
			`certificate, err := tls.X509KeyPair(cert, key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`config.Certificates = []tls.Certificate{certificate}`
			`}`

			`if !skipServerVerification {`
			`caCertPool := x509.NewCertPool()`
			`caCertPool.AppendCertsFromPEM(caCert)`
			`config.RootCAs = caCertPool`
			`}`

			`return config, nil`
			`}`

fix(api): refactor TLS support (#1909) * refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement 2018-05-19 14:25:11 +00:00			`// CreateTLSConfigurationFromDisk initializes a tls.Config using a CA certificate, a certificate and a key`
			`// loaded from disk.`
			`func CreateTLSConfigurationFromDisk(caCertPath, certPath, keyPath string, skipServerVerification bool) (*tls.Config, error) {`
			`config := &tls.Config{}`
			`config.InsecureSkipVerify = skipServerVerification`
feat(authentication): add LDAP authentication support (#1093) 2017-08-10 08:35:23 +00:00
fix(api): refactor TLS support (#1909) * refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement 2018-05-19 14:25:11 +00:00			`if certPath != "" && keyPath != "" {`
			`cert, err := tls.LoadX509KeyPair(certPath, keyPath)`
fix(tls): fix an issue with TLSConfig ignored when using LDAP StartTLS 2017-09-21 15:19:43 +00:00			`if err != nil {`
			`return nil, err`
feat(authentication): add LDAP authentication support (#1093) 2017-08-10 08:35:23 +00:00			`}`

fix(api): refactor TLS support (#1909) * refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement 2018-05-19 14:25:11 +00:00			`config.Certificates = []tls.Certificate{cert}`
fix(tls): fix an issue with TLSConfig ignored when using LDAP StartTLS 2017-09-21 15:19:43 +00:00			`}`
feat(api): TLS endpoint creation and init overhaul (#1173) 2017-09-14 06:08:37 +00:00
fix(api): refactor TLS support (#1909) * refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement 2018-05-19 14:25:11 +00:00			`if !skipServerVerification && caCertPath != "" {`
			`caCert, err := ioutil.ReadFile(caCertPath)`
fix(tls): fix an issue with TLSConfig ignored when using LDAP StartTLS 2017-09-21 15:19:43 +00:00			`if err != nil {`
			`return nil, err`
feat(authentication): add LDAP authentication support (#1093) 2017-08-10 08:35:23 +00:00			`}`
feat(api): TLS endpoint creation and init overhaul (#1173) 2017-09-14 06:08:37 +00:00
fix(tls): fix an issue with TLSConfig ignored when using LDAP StartTLS 2017-09-21 15:19:43 +00:00			`caCertPool := x509.NewCertPool()`
			`caCertPool.AppendCertsFromPEM(caCert)`
fix(api): refactor TLS support (#1909) * refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement 2018-05-19 14:25:11 +00:00			`config.RootCAs = caCertPool`
refactor(api): create a new structure for the Go api (#94) * refactor(api): create a new structure for the Go api * refactor(api): update the way keyFile parameter is managed 2016-08-01 01:40:12 +00:00			`}`
feat(authentication): add LDAP authentication support (#1093) 2017-08-10 08:35:23 +00:00
fix(api): refactor TLS support (#1909) * refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement 2018-05-19 14:25:11 +00:00			`return config, nil`
refactor(api): create a new structure for the Go api (#94) * refactor(api): create a new structure for the Go api * refactor(api): update the way keyFile parameter is managed 2016-08-01 01:40:12 +00:00			`}`