SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Unify loading of client certs in checker and uploader.

Browse source
This commit is contained in:
Sascha L. Teichmann 2022-07-27 01:28:37 +02:00
parent 1241429d19
commit e5f584092c
2 changed files with 30 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cmd/csaf_checker/main.go
View file

@ -13,6 +13,7 @@ import (
"crypto/tls" "crypto/tls"
_ "embed" // Used for embedding. _ "embed" // Used for embedding.
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"html/template" "html/template"
"io" "io"
@ -51,7 +52,12 @@ func errCheck(err error) {
func (o *options) prepare() error { func (o *options) prepare() error {
// Load client certs. // Load client certs.
if o.ClientCert != nil && o.ClientKey != nil { switch hasCert, hasKey := o.ClientCert != nil, o.ClientKey != nil; {
case hasCert && !hasKey || !hasCert && hasKey:
return errors.New("both client-key and client-cert options must be set for the authentication")
case hasCert:
cert, err := tls.LoadX509KeyPair(*o.ClientCert, *o.ClientKey) cert, err := tls.LoadX509KeyPair(*o.ClientCert, *o.ClientKey)
if err != nil { if err != nil {
return err return err

35
cmd/csaf_uploader/main.go
View file

@ -55,6 +55,8 @@ type options struct {
Config *string `short:"c" long:"config" description:"Path to config ini file" value-name:"INI-FILE" no-ini:"true"` Config *string `short:"c" long:"config" description:"Path to config ini file" value-name:"INI-FILE" no-ini:"true"`
Version bool `long:"version" description:"Display version of the binary"` Version bool `long:"version" description:"Display version of the binary"`
clientCerts []tls.Certificate
} }
type processor struct { type processor struct {
@ -70,6 +72,23 @@ var iniPaths = []string{
"csaf_uploader.ini", "csaf_uploader.ini",
} }
func (o *options) prepare() error {
// Load client certs.
switch hasCert, hasKey := o.ClientCert != nil, o.ClientKey != nil; {
case hasCert && !hasKey || !hasCert && hasKey:
return errors.New("both client-key and client-cert options must be set for the authentication")
case hasCert:
cert, err := tls.LoadX509KeyPair(*o.ClientCert, *o.ClientKey)
if err != nil {
return err
}
o.clientCerts = []tls.Certificate{cert}
}
return nil
}
// loadKey loads an OpenPGP key. // loadKey loads an OpenPGP key.
func loadKey(filename string) (*crypto.Key, error) { func loadKey(filename string) (*crypto.Key, error) {
f, err := os.Open(filename) f, err := os.Open(filename)
@ -129,13 +148,8 @@ func (p *processor) httpClient() *http.Client {
tlsConfig.InsecureSkipVerify = true tlsConfig.InsecureSkipVerify = true
} }
if p.opts.ClientCert != nil && p.opts.ClientKey != nil { if len(p.opts.clientCerts) != 0 {
cert, err := tls.LoadX509KeyPair(*p.opts.ClientCert, *p.opts.ClientKey) tlsConfig.Certificates = p.opts.clientCerts
if err != nil {
log.Fatal(err)
}
tlsConfig.Certificates = []tls.Certificate{cert}
} }
client.Transport = &http.Transport{ client.Transport = &http.Transport{
@ -398,6 +412,8 @@ func main() {
check(iniParser.ParseFile(iniFile)) check(iniParser.ParseFile(iniFile))
} }
check(opts.prepare())
if opts.PasswordInteractive { if opts.PasswordInteractive {
check(readInteractive("Enter auth password: ", &opts.Password)) check(readInteractive("Enter auth password: ", &opts.Password))
} }
@ -406,11 +422,6 @@ func main() {
check(readInteractive("Enter OpenPGP passphrase: ", &opts.Passphrase)) check(readInteractive("Enter OpenPGP passphrase: ", &opts.Passphrase))
} }
if opts.ClientCert != nil && opts.ClientKey == nil || opts.ClientCert == nil && opts.ClientKey != nil {
log.Println("Both client-key and client-cert options must be set for the authentication.")
return
}
p, err := newProcessor(&opts) p, err := newProcessor(&opts)
check(err) check(err)