feat(https): support load certificate from base64 input. (#337)
This commit is contained in:
parent
2d2f62d19b
commit
398b77744c
|
@ -63,6 +63,28 @@ func TestRunTLSServer(t *testing.T) {
|
||||||
gofight.TestRequest(t, "https://localhost:8087/api/stat/go")
|
gofight.TestRequest(t, "https://localhost:8087/api/stat/go")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestRunTLSBase64Server(t *testing.T) {
|
||||||
|
var cert = `LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMrekNDQWVPZ0F3SUJBZ0lKQUxiWkVEdlVRckZLTUEwR0NTcUdTSWIzRFFFQkJRVUFNQlF4RWpBUUJnTlYKQkFNTUNXeHZZMkZzYUc5emREQWVGdzB4TmpBek1qZ3dNek13TkRGYUZ3MHlOakF6TWpZd016TXdOREZhTUJReApFakFRQmdOVkJBTU1DV3h2WTJGc2FHOXpkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DCmdnRUJBTWoxK3hnNGpWTHpWbkI1ajduMXVsMzBXRUU0QkN6Y05GeGc1QU9CNUg1cSt3amUwWVlpVkZnNlBReXYKR0NpcHFJUlhWUmRWUTFoSFNldW5ZR0tlOGxxM1NiMVg4UFVKMTJ2OXVSYnBTOURLMU93cWs4cnNQRHU2c1ZUTApxS0tnSDFaOHlhenphUzBBYlh1QTVlOWdPL1J6aWpibnBFUCtxdU00ZHVlaU1QVkVKeUxxK0VvSVFZK01NOE1QCjhkWnpMNFhabDd3TDRVc0NON3JQY082VzN0bG5UMGlPM2g5Yy9ZbTJoRmh6K0tOSjlLUlJDdnRQR1pFU2lndEsKYkhzWEgwOTlXRG84di9XcDUvZXZCdy8rSkQwb3B4bUNmSElCQUxIdDl2NTNSdnZzRFoxdDMzUnB1NUM4em5FWQpZMkF5N05neGhxanFvV0pxQTQ4bEplQTBjbHNDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkMwYlRVMVhvZmVoCk5LSWVsYXNoSXNxS2lkRFlNQjhHQTFVZEl3UVlNQmFBRkMwYlRVMVhvZmVoTktJZWxhc2hJc3FLaWREWU1Bd0cKQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFBaUpMOElNVHdOWDlYcVFXWURGZ2tHNApBbnJWd1FocmVBcUM5clN4RENqcXFuTUhQSEd6Y0NlRE1MQU1vaDBrT3kyMG5vd1VHTnRDWjB1QnZuWDJxMWJOCmcxanQrR0JjTEpEUjNMTDRDcE5PbG0zWWhPeWN1TmZXTXhUQTdCWGttblNyWkQvN0toQXJzQkVZOGF1bHh3S0oKSFJnTmxJd2Uxb0ZEMVlkWDFCUzVwcDR0MjVCNlZxNEEzRk1NVWtWb1dFNjg4bkUxNjhodlFnd2pySGtnSGh3ZQplTjhsR0UyRGhGcmFYbldtRE1kd2FIRDNIUkZHaHlwcElGTitmN0JxYldYOWdNK1QyWVJUZk9iSVhMV2JxSkxECjNNay9Oa3hxVmNnNGVZNTR3SjF1ZkNVR0FZQUlhWTZmUXFpTlV6OG5od0szdDQ1TkJWVDl5L3VKWHFuVEx5WT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=`
|
||||||
|
var key = `LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBeVBYN0dEaU5Vdk5XY0htUHVmVzZYZlJZUVRnRUxOdzBYR0RrQTRIa2ZtcjdDTjdSCmhpSlVXRG85REs4WUtLbW9oRmRWRjFWRFdFZEo2NmRnWXA3eVdyZEp2VmZ3OVFuWGEvMjVGdWxMME1yVTdDcVQKeXV3OE83cXhWTXVvb3FBZlZuekpyUE5wTFFCdGU0RGw3MkE3OUhPS051ZWtRLzZxNHpoMjU2SXc5VVFuSXVyNApTZ2hCajR3end3L3gxbk12aGRtWHZBdmhTd0kzdXM5dzdwYmUyV2RQU0k3ZUgxejlpYmFFV0hQNG8wbjBwRkVLCiswOFprUktLQzBwc2V4Y2ZUMzFZT2p5Lzlhbm45NjhIRC80a1BTaW5HWUo4Y2dFQXNlMzIvbmRHKyt3Tm5XM2YKZEdtN2tMek9jUmhqWURMczJER0dxT3FoWW1vRGp5VWw0RFJ5V3dJREFRQUJBb0lCQUdUS3FzTjlLYlNmQTQycQpDcUkwVXVMb3VKTU5hMXFzbno1dUFpNllLV2dXZEE0QTQ0bXBFakNtRlJTVmhVSnZ4V3VLK2N5WUlRelh4SVdECkQxNm5aZHFGNzJBZUNXWjlKeVNzdnZaMDBHZktNM3kzNWlSeTA4c0pXZ096bWNMbkdKQ2lTZXlLc1FlM0hUSkMKZGhEWGJYcXZzSFRWUFpnMDFMVGVEeFVpVGZmVThOTUtxUjJBZWNRMnNURHdYRWhBblR5QXRuemwvWGFCZ0Z6dQpVNkc3RnpHTTV5OWJ4a2ZRVmt2eStERUprSEdOT2p6d2NWZkJ5eVZsNjEwaXhtRzF2bXhWajlQYldtSVBzVVY4CnlTbWpodkRRYk9mb3hXMGg5dlRsVHFHdFFjQnc5NjJvc25ERE1XRkNkTTdsek8wVDdSUm5QVkdJUnBDSk9LaHEKa2VxSEt3RUNnWUVBOHd3SS9pWnVnaG9UWFRORzlMblFRL1dBdHNxTzgwRWpNVFVoZW81STFrT3ptVXowOXB5aAppQXNVRG9OMC8yNnRaNVdOamxueVp1N2R2VGMveDNkVFpwbU5ub284Z2NWYlFORUNEUnpxZnVROVBQWG0xU041CjZwZUJxQXZCdjc4aGpWMDVhWHpQRy9WQmJlaWc3bDI5OUVhckVBK2Evb0gzS3JnRG9xVnFFMEVDZ1lFQTA2dkEKWUptZ2c0ZlpSdWNBWW9hWXNMejlaOXJDRmpUZTFQQlRtVUprYk9SOHZGSUhIVFRFV2kvU3V4WEwwd0RTZW9FMgo3QlFtODZnQ0M3L0tnUmRyem9CcVo1cVM5TXYyZHNMZ1k2MzVWU2dqamZaa1ZMaUgxVlJScFNRT2JZbmZveXNnCmdhdGNIU0tNRXhkNFNMUUJ5QXVJbVhQK0w1YXlEQmNFSmZicVNwc0NnWUI3OElzMWIwdXpOTERqT2g3WTlWaHIKRDJxUHpFT1JjSW9Oc2RaY3RPb1h1WGFBbW1uZ3lJYm01UjlaTjFnV1djNDdvRndMVjNyeFdxWGdzNmZtZzhjWAo3djMwOXZGY0M5UTQvVnhhYTRCNUxOSzluM2dUQUlCUFRPdGxVbmwrMm15MXRmQnRCcVJtMFc2SUtiVEhXUzVnCnZ4akVtL0NpRUl5R1VFZ3FUTWdIQVFLQmdCS3VYZFFvdXRuZzYzUXVmd0l6RHRiS1Z6TUxRNFhpTktobWJYcGgKT2F2Q25wK2dQYkIrTDdZbDhsdEFtVFNPSmdWWjBoY1QwRHhBMzYxWngrMk11NThHQmw0T2JsbmNobXdFMXZqMQpLY1F5UHJFUXhkb1VUeWlzd0dmcXZyczhKOWltdmIrejkvVTZUMUtBQjhXaTNXVmlYelByNE1zaWFhUlhnNjQyCkZJZHhBb0dBWjcvNzM1ZGtoSmN5T2ZzK0xLc0xyNjhKU3N0b29yWE9ZdmRNdTErSkdhOWlMdWhuSEVjTVZXQzgKSXVpaHpQZmxvWnRNYkdZa1pKbjhsM0JlR2Q4aG1mRnRnVGdaR1BvVlJldGZ0MkxERkxuUHhwMnNFSDVPRkxzUQpSK0sva0FPdWw4ZVN0V3VNWE9GQTlwTXpHa0dFZ0lGSk1KT3lhSk9OM2tlZFFJOGRlQ009Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==`
|
||||||
|
initTest()
|
||||||
|
|
||||||
|
PushConf.Core.SSL = true
|
||||||
|
PushConf.Core.Port = "8089"
|
||||||
|
PushConf.Core.CertPath = ""
|
||||||
|
PushConf.Core.KeyPath = ""
|
||||||
|
PushConf.Core.CertBase64 = cert
|
||||||
|
PushConf.Core.KeyBase64 = key
|
||||||
|
|
||||||
|
go func() {
|
||||||
|
assert.NoError(t, RunHTTPServer())
|
||||||
|
}()
|
||||||
|
// have to wait for the goroutine to start and run the server
|
||||||
|
// otherwise the main thread will complete
|
||||||
|
time.Sleep(5 * time.Millisecond)
|
||||||
|
|
||||||
|
gofight.TestRequest(t, "https://localhost:8089/api/stat/go")
|
||||||
|
}
|
||||||
|
|
||||||
func TestRunAutoTLSServer(t *testing.T) {
|
func TestRunAutoTLSServer(t *testing.T) {
|
||||||
initTest()
|
initTest()
|
||||||
PushConf.Core.AutoTLS.Enabled = true
|
PushConf.Core.AutoTLS.Enabled = true
|
||||||
|
@ -85,6 +107,21 @@ func TestLoadTLSCertError(t *testing.T) {
|
||||||
assert.Error(t, RunHTTPServer())
|
assert.Error(t, RunHTTPServer())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestMissingTLSCertConfg(t *testing.T) {
|
||||||
|
initTest()
|
||||||
|
|
||||||
|
PushConf.Core.SSL = true
|
||||||
|
PushConf.Core.Port = "8087"
|
||||||
|
PushConf.Core.CertPath = ""
|
||||||
|
PushConf.Core.KeyPath = ""
|
||||||
|
PushConf.Core.CertBase64 = ""
|
||||||
|
PushConf.Core.KeyBase64 = ""
