sftpgo-mirror/common/tlsutils.go

package common

import (
	"crypto/tls"
	"sync"

	"github.com/drakkan/sftpgo/logger"
)

// CertManager defines a TLS certificate manager
type CertManager struct {
	certPath string
	keyPath  string
	sync.RWMutex
	cert *tls.Certificate
}

// LoadCertificate loads the configured x509 key pair
func (m *CertManager) LoadCertificate(logSender string) error {
	newCert, err := tls.LoadX509KeyPair(m.certPath, m.keyPath)
	if err != nil {
		logger.Warn(logSender, "", "unable to load X509 key pair, cert file %#v key file %#v error: %v",
			m.certPath, m.keyPath, err)
		return err
	}
	logger.Debug(logSender, "", "TLS certificate %#v successfully loaded", m.certPath)
	m.Lock()
	defer m.Unlock()
	m.cert = &newCert
	return nil
}

// GetCertificateFunc returns the loaded certificate
func (m *CertManager) GetCertificateFunc() func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
	return func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
		m.RLock()
		defer m.RUnlock()
		return m.cert, nil
	}
}

// NewCertManager creates a new certificate manager
func NewCertManager(certificateFile, certificateKeyFile, logSender string) (*CertManager, error) {
	manager := &CertManager{
		cert:     nil,
		certPath: certificateFile,
		keyPath:  certificateKeyFile,
	}
	err := manager.LoadCertificate(logSender)
	if err != nil {
		return nil, err
	}
	return manager, nil
}
refactoring: add common package The common package defines the interfaces that a protocol must implement and contain code that can be shared among supported protocols. This way should be easier to support new protocols 2020-07-24 21:39:38 +00:00			`package common`

			`import (`
			`"crypto/tls"`
			`"sync"`

			`"github.com/drakkan/sftpgo/logger"`
			`)`

			`// CertManager defines a TLS certificate manager`
			`type CertManager struct {`
			`certPath string`
			`keyPath string`
			`sync.RWMutex`
			`cert *tls.Certificate`
			`}`

			`// LoadCertificate loads the configured x509 key pair`
			`func (m *CertManager) LoadCertificate(logSender string) error {`
			`newCert, err := tls.LoadX509KeyPair(m.certPath, m.keyPath)`
			`if err != nil {`
add support for the venerable FTP protocol Fixes #46 2020-07-29 19:56:56 +00:00			`logger.Warn(logSender, "", "unable to load X509 key pair, cert file %#v key file %#v error: %v",`
refactoring: add common package The common package defines the interfaces that a protocol must implement and contain code that can be shared among supported protocols. This way should be easier to support new protocols 2020-07-24 21:39:38 +00:00			`m.certPath, m.keyPath, err)`
			`return err`
			`}`
			`logger.Debug(logSender, "", "TLS certificate %#v successfully loaded", m.certPath)`
			`m.Lock()`
			`defer m.Unlock()`
			`m.cert = &newCert`
			`return nil`
			`}`

			`// GetCertificateFunc returns the loaded certificate`
			`func (m CertManager) GetCertificateFunc() func(tls.ClientHelloInfo) (*tls.Certificate, error) {`
			`return func(clientHello tls.ClientHelloInfo) (tls.Certificate, error) {`
			`m.RLock()`
			`defer m.RUnlock()`
			`return m.cert, nil`
			`}`
			`}`

			`// NewCertManager creates a new certificate manager`
			`func NewCertManager(certificateFile, certificateKeyFile, logSender string) (*CertManager, error) {`
			`manager := &CertManager{`
			`cert: nil,`
			`certPath: certificateFile,`
			`keyPath: certificateKeyFile,`
			`}`
			`err := manager.LoadCertificate(logSender)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return manager, nil`
			`}`