MCPcopy Index your code
hub / github.com/ContainerSSH/ContainerSSH / ValidateWithCerts

Method ValidateWithCerts

config/http.go:455–511  ·  view source on GitHub ↗

ValidateWithCerts validates the server configuration and returns the loaded certificates

()

Source from the content-addressed store, hash-verified

453
454// ValidateWithCerts validates the server configuration and returns the loaded certificates
455func (config *HTTPServerConfiguration) ValidateWithCerts() (*HTTPServerCerts, error) {
456 if config.Listen == "" {
457 return nil, fmt.Errorf("no listen address provided")
458 }
459 if _, _, err := net.SplitHostPort(config.Listen); err != nil {
460 return nil, fmt.Errorf("invalid listen address provided (%w)", err)
461 }
462 if config.Cert != "" && config.Key == "" {
463 return nil, fmt.Errorf("certificate provided without a key")
464 }
465 if config.Cert == "" && config.Key != "" {
466 return nil, fmt.Errorf("key provided without certificate")
467 }
468
469 result := &HTTPServerCerts{}
470
471 if config.Cert != "" && config.Key != "" {
472 pemCert, err := loadPEM(config.Cert)
473 if err != nil {
474 return nil, fmt.Errorf("failed to load certificate (%w)", err)
475 }
476 pemKey, err := loadPEM(config.Key)
477 if err != nil {
478 return nil, fmt.Errorf("failed to load key (%w)", err)
479 }
480 cert, err := tls.X509KeyPair(pemCert, pemKey)
481 if err != nil {
482 return nil, fmt.Errorf("failed to load key/certificate (%w)", err)
483 }
484 result.Cert = &cert
485
486 if err := config.TLSVersion.Validate(); err != nil {
487 return nil, fmt.Errorf("invalid TLS version (%w)", err)
488 }
489 if err := config.ECDHCurves.Validate(); err != nil {
490 return nil, fmt.Errorf("invalid curve algorithms (%w)", err)
491 }
492 if err := config.CipherSuites.Validate(); err != nil {
493 return nil, fmt.Errorf("invalid cipher suites (%w)", err)
494 }
495 }
496
497 if config.ClientCACert != "" {
498 clientCaCert, err := loadPEM(config.ClientCACert)
499 if err != nil {
500 return nil, fmt.Errorf("failed to load client CA certificate (%w)", err)
501 }
502
503 caCertPool := x509.NewCertPool()
504 if !caCertPool.AppendCertsFromPEM(clientCaCert) {
505 return nil, fmt.Errorf("failed to load client CA certificate")
506 }
507 result.ClientCAPool = caCertPool
508 }
509
510 return result, nil
511}
512

Callers 1

ValidateMethod · 0.95

Calls 3

loadPEMFunction · 0.85
ErrorfMethod · 0.65
ValidateMethod · 0.65

Tested by

no test coverage detected