2017-11-09 12:16:03 +01:00
package tls
import (
"crypto/tls"
"fmt"
"strings"
2017-12-08 11:02:03 +01:00
"github.com/containous/traefik/log"
2018-01-22 12:16:03 +01:00
"github.com/sirupsen/logrus"
2017-12-08 11:02:03 +01:00
)
const (
certificateHeader = "-----BEGIN CERTIFICATE-----\n"
2017-11-09 12:16:03 +01:00
)
2017-11-10 10:30:04 +01:00
// ClientCA defines traefik CA files for a entryPoint
// and it indicates if they are mandatory or have just to be analyzed if provided
type ClientCA struct {
2018-08-29 11:36:03 +02:00
Files FilesOrContents
2017-11-10 10:30:04 +01:00
Optional bool
}
2017-11-09 12:16:03 +01:00
// TLS configures TLS for an entry point
type TLS struct {
2018-07-06 02:30:03 -06:00
MinVersion string ` export:"true" `
CipherSuites [ ] string
Certificates Certificates
2018-08-29 11:36:03 +02:00
ClientCAFiles FilesOrContents // Deprecated
2018-07-06 02:30:03 -06:00
ClientCA ClientCA
DefaultCertificate * Certificate
SniStrict bool ` export:"true" `
2017-11-09 12:16:03 +01:00
}
2018-08-29 11:36:03 +02:00
// FilesOrContents hold the CA we want to have in root
type FilesOrContents [ ] FileOrContent
2017-11-09 12:16:03 +01:00
// Configuration allows mapping a TLS certificate to a list of entrypoints
type Configuration struct {
EntryPoints [ ] string
Certificate * Certificate
}
// String is the method to format the flag's value, part of the flag.Value interface.
// The String method's output will be used in diagnostics.
2018-08-29 11:36:03 +02:00
func ( r * FilesOrContents ) String ( ) string {
2017-11-09 12:16:03 +01:00
sliceOfString := make ( [ ] string , len ( [ ] FileOrContent ( * r ) ) )
for key , value := range * r {
sliceOfString [ key ] = value . String ( )
}
return strings . Join ( sliceOfString , "," )
}
// Set is the method to set the flag value, part of the flag.Value interface.
// Set's argument is a string to be parsed to set the flag.
// It's a comma-separated list, so we split it.
2018-08-29 11:36:03 +02:00
func ( r * FilesOrContents ) Set ( value string ) error {
filesOrContents := strings . Split ( value , "," )
if len ( filesOrContents ) == 0 {
return fmt . Errorf ( "bad FilesOrContents format: %s" , value )
2017-11-09 12:16:03 +01:00
}
2018-08-29 11:36:03 +02:00
for _ , fileOrContent := range filesOrContents {
* r = append ( * r , FileOrContent ( fileOrContent ) )
2017-11-09 12:16:03 +01:00
}
return nil
}
2018-08-29 11:36:03 +02:00
// Get return the FilesOrContents list
func ( r * FilesOrContents ) Get ( ) interface { } {
2017-12-18 09:14:03 +01:00
return * r
2017-11-09 12:16:03 +01:00
}
2018-08-29 11:36:03 +02:00
// SetValue sets the FilesOrContents with val
func ( r * FilesOrContents ) SetValue ( val interface { } ) {
* r = val . ( FilesOrContents )
2017-11-09 12:16:03 +01:00
}
// Type is type of the struct
2018-08-29 11:36:03 +02:00
func ( r * FilesOrContents ) Type ( ) string {
return "filesorcontents"
2017-11-09 12:16:03 +01:00
}
2018-01-23 16:30:07 +01:00
// SortTLSPerEntryPoints converts TLS configuration sorted by Certificates into TLS configuration sorted by EntryPoints
2018-03-06 10:12:04 +01:00
func SortTLSPerEntryPoints ( configurations [ ] * Configuration , epConfiguration map [ string ] map [ string ] * tls . Certificate , defaultEntryPoints [ ] string ) error {
2017-11-09 12:16:03 +01:00
if epConfiguration == nil {
2018-03-06 10:12:04 +01:00
epConfiguration = make ( map [ string ] map [ string ] * tls . Certificate )
2017-11-09 12:16:03 +01:00
}
for _ , conf := range configurations {
2017-12-08 11:02:03 +01:00
if conf . EntryPoints == nil || len ( conf . EntryPoints ) == 0 {
if log . GetLevel ( ) >= logrus . DebugLevel {
certName := conf . Certificate . CertFile . String ( )
// Truncate certificate information only if it's a well formed certificate content with more than 50 characters
if ! conf . Certificate . CertFile . IsPath ( ) && strings . HasPrefix ( conf . Certificate . CertFile . String ( ) , certificateHeader ) && len ( conf . Certificate . CertFile . String ( ) ) > len ( certificateHeader ) + 50 {
certName = strings . TrimPrefix ( conf . Certificate . CertFile . String ( ) , certificateHeader ) [ : 50 ]
}
log . Debugf ( "No entryPoint is defined to add the certificate %s, it will be added to the default entryPoints: %s" , certName , strings . Join ( defaultEntryPoints , ", " ) )
}
conf . EntryPoints = append ( conf . EntryPoints , defaultEntryPoints ... )
}
2017-11-09 12:16:03 +01:00
for _ , ep := range conf . EntryPoints {
if err := conf . Certificate . AppendCertificates ( epConfiguration , ep ) ; err != nil {
return err
}
}
}
return nil
}