实现HTTPS配置

2026-04-29 02:05:18 +08:00 · 2020-10-01 16:01:28 +08:00
parent 23bc7e03ee
commit 5ed4393e2a
6 changed files with 825 additions and 12 deletions
--- a/pkg/serverconfigs/protocol_https_config.go
+++ b/pkg/serverconfigs/protocol_https_config.go
@@ -6,8 +6,8 @@ import "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 type HTTPSProtocolConfig struct {
 	BaseProtocol `yaml:",inline"`

-	SSLPolicyRef *sslconfigs.SSLRef    `yaml:"sslPolicyRef" json:"sslPolicyRef"`
-	SSLPolicy    *sslconfigs.SSLPolicy `yaml:"sslPolicy" json:"sslPolicy"`
+	SSLPolicyRef *sslconfigs.SSLPolicyRef `yaml:"sslPolicyRef" json:"sslPolicyRef"`
+	SSLPolicy    *sslconfigs.SSLPolicy    `yaml:"sslPolicy" json:"sslPolicy"`
 }

 // 初始化
--- a/pkg/serverconfigs/protocol_tls_config.go
+++ b/pkg/serverconfigs/protocol_tls_config.go
@@ -6,8 +6,8 @@ import "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 type TLSProtocolConfig struct {
 	BaseProtocol `yaml:",inline"`

-	SSLPolicyRef *sslconfigs.SSLRef    `yaml:"sslPolicyRef" json:"sslPolicyRef"`
-	SSLPolicy    *sslconfigs.SSLPolicy `yaml:"sslPolicy" json:"sslPolicy"`
+	SSLPolicyRef *sslconfigs.SSLPolicyRef `yaml:"sslPolicyRef" json:"sslPolicyRef"`
+	SSLPolicy    *sslconfigs.SSLPolicy    `yaml:"sslPolicy" json:"sslPolicy"`
 }

 // 初始化
--- a/pkg/serverconfigs/sslconfigs/ssl_policy.go
+++ b/pkg/serverconfigs/sslconfigs/ssl_policy.go
@@ -3,7 +3,6 @@ package sslconfigs
 import (
 	"crypto/tls"
 	"crypto/x509"
-	"errors"
 )

 // TLS Version
@@ -20,11 +19,14 @@ type SSLPolicy struct {
 	CertRefs       []*SSLCertRef     `yaml:"certRefs" json:"certRefs"`
 	Certs          []*SSLCertConfig  `yaml:"certs" json:"certs"`
 	ClientAuthType SSLClientAuthType `yaml:"clientAuthType" json:"clientAuthType"` // 客户端认证类型
+	ClientCARefs   []*SSLCertRef     `yaml:"clientCARefs" json:"clientCARefs"`     // 客户端认证CA证书引用
+	ClientCACerts  []*SSLCertConfig  `yaml:"clientCACerts" json:"clientCACerts"`   // 客户端认证CA

-	MinVersion   TLSVersion       `yaml:"minVersion" json:"minVersion"`     // 支持的最小版本
-	CipherSuites []TLSCipherSuite `yaml:"cipherSuites" json:"cipherSuites"` // 加密算法套件
+	MinVersion       TLSVersion       `yaml:"minVersion" json:"minVersion"`             // 支持的最小版本
+	CipherSuitesIsOn bool             `yaml:"cipherSuitesIsOn" json:"cipherSuitesIsOn"` // 是否自定义加密算法套件
+	CipherSuites     []TLSCipherSuite `yaml:"cipherSuites" json:"cipherSuites"`         // 加密算法套件

-	HSTS         *HSTSConfig `yaml:"hsts2" json:"hsts"`                // HSTS配置，yaml之所以使用hsts2，是因为要和以前的版本分开
+	HSTS         *HSTSConfig `yaml:"hsts" json:"hsts"`                 // HSTS配置
 	HTTP2Enabled bool        `yaml:"http2Enabled" json:"http2Enabled"` // 是否启用HTTP2

 	nameMapping map[string]*tls.Certificate // dnsName => cert
@@ -37,11 +39,16 @@ type SSLPolicy struct {

 // 校验配置
 func (this *SSLPolicy) Init() error {
-	if len(this.Certs) == 0 {
-		return errors.New("no certificates in https config")
+	// certs
+	for _, cert := range this.Certs {
+		err := cert.Init()
+		if err != nil {
+			return err
+		}
 	}

-	for _, cert := range this.Certs {
+	// CA certs
+	for _, cert := range this.ClientCACerts {
 		err := cert.Init()
 		if err != nil {
 			return err
--- a/pkg/serverconfigs/sslconfigs/ssl_policy_ref.go
+++ b/pkg/serverconfigs/sslconfigs/ssl_policy_ref.go
@@ -1,6 +1,6 @@
 package sslconfigs

-type SSLRef struct {
+type SSLPolicyRef struct {
 	IsOn        bool  `yaml:"isOn" json:"isOn"`
 	SSLPolicyId int64 `yaml:"sslPolicyId" json:"sslPolicyId"`
 }