From 493f75a72e97eb9365cf80f6a50901246d5687e0 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Sat, 4 Aug 2012 11:12:39 +1000 Subject: [PATCH] serverconfig: allow configuring TLS cert/key --- pkg/serverconfig/genconfig.go | 15 +++- pkg/serverconfig/testdata/tls-want.json | 96 +++++++++++++++++++++++++ pkg/serverconfig/testdata/tls.json | 15 ++++ 3 files changed, 124 insertions(+), 2 deletions(-) create mode 100644 pkg/serverconfig/testdata/tls-want.json create mode 100644 pkg/serverconfig/testdata/tls.json diff --git a/pkg/serverconfig/genconfig.go b/pkg/serverconfig/genconfig.go index c0ae9cf09..4712e94e9 100644 --- a/pkg/serverconfig/genconfig.go +++ b/pkg/serverconfig/genconfig.go @@ -17,6 +17,7 @@ limitations under the License. package serverconfig import ( + "errors" "fmt" "os" "path/filepath" @@ -237,6 +238,8 @@ func GenLowLevelConfig(conf *Config) (lowLevelConf *Config, err error) { secretRing = conf.RequiredString("identitySecretRing") blobPath = conf.RequiredString("blobPath") tlsOn = conf.OptionalBool("TLS", false) + tlsCert = conf.OptionalString("TLSCert", "") + tlsKey = conf.OptionalString("TLSKey", "") dbname = conf.OptionalString("dbname", "") mysql = conf.OptionalString("mysql", "") mongo = conf.OptionalString("mongo", "") @@ -252,8 +255,16 @@ func GenLowLevelConfig(conf *Config) (lowLevelConf *Config, err error) { scheme := "http" if tlsOn { scheme = "https" - obj["TLSCertFile"] = "config/selfgen_cert.pem" - obj["TLSKeyFile"] = "config/selfgen_key.pem" + if (tlsCert != "") != (tlsKey != "") { + return nil, errors.New("Must set both TLSCertFile and TLSKeyFile (or neither to generate a self-signed cert)") + } + if tlsCert != "" { + obj["TLSCertFile"] = tlsCert + obj["TLSKeyFile"] = tlsKey + } else { + obj["TLSCertFile"] = "config/selfgen_cert.pem" + obj["TLSKeyFile"] = "config/selfgen_key.pem" + } } obj["baseURL"] = scheme + "://" + baseUrl obj["https"] = tlsOn diff --git a/pkg/serverconfig/testdata/tls-want.json b/pkg/serverconfig/testdata/tls-want.json new file mode 100644 index 000000000..84a46b657 --- /dev/null +++ b/pkg/serverconfig/testdata/tls-want.json @@ -0,0 +1,96 @@ +{ + "baseURL": "https://1.2.3.4:443", + "auth": "userpass:camlistore:pass3179", + "https": true, + "TLSCertFile": "/tls.crt", + "TLSKeyFile": "/tls.key", + "prefixes": { + "/": { + "handler": "root", + "handlerArgs": { + "stealth": false + } + }, + + "/ui/": { + "handler": "ui", + "handlerArgs": { + "blobRoot": "/bs-and-maybe-also-index/", + "searchRoot": "/my-search/", + "jsonSignRoot": "/sighelper/", + "cache": "/cache/", + "scaledImage": "lrucache" + } + }, + + "/setup/": { + "handler": "setup" + }, + + "/sync/": { + "handler": "sync", + "handlerArgs": { + "from": "/bs/", + "to": "/index-mem/" + } + }, + + "/sighelper/": { + "handler": "jsonsign", + "handlerArgs": { + "secretRing": "/path/to/secring", + "keyId": "26F5ABDA", + "publicKeyDest": "/bs-and-index/" + } + }, + + "/bs-and-index/": { + "handler": "storage-replica", + "handlerArgs": { + "backends": ["/bs/", "/index-mem/"] + } + }, + + "/bs-and-maybe-also-index/": { + "handler": "storage-cond", + "handlerArgs": { + "write": { + "if": "isSchema", + "then": "/bs-and-index/", + "else": "/bs/" + }, + "read": "/bs/" + } + }, + + "/bs/": { + "handler": "storage-filesystem", + "handlerArgs": { + "path": "/tmp/blobs" + } + }, + + "/cache/": { + "handler": "storage-filesystem", + "handlerArgs": { + "path": "/tmp/blobs/cache" + } + }, + + "/index-mem/": { + "handler": "storage-memory-only-dev-indexer", + "handlerArgs": { + "blobSource": "/bs/" + } + }, + + "/my-search/": { + "handler": "search", + "handlerArgs": { + "index": "/index-mem/", + "owner": "sha1-f2b0b7da718b97ce8c31591d8ed4645c777f3ef4" + } + } + } + +} diff --git a/pkg/serverconfig/testdata/tls.json b/pkg/serverconfig/testdata/tls.json new file mode 100644 index 000000000..8fece7898 --- /dev/null +++ b/pkg/serverconfig/testdata/tls.json @@ -0,0 +1,15 @@ +{ + "listen": "1.2.3.4:443", + "TLS": true, + "TLSCert": "/tls.crt", + "TLSKey": "/tls.key", + "auth": "userpass:camlistore:pass3179", + "blobPath": "/tmp/blobs", + "identity": "26F5ABDA", + "identitySecretRing": "/path/to/secring", + "mysql": "", + "mongo": "", + "s3": "", + "replicateTo": [], + "publish": {} +}