reflection work so far...
This commit is contained in:
brent saner
76
types.go
76
types.go
@@ -11,40 +11,76 @@ import (
|
||||
`github.com/Luzifer/go-dhparam`
|
||||
)
|
||||
|
||||
// tlsUriParam is an unexported type used to define TlsUri parameter names (and thus tags).
|
||||
type tlsUriParam string
|
||||
|
||||
// tlsUriParams is a collection of tlsUriParam and their value(s).
|
||||
type tlsUriParams map[tlsUriParam][]string
|
||||
|
||||
// PemBlocks is a combined set of multiple pem.Blocks.
|
||||
type PemBlocks []*pem.Block
|
||||
|
||||
// TlsFlat provides an easy structure to marshal/unmarshal a tls.Config from/to a data structure (JSON, XML, etc.).
|
||||
// TlsFlat provides an easy structure to marshal/unmarshal a tls.Config and/or a TlsUri from/to a data structure (JSON, XML, etc.).
|
||||
type TlsFlat struct {
|
||||
XMLName xml.Name `xml:"tlsConfig" json:"-" yaml:"-" toml:"-"`
|
||||
// SniName represents the expected Server Name Indicator's name. See TlsUriParamSni.
|
||||
SniName string `json:"sni_name" toml:"SNIName" yaml:"SNI Name" xml:"sniName,attr" required:"true" validate:"required"`
|
||||
// SkipVerify, if true, will bypass certificate verification. You generally should not enable this. See TlsUriParamNoVerify.
|
||||
// Host is the host name. It may or may not be the same as SniName, and may be an empty string.
|
||||
Host string `json:"host,omitempty" toml:"Host,omitempty" yaml:"Host,omitempty" xml:"host,attr,omitempty" tlsUri:"-"` // No reflection is done as it's directly managed.
|
||||
// Port is the port number, if specified. Only relevant for listeners/clients and TlsUri.
|
||||
Port *uint16 `json:"port,omitempty" toml:"Port,omitempty" yaml:"Port,omitempty" xml:"port,attr,omitempty" tlsUri:"-"` // No reflection is done as it's directly managed.
|
||||
// CaFiles contains filepaths to CA certificates/"trust anchors" in PEM format. They may be combined. See ParamCa.
|
||||
CaFiles []string `json:"ca_files,omitempty" toml:"CaFiles,omitempty" yaml:"CA Files,omitempty" xml:"roots>ca,omitempty" tlsUri:"ParamCa" validate:"omitempty,dive,filepath"`
|
||||
// Certs contains 0 or more TlsFlatCert certificate definitions. See ParamCert and ParamKey as well.
|
||||
Certs []*TlsFlatCert `json:"certs,omitempty" toml:"Certs,omitempty" yaml:"Certificates,omitempty" xml:"certs>cert,omitempty" validate:"omitempty,dive"`
|
||||
// CipherSuites represents desired ciphers/cipher suites for this TLS environment. See ParamCipher.
|
||||
CipherSuites []string `json:"cipher_suites,omitempty" toml:"CipherSuites,omitempty" yaml:"Cipher Suites,omitempty" xml:"ciphers,omitempty" tlsUri:"ParamCipher" validate:"omitempty,dive"`
|
||||
// Curves specifies desired cryptographic curves to be used. See ParamCurve.
|
||||
Curves []string `json:"curves,omitempty" toml:"Curves,omitempty" yaml:"Curves,omitempty" xml:"curves>curve,omitempty" tlsUri:"ParamCurve" validate:"omitempty,dive"`
|
||||
// IgnoreMissing, if true, specifies that missing files should be ignored instead of throwing an error.
|
||||
IgnoreMissing bool `json:"ignore_missing,omitempty" toml:"IgnoreMissing,omitempty" yaml:"Ignore Missing,omitempty" xml:"ignoreMissing,attr,omitempty" tlsUri:"ParamIgnoreMissing"`
|
||||
/*
|
||||
Keylog specifies an SSLKEYLOGFILE.
|
||||
|
||||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
!! DO NOT, UNDER ANY CIRCUMSTANCES, ENABