Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

move tslconf to conf.go

Xiang Li 12 years ago
parent
3940196de0
commit
915266d5f5
2 changed files with 69 additions and 68 deletions
Unified View Show Diff Stats
  1. 69 0
      config.go
  2. 0 68
      etcd.go

+ 69 - 0
config.go
View File 

@@ -1,12 +1,19 @@
 
 package main
 
 package main
 
 
 
 import (
 
 import (
 
+	"crypto/tls"
 
+	"crypto/x509"
 
 	"encoding/json"
 
 	"encoding/json"
 
+	"encoding/pem"
 
 	"io/ioutil"
 
 	"io/ioutil"
 
 	"os"
 
 	"os"
 
 	"path/filepath"
 
 	"path/filepath"
 
 )
 
 )
 
 
 
+//--------------------------------------
 
+// Config
 
+//--------------------------------------
 
+
 
 func parseInfo(path string) *Info {
 
 func parseInfo(path string) *Info {
 
 	file, err := os.Open(path)
 
 	file, err := os.Open(path)
 
 
 
@@ -68,3 +75,65 @@ func getInfo(path string) *Info {
 
 
 
 	return info
 
 	return info
 
 }
 
 }
 
+
 
+func tlsConfigFromInfo(info TLSInfo) (t TLSConfig, ok bool) {
 
+	var keyFile, certFile, CAFile string
 
+	var tlsCert tls.Certificate
 
+	var err error
 
+
 
+	t.Scheme = "http"
 
+
 
+	keyFile = info.KeyFile
 
+	certFile = info.CertFile
 
+	CAFile = info.CAFile
 
+
 
+	// If the user do not specify key file, cert file and
 
+	// CA file, the type will be HTTP
 
+	if keyFile == "" && certFile == "" && CAFile == "" {
 
+		return t, true
 
+	}
 
+
 
+	// both the key and cert must be present
 
+	if keyFile == "" || certFile == "" {
 
+		return t, false
 
+	}
 
+
 
+	tlsCert, err = tls.LoadX509KeyPair(certFile, keyFile)
 
+	if err != nil {
 
+		fatal(err)
 
+	}
 
+
 
+	t.Scheme = "https"
 
+	t.Server.ClientAuth, t.Server.ClientCAs = newCertPool(CAFile)
 
+
 
+	// The client should trust the RootCA that the Server uses since
 
+	// everyone is a peer in the network.
 
+	t.Client.Certificates = []tls.Certificate{tlsCert}
 
+	t.Client.RootCAs = t.Server.ClientCAs
 
+
 
+	return t, true
 
+}
 
+
 
+// newCertPool creates x509 certPool and corresponding Auth Type.
 
+// If the given CAfile is valid, add the cert into the pool and verify the clients'
 
+// certs against the cert in the pool.
 
+// If the given CAfile is empty, do not verify the clients' cert.
 
+// If the given CAfile is not valid, fatal.
 
+func newCertPool(CAFile string) (tls.ClientAuthType, *x509.CertPool) {
 
+	if CAFile == "" {
 
+		return tls.NoClientCert, nil
 
+	}
 
+	pemByte, err := ioutil.ReadFile(CAFile)
 
+	check(err)
 
+
 
+	block, pemByte := pem.Decode(pemByte)
 
+
 
+	cert, err := x509.ParseCertificate(block.Bytes)
 
+	check(err)
 
+
 
+	certPool := x509.NewCertPool()
 
+
 
+	certPool.AddCert(cert)
 
+
 
+	return tls.RequireAndVerifyClientCert, certPool
 
+}

+ 0 - 68
etcd.go
View File 

@@ -2,8 +2,6 @@ package main
 
 
 
 import (
 
 import (
 
 	"crypto/tls"
 
 	"crypto/tls"
 
-	"crypto/x509"
 
-	"encoding/pem"
 
 	"flag"
 
 	"flag"
 
 	"github.com/coreos/etcd/store"
 
 	"github.com/coreos/etcd/store"
 
 	"github.com/coreos/etcd/web"
 
 	"github.com/coreos/etcd/web"
 
@@ -243,69 +241,3 @@ func startEtcdTransport(info Info, scheme string, tlsConf tls.Config) {
 
 		fatal(server.ListenAndServeTLS(info.EtcdTLS.CertFile, info.EtcdTLS.KeyFile))
 
 		fatal(server.ListenAndServeTLS(info.EtcdTLS.CertFile, info.EtcdTLS.KeyFile))
 
 	}
 
 	}
 
 }
 
 }
 
-
 
-//--------------------------------------
 
-// Config
 
-//--------------------------------------
 
-
 
-func tlsConfigFromInfo(info TLSInfo) (t TLSConfig, ok bool) {
 
-	var keyFile, certFile, CAFile string
 
-	var tlsCert tls.Certificate
 
-	var err error
 
-
 
-	t.Scheme = "http"
 
-
 
-	keyFile = info.KeyFile
 
-	certFile = info.CertFile
 
-	CAFile = info.CAFile
 
-
 
-	// If the user do not specify key file, cert file and
 
-	// CA file, the type will be HTTP
 
-	if keyFile == "" && certFile == "" && CAFile == "" {
 
-		return t, true
 
-	}
 
-
 
-	// both the key and cert must be present
 
-	if keyFile == "" || certFile == "" {
 
-		return t, false
 
-	}
 
-
 
-	tlsCert, err = tls.LoadX509KeyPair(certFile, keyFile)
 
-	if err != nil {
 
-		fatal(err)
 
-	}
 
-
 
-	t.Scheme = "https"
 
-	t.Server.ClientAuth, t.Server.ClientCAs = newCertPool(CAFile)
 
-
 
-	// The client should trust the RootCA that the Server uses since
 
-	// everyone is a peer in the network.
 
-	t.Client.Certificates = []tls.Certificate{tlsCert}
 
-	t.Client.RootCAs = t.Server.ClientCAs
 
-
 
-	return t, true
 
-}
 
-
 
-// newCertPool creates x509 certPool and corresponding Auth Type.
 
-// If the given CAfile is valid, add the cert into the pool and verify the clients'
 
-// certs against the cert in the pool.
 
-// If the given CAfile is empty, do not verify the clients' cert.
 
-// If the given CAfile is not valid, fatal.
 
-func newCertPool(CAFile string) (tls.ClientAuthType, *x509.CertPool) {
 
-	if CAFile == "" {
 
-		return tls.NoClientCert, nil
 
-	}
 
-	pemByte, err := ioutil.ReadFile(CAFile)
 
-	check(err)
 
-
 
-	block, pemByte := pem.Decode(pemByte)
 
-
 
-	cert, err := x509.ParseCertificate(block.Bytes)
 
-	check(err)
 
-
 
-	certPool := x509.NewCertPool()
 
-
 
-	certPool.AddCert(cert)
 
-
 
-	return tls.RequireAndVerifyClientCert, certPool
 
-}