|
|
|
@ -16,11 +16,8 @@
|
|
|
|
|
package http
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/tls"
|
|
|
|
|
"crypto/x509"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"io"
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
|
|
"github.com/coreos/clair/database"
|
|
|
|
@ -31,64 +28,6 @@ import (
|
|
|
|
|
// MaxPostSize is the maximum number of bytes that ParseHTTPBody reads from an http.Request.Body.
|
|
|
|
|
const MaxBodySize int64 = 1048576
|
|
|
|
|
|
|
|
|
|
// LoadTLSClientConfig initializes a *tls.Config using the given certificates and private key, that
|
|
|
|
|
// can be used to communicate with a server using client certificate authentificate.
|
|
|
|
|
//
|
|
|
|
|
// If no certificates are given, a nil *tls.Config is returned.
|
|
|
|
|
// The CA certificate is optionnal, the system defaults are used if not provided.
|
|
|
|
|
func LoadTLSClientConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
|
|
|
|
|
if len(certFile) == 0 || len(keyFile) == 0 {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var caCertPool *x509.CertPool
|
|
|
|
|
if len(caFile) > 0 {
|
|
|
|
|
caCert, err := ioutil.ReadFile(caFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
caCertPool = x509.NewCertPool()
|
|
|
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlsConfig := &tls.Config{
|
|
|
|
|
Certificates: []tls.Certificate{cert},
|
|
|
|
|
RootCAs: caCertPool,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return tlsConfig, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// LoadTLSClientConfigForServer initializes a *tls.Config using the given CA, that can be used to
|
|
|
|
|
// configure http server to do client certificate authentification.
|
|
|
|
|
//
|
|
|
|
|
// If no CA is given, a nil *tls.Config is returned: no client certificate will be required and
|
|
|
|
|
// verified. In other words, authentification will be disabled.
|
|
|
|
|
func LoadTLSClientConfigForServer(caFile string) (*tls.Config, error) {
|
|
|
|
|
if len(caFile) == 0 {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
caCert, err := ioutil.ReadFile(caFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
caCertPool := x509.NewCertPool()
|
|
|
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
|
|
|
|
|
|
tlsConfig := &tls.Config{
|
|
|
|
|
ClientCAs: caCertPool,
|
|
|
|
|
ClientAuth: tls.RequireAndVerifyClientCert,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return tlsConfig, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// WriteHTTP writes a JSON-encoded object to a http.ResponseWriter, as well as
|
|
|
|
|
// a HTTP status code.
|
|
|
|
|
func WriteHTTP(w http.ResponseWriter, httpStatus int, v interface{}) {
|
|
|
|
|