|
||||||
|
|
||||||
|
err := RunHTTPServer()
|
||||||
|
assert.Error(t, RunHTTPServer())
|
||||||
|
assert.Equal(t, "missing https cert config", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
func TestRootHandler(t *testing.T) {
|
func TestRootHandler(t *testing.T) {
|
||||||
initTest()
|
initTest()
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,8 @@ package gorush
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
"encoding/base64"
|
||||||
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/facebookgo/grace/gracehttp"
|
"github.com/facebookgo/grace/gracehttp"
|
||||||
|
@ -19,7 +21,7 @@ func RunHTTPServer() (err error) {
|
||||||
LogAccess.Debug("HTTPD server is running on " + PushConf.Core.Port + " port.")
|
LogAccess.Debug("HTTPD server is running on " + PushConf.Core.Port + " port.")
|
||||||
if PushConf.Core.AutoTLS.Enabled {
|
if PushConf.Core.AutoTLS.Enabled {
|
||||||
err = gracehttp.Serve(autoTLSServer())
|
err = gracehttp.Serve(autoTLSServer())
|
||||||
} else if PushConf.Core.SSL && PushConf.Core.CertPath != "" && PushConf.Core.KeyPath != "" {
|
} else if PushConf.Core.SSL {
|
||||||
config := &tls.Config{
|
config := &tls.Config{
|
||||||
MinVersion: tls.VersionTLS10,
|
MinVersion: tls.VersionTLS10,
|
||||||
}
|
}
|
||||||
|
@ -29,10 +31,26 @@ func RunHTTPServer() (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
config.Certificates = make([]tls.Certificate, 1)
|
config.Certificates = make([]tls.Certificate, 1)
|
||||||
config.Certificates[0], err = tls.LoadX509KeyPair(PushConf.Core.CertPath, PushConf.Core.KeyPath)
|
if PushConf.Core.CertPath != "" && PushConf.Core.KeyPath != "" {
|
||||||
if err != nil {
|
config.Certificates[0], err = tls.LoadX509KeyPair(PushConf.Core.CertPath, PushConf.Core.KeyPath)
|
||||||
LogError.Error("Failed to load https cert file: ", err)
|
if err != nil {
|
||||||
return err
|
LogError.Error("Failed to load https cert file: ", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
} else if PushConf.Core.CertBase64 != "" && PushConf.Core.KeyBase64 != "" {
|
||||||
|
cert, err := base64.StdEncoding.DecodeString(PushConf.Core.CertBase64)
|
||||||
|
if err != nil {
|
||||||
|
LogError.Error("base64 decode error:", err.Error())
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
key, err := base64.StdEncoding.DecodeString(PushConf.Core.KeyBase64)
|
||||||
|
if err != nil {
|
||||||
|
LogError.Error("base64 decode error:", err.Error())
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
config.Certificates[0], err = tls.X509KeyPair(cert, key)
|
||||||
|
} else {
|
||||||
|
return errors.New("missing https cert config")
|
||||||
}
|
}
|
||||||
|
|
||||||
err = gracehttp.Serve(&http.Server{
|
err = gracehttp.Serve(&http.Server{
|
||||||
|
|
Loading…
Reference in New Issue