2017-05-23 18:56:10 +00:00
|
|
|
package crypto
|
2016-08-01 01:40:12 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"crypto/x509"
|
|
|
|
"io/ioutil"
|
2017-09-14 06:08:37 +00:00
|
|
|
|
|
|
|
"github.com/portainer/portainer"
|
2016-08-01 01:40:12 +00:00
|
|
|
)
|
|
|
|
|
2017-05-23 18:56:10 +00:00
|
|
|
// CreateTLSConfiguration initializes a tls.Config using a CA certificate, a certificate and a key
|
2017-09-14 06:08:37 +00:00
|
|
|
func CreateTLSConfiguration(config *portainer.TLSConfiguration) (*tls.Config, error) {
|
|
|
|
TLSConfig := &tls.Config{}
|
2017-08-10 08:35:23 +00:00
|
|
|
|
2017-09-21 15:19:43 +00:00
|
|
|
if config.TLSCertPath != "" && config.TLSKeyPath != "" {
|
|
|
|
cert, err := tls.LoadX509KeyPair(config.TLSCertPath, config.TLSKeyPath)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2017-08-10 08:35:23 +00:00
|
|
|
}
|
|
|
|
|
2017-09-21 15:19:43 +00:00
|
|
|
TLSConfig.Certificates = []tls.Certificate{cert}
|
|
|
|
}
|
2017-09-14 06:08:37 +00:00
|
|
|
|
2017-09-21 15:19:43 +00:00
|
|
|
if !config.TLSSkipVerify {
|
|
|
|
caCert, err := ioutil.ReadFile(config.TLSCACertPath)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2017-08-10 08:35:23 +00:00
|
|
|
}
|
2017-09-14 06:08:37 +00:00
|
|
|
|
2017-09-21 15:19:43 +00:00
|
|
|
caCertPool := x509.NewCertPool()
|
|
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
|
|
|
|
TLSConfig.RootCAs = caCertPool
|
2016-08-01 01:40:12 +00:00
|
|
|
}
|
2017-08-10 08:35:23 +00:00
|
|
|
|
2017-09-21 15:19:43 +00:00
|
|
|
TLSConfig.InsecureSkipVerify = config.TLSSkipVerify
|
|
|
|
|
2017-09-14 06:08:37 +00:00
|
|
|
return TLSConfig, nil
|
2016-08-01 01:40:12 +00:00
|
|
|
}
|