From e5f584092c81be1d779cfd88e3b75432015e4007 Mon Sep 17 00:00:00 2001 From: "Sascha L. Teichmann" Date: Wed, 27 Jul 2022 01:28:37 +0200 Subject: [PATCH] Unify loading of client certs in checker and uploader. --- cmd/csaf_checker/main.go | 8 +++++++- cmd/csaf_uploader/main.go | 35 +++++++++++++++++++++++------------ 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/cmd/csaf_checker/main.go b/cmd/csaf_checker/main.go index 42c35cf..8e06274 100644 --- a/cmd/csaf_checker/main.go +++ b/cmd/csaf_checker/main.go @@ -13,6 +13,7 @@ import ( "crypto/tls" _ "embed" // Used for embedding. "encoding/json" + "errors" "fmt" "html/template" "io" @@ -51,7 +52,12 @@ func errCheck(err error) { func (o *options) prepare() error { // Load client certs. - if o.ClientCert != nil && o.ClientKey != nil { + switch hasCert, hasKey := o.ClientCert != nil, o.ClientKey != nil; { + + case hasCert && !hasKey || !hasCert && hasKey: + return errors.New("both client-key and client-cert options must be set for the authentication") + + case hasCert: cert, err := tls.LoadX509KeyPair(*o.ClientCert, *o.ClientKey) if err != nil { return err diff --git a/cmd/csaf_uploader/main.go b/cmd/csaf_uploader/main.go index 5df2bc6..8122e68 100644 --- a/cmd/csaf_uploader/main.go +++ b/cmd/csaf_uploader/main.go @@ -55,6 +55,8 @@ type options struct { Config *string `short:"c" long:"config" description:"Path to config ini file" value-name:"INI-FILE" no-ini:"true"` Version bool `long:"version" description:"Display version of the binary"` + + clientCerts []tls.Certificate } type processor struct { @@ -70,6 +72,23 @@ var iniPaths = []string{ "csaf_uploader.ini", } +func (o *options) prepare() error { + // Load client certs. + switch hasCert, hasKey := o.ClientCert != nil, o.ClientKey != nil; { + + case hasCert && !hasKey || !hasCert && hasKey: + return errors.New("both client-key and client-cert options must be set for the authentication") + + case hasCert: + cert, err := tls.LoadX509KeyPair(*o.ClientCert, *o.ClientKey) + if err != nil { + return err + } + o.clientCerts = []tls.Certificate{cert} + } + return nil +} + // loadKey loads an OpenPGP key. func loadKey(filename string) (*crypto.Key, error) { f, err := os.Open(filename) @@ -129,13 +148,8 @@ func (p *processor) httpClient() *http.Client { tlsConfig.InsecureSkipVerify = true } - if p.opts.ClientCert != nil && p.opts.ClientKey != nil { - cert, err := tls.LoadX509KeyPair(*p.opts.ClientCert, *p.opts.ClientKey) - if err != nil { - log.Fatal(err) - } - - tlsConfig.Certificates = []tls.Certificate{cert} + if len(p.opts.clientCerts) != 0 { + tlsConfig.Certificates = p.opts.clientCerts } client.Transport = &http.Transport{ @@ -398,6 +412,8 @@ func main() { check(iniParser.ParseFile(iniFile)) } + check(opts.prepare()) + if opts.PasswordInteractive { check(readInteractive("Enter auth password: ", &opts.Password)) } @@ -406,11 +422,6 @@ func main() { check(readInteractive("Enter OpenPGP passphrase: ", &opts.Passphrase)) } - if opts.ClientCert != nil && opts.ClientKey == nil || opts.ClientCert == nil && opts.ClientKey != nil { - log.Println("Both client-key and client-cert options must be set for the authentication.") - return - } - p, err := newProcessor(&opts) check(err)