mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 11:55:40 +01:00
Unify loading of client certs in checker and uploader.
This commit is contained in:
Sascha L. Teichmann
parent
1241429d19
commit
e5f584092c
2 changed files with 30 additions and 13 deletions
|
|
@ -55,6 +55,8 @@ type options struct {
|
|||
|
||||
Config *string `short:"c" long:"config" description:"Path to config ini file" value-name:"INI-FILE" no-ini:"true"`
|
||||
Version bool `long:"version" description:"Display version of the binary"`
|
||||
|
||||
clientCerts []tls.Certificate
|
||||
}
|
||||
|
||||
type processor struct {
|
||||
|
|
@ -70,6 +72,23 @@ var iniPaths = []string{
|
|||
"csaf_uploader.ini",
|
||||
}
|
||||
|
||||
func (o *options) prepare() error {
|
||||
// Load client certs.
|
||||
switch hasCert, hasKey := o.ClientCert != nil, o.ClientKey != nil; {
|
||||
|
||||
case hasCert && !hasKey || !hasCert && hasKey:
|
||||
return errors.New("both client-key and client-cert options must be set for the authentication")
|
||||
|
||||
case hasCert:
|
||||
cert, err := tls.LoadX509KeyPair(*o.ClientCert, *o.ClientKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
o.clientCerts = []tls.Certificate{cert}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// loadKey loads an OpenPGP key.
|
||||
func loadKey(filename string) (*crypto.Key, error) {
|
||||
f, err := os.Open(filename)
|
||||
|
|
@ -129,13 +148,8 @@ func (p *processor) httpClient() *http.Client {
|
|||
tlsConfig.InsecureSkipVerify = true
|
||||
}
|
||||
|
||||
if p.opts.ClientCert != nil && p.opts.ClientKey != nil {
|
||||
cert, err := tls.LoadX509KeyPair(*p.opts.ClientCert, *p.opts.ClientKey)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||
if len(p.opts.clientCerts) != 0 {
|
||||
tlsConfig.Certificates = p.opts.clientCerts
|
||||
}
|
||||
|
||||
client.Transport = &http.Transport{
|
||||
|
|
@ -398,6 +412,8 @@ func main() {
|
|||
check(iniParser.ParseFile(iniFile))
|
||||
}
|
||||
|
||||
check(opts.prepare())
|
||||
|
||||
if opts.PasswordInteractive {
|
||||
check(readInteractive("Enter auth password: ", &opts.Password))
|
||||
}
|
||||
|
|
@ -406,11 +422,6 @@ func main() {
|
|||
check(readInteractive("Enter OpenPGP passphrase: ", &opts.Passphrase))
|
||||
}
|
||||
|
||||
if opts.ClientCert != nil && opts.ClientKey == nil || opts.ClientCert == nil && opts.ClientKey != nil {
|
||||
log.Println("Both client-key and client-cert options must be set for the authentication.")
|
||||
return
|
||||
}
|
||||
|
||||
p, err := newProcessor(&opts)
|
||||
check(err)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue