serverconfig: allow configuring TLS cert/key

2012-08-04 11:12:39 +10:00 · 2012-08-04 11:12:39 +10:00 · 493f75a72e
parent 6fe3ae378f
commit 493f75a72e
3 changed files with 124 additions and 2 deletions
--- a/pkg/serverconfig/genconfig.go
+++ b/pkg/serverconfig/genconfig.go
@ -17,6 +17,7 @@ limitations under the License.
 package serverconfig

 import (
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@ -237,6 +238,8 @@ func GenLowLevelConfig(conf *Config) (lowLevelConf *Config, err error) {
 		secretRing = conf.RequiredString("identitySecretRing")
 		blobPath   = conf.RequiredString("blobPath")
 		tlsOn      = conf.OptionalBool("TLS", false)
+		tlsCert    = conf.OptionalString("TLSCert", "")
+		tlsKey     = conf.OptionalString("TLSKey", "")
 		dbname     = conf.OptionalString("dbname", "")
 		mysql      = conf.OptionalString("mysql", "")
 		mongo      = conf.OptionalString("mongo", "")
@ -252,8 +255,16 @@ func GenLowLevelConfig(conf *Config) (lowLevelConf *Config, err error) {
 	scheme := "http"
 	if tlsOn {
 		scheme = "https"
-		obj["TLSCertFile"] = "config/selfgen_cert.pem"
-		obj["TLSKeyFile"] = "config/selfgen_key.pem"
+		if (tlsCert != "") != (tlsKey != "") {
+			return nil, errors.New("Must set both TLSCertFile and TLSKeyFile (or neither to generate a self-signed cert)")
+		}
+		if tlsCert != "" {
+			obj["TLSCertFile"] = tlsCert
+			obj["TLSKeyFile"] = tlsKey
+		} else {
+			obj["TLSCertFile"] = "config/selfgen_cert.pem"
+			obj["TLSKeyFile"] = "config/selfgen_key.pem"
+		}
 	}
 	obj["baseURL"] = scheme + "://" + baseUrl
 	obj["https"] = tlsOn
--- a/pkg/serverconfig/testdata/tls-want.json
+++ b/pkg/serverconfig/testdata/tls-want.json
@ -0,0 +1,96 @@
+{
+	"baseURL": "https://1.2.3.4:443",
+	"auth": "userpass:camlistore:pass3179",
+	"https": true,
+        "TLSCertFile": "/tls.crt",
+        "TLSKeyFile": "/tls.key",
+	"prefixes": {
+		"/": {
+			"handler": "root",
+			"handlerArgs": {
+				"stealth": false
+			}
+		},
+
+		"/ui/": {
+			"handler": "ui",
+			"handlerArgs": {
+				"blobRoot": "/bs-and-maybe-also-index/",
+				"searchRoot": "/my-search/",
+				"jsonSignRoot": "/sighelper/",
+				"cache": "/cache/",
+				"scaledImage": "lrucache"
+			}
+		},
+
+ 		"/setup/": {
+			"handler": "setup"
+                },
+
+ 		"/sync/": {
+			"handler": "sync",
+			"handlerArgs": {
+				"from": "/bs/",
+				"to": "/index-mem/"
+			}
+		},
+	
+		"/sighelper/": {
+			"handler": "jsonsign",
+			"handlerArgs": {
+				"secretRing": "/path/to/secring",
+				"keyId": "26F5ABDA",
+				"publicKeyDest": "/bs-and-index/"
+			}
+		},
+	
+		"/bs-and-index/": {
+			"handler": "storage-replica",
+			"handlerArgs": {
+				"backends": ["/bs/", "/index-mem/"]
+			}
+		},
+	
+		"/bs-and-maybe-also-index/": {
+			"handler": "storage-cond",
+			"handlerArgs": {
+				"write": {
+					"if": "isSchema",
+					"then": "/bs-and-index/",
+					"else": "/bs/"
+				},
+				"read": "/bs/"
+			}
+		},
+	
+		"/bs/": {
+			"handler": "storage-filesystem",
+			"handlerArgs": {
+				"path": "/tmp/blobs"
+			}
+		},
+	
+		"/cache/": {
+			"handler": "storage-filesystem",
+			"handlerArgs": {
+				"path": "/tmp/blobs/cache"
+			}
+		},
+	
+		"/index-mem/": {
+			"handler": "storage-memory-only-dev-indexer",
+			"handlerArgs": {
+				"blobSource": "/bs/"
+			}
+		},
+	
+		"/my-search/": {
+			"handler": "search",
+			"handlerArgs": {
+				"index": "/index-mem/",
+				"owner": "sha1-f2b0b7da718b97ce8c31591d8ed4645c777f3ef4"
+			}
+		}
+	}
+
+}
--- a/pkg/serverconfig/testdata/tls.json
+++ b/pkg/serverconfig/testdata/tls.json
@ -0,0 +1,15 @@
+{
+	"listen": "1.2.3.4:443",
+	"TLS": true,
+	"TLSCert": "/tls.crt",
+        "TLSKey": "/tls.key",
+	"auth": "userpass:camlistore:pass3179",
+	"blobPath": "/tmp/blobs",
+	"identity": "26F5ABDA",
+	"identitySecretRing": "/path/to/secring",
+	"mysql": "",
+	"mongo": "",
+	"s3": "",
+	"replicateTo": [],
+	"publish": {}
+}