mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-07 14:28:12 +00:00
12d4d3ea0b
* fix: enable env vars in setup steps (and deprecate admin subcommand) * fix tests and error text
57 lines
1.5 KiB
Go
57 lines
1.5 KiB
Go
package network
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"errors"
|
|
"os"
|
|
)
|
|
|
|
var (
|
|
ErrMissingConfig = errors.New("TLS is enabled: please specify a key (path) and a cert (path) or disable TLS if needed (e.g. by setting flag `--tlsMode external` or `--tlsMode disabled")
|
|
)
|
|
|
|
type TLS struct {
|
|
//If enabled, ZITADEL will serve all traffic over TLS (HTTPS and gRPC)
|
|
//you must then also provide a private key and certificate to be used for the connection
|
|
//either directly or by a path to the corresponding file
|
|
Enabled bool
|
|
//Path to the private key of the TLS certificate, it will be loaded into the Key
|
|
//and overwrite any exising value
|
|
KeyPath string
|
|
//Path to the certificate for the TLS connection, it will be loaded into the Cert
|
|
//and overwrite any exising value
|
|
CertPath string
|
|
//Private key of the TLS certificate (KeyPath will this overwrite, if specified)
|
|
Key []byte
|
|
//Certificate for the TLS connection (CertPath will this overwrite, if specified)
|
|
Cert []byte
|
|
}
|
|
|
|
func (t *TLS) Config() (_ *tls.Config, err error) {
|
|
if !t.Enabled {
|
|
return nil, nil
|
|
}
|
|
if t.KeyPath != "" {
|
|
t.Key, err = os.ReadFile(t.KeyPath)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
if t.CertPath != "" {
|
|
t.Cert, err = os.ReadFile(t.CertPath)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
if t.Key == nil || t.Cert == nil {
|
|
return nil, ErrMissingConfig
|
|
}
|
|
tlsCert, err := tls.X509KeyPair(t.Cert, t.Key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &tls.Config{
|
|
Certificates: []tls.Certificate{tlsCert},
|
|
}, nil
|
|
}
|