3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 11:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/integration/backends/httpdetails/main.go
Caleb Doxsey 49067c8f06
integration-tests: TLS policy configuration options (#708) 
* integration-tests: switch to go for backends to support TLS scenarios

* fix apply order

* generate additional tls certs

* integration-tests: tls_skip_verify option

* integration-tests: wait for openid to come up before starting authenticate

* add tls_server_name test

* add test for tls_custom_ca

* increase setup timeout to 15 minutes

* fix secret name reference

* mtls wip

* mtls wip

* add test for client_cert
2020-05-15 16:37:09 -06:00

94 lines
2.3 KiB
Go
Raw Blame History

package main
import (
"crypto/tls"
"crypto/x509"
"encoding/json"
"flag"
"fmt"
"io/ioutil"
"net/http"
"os"
)
func main() {
var (
certFile, keyFile, mutualAuthCAFile, bindAddr string
)
flag.StringVar(&certFile, "cert-file", "", "the tls cert file to use")
flag.StringVar(&keyFile, "key-file", "", "the tls key file to use")
flag.StringVar(&mutualAuthCAFile, "mutual-auth-ca-file", "", "if set, require a client cert signed via this ca file")
flag.StringVar(&bindAddr, "bind-addr", "", "the address to listen on")
flag.Parse()
srv := &http.Server{
Handler: http.HandlerFunc(handle),
}
if mutualAuthCAFile != "" {
caCert, err := ioutil.ReadFile(mutualAuthCAFile)
if err != nil {
fmt.Fprintf(os.Stderr, "failed to read mutual-auth-ca-file: %v", err)
os.Exit(1)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
srv.TLSConfig = &tls.Config{
ClientCAs: caCertPool,
ClientAuth: tls.RequireAndVerifyClientCert,
}
srv.TLSConfig.BuildNameToCertificate()
}
var err error
if certFile != "" && keyFile != "" {
if bindAddr == "" {
bindAddr = ":5443"
}
srv.Addr = bindAddr
fmt.Println("starting server on", bindAddr)
err = srv.ListenAndServeTLS(certFile, keyFile)
} else {
if bindAddr == "" {
bindAddr = ":5080"
}
srv.Addr = bindAddr
fmt.Println("starting server on", bindAddr)
err = srv.ListenAndServe()
}
if err != nil {
fmt.Fprintf(os.Stderr, "failed to listen and serve: %v", err)
os.Exit(1)
}
}
type Result struct {
Headers map[string]string `json:"headers"`
Method string `json:"method"`
Host string `json:"host"`
Port string `json:"port"`
Path string `json:"path"`
Query string `json:"query"`
RequestURI string `json:"requestURI"`
}
func handle(w http.ResponseWriter, r *http.Request) {
res := &Result{
Headers: map[string]string{},
Method: r.Method,
Host: r.Host,
Port: r.URL.Port(),
Path: r.URL.Path,
Query: r.URL.RawQuery,
RequestURI: r.RequestURI,
}
for k := range r.Header {
res.Headers[k] = r.Header.Get(k)
}
res.Headers["Host"] = r.Host
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(200)
_ = json.NewEncoder(w).Encode(res)
}
Reference in a new issue View git blame Copy permalink