Don't keep certificates and keys encoded with base64 in yaml config

This commit is contained in:
Eugene Bujak 2019-02-12 17:23:03 +03:00 committed by Eugene Bujak
parent 35b5f4b48b
commit 0aeca6bbf5
1 changed files with 11 additions and 0 deletions

View File

@ -1034,6 +1034,14 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
// --- // ---
func handleTLSStatus(w http.ResponseWriter, r *http.Request) { func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
data := config.TLS data := config.TLS
if data.CertificateChain != "" {
encoded := base64.StdEncoding.EncodeToString([]byte(data.CertificateChain))
data.CertificateChain = string(encoded)
}
if data.PrivateKey != "" {
encoded := base64.StdEncoding.EncodeToString([]byte(data.PrivateKey))
data.PrivateKey = string(encoded)
}
err := json.NewEncoder(w).Encode(&data) err := json.NewEncoder(w).Encode(&data)
if err != nil { if err != nil {
httpError(w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err) httpError(w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err)
@ -1057,6 +1065,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
httpError(w, http.StatusBadRequest, "Failed to base64-decode certificate chain: %s", err) httpError(w, http.StatusBadRequest, "Failed to base64-decode certificate chain: %s", err)
return return
} }
data.CertificateChain = string(certPEM)
log.Printf("got certificate: %s", certPEM) log.Printf("got certificate: %s", certPEM)
@ -1067,6 +1076,8 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
return return
} }
data.PrivateKey = string(keyPEM)
_, err = tls.X509KeyPair(certPEM, keyPEM) _, err = tls.X509KeyPair(certPEM, keyPEM)
if err != nil { if err != nil {
httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err) httpError(w, http.StatusBadRequest, "Invalid certificate or key: %s", err)