ValidateWithCerts validates the server configuration and returns the loaded certificates
()
| 453 | |
| 454 | // ValidateWithCerts validates the server configuration and returns the loaded certificates |
| 455 | func (config *HTTPServerConfiguration) ValidateWithCerts() (*HTTPServerCerts, error) { |
| 456 | if config.Listen == "" { |
| 457 | return nil, fmt.Errorf("no listen address provided") |
| 458 | } |
| 459 | if _, _, err := net.SplitHostPort(config.Listen); err != nil { |
| 460 | return nil, fmt.Errorf("invalid listen address provided (%w)", err) |
| 461 | } |
| 462 | if config.Cert != "" && config.Key == "" { |
| 463 | return nil, fmt.Errorf("certificate provided without a key") |
| 464 | } |
| 465 | if config.Cert == "" && config.Key != "" { |
| 466 | return nil, fmt.Errorf("key provided without certificate") |
| 467 | } |
| 468 | |
| 469 | result := &HTTPServerCerts{} |
| 470 | |
| 471 | if config.Cert != "" && config.Key != "" { |
| 472 | pemCert, err := loadPEM(config.Cert) |
| 473 | if err != nil { |
| 474 | return nil, fmt.Errorf("failed to load certificate (%w)", err) |
| 475 | } |
| 476 | pemKey, err := loadPEM(config.Key) |
| 477 | if err != nil { |
| 478 | return nil, fmt.Errorf("failed to load key (%w)", err) |
| 479 | } |
| 480 | cert, err := tls.X509KeyPair(pemCert, pemKey) |
| 481 | if err != nil { |
| 482 | return nil, fmt.Errorf("failed to load key/certificate (%w)", err) |
| 483 | } |
| 484 | result.Cert = &cert |
| 485 | |
| 486 | if err := config.TLSVersion.Validate(); err != nil { |
| 487 | return nil, fmt.Errorf("invalid TLS version (%w)", err) |
| 488 | } |
| 489 | if err := config.ECDHCurves.Validate(); err != nil { |
| 490 | return nil, fmt.Errorf("invalid curve algorithms (%w)", err) |
| 491 | } |
| 492 | if err := config.CipherSuites.Validate(); err != nil { |
| 493 | return nil, fmt.Errorf("invalid cipher suites (%w)", err) |
| 494 | } |
| 495 | } |
| 496 | |
| 497 | if config.ClientCACert != "" { |
| 498 | clientCaCert, err := loadPEM(config.ClientCACert) |
| 499 | if err != nil { |
| 500 | return nil, fmt.Errorf("failed to load client CA certificate (%w)", err) |
| 501 | } |
| 502 | |
| 503 | caCertPool := x509.NewCertPool() |
| 504 | if !caCertPool.AppendCertsFromPEM(clientCaCert) { |
| 505 | return nil, fmt.Errorf("failed to load client CA certificate") |
| 506 | } |
| 507 | result.ClientCAPool = caCertPool |
| 508 | } |
| 509 | |
| 510 | return result, nil |
| 511 | } |
| 512 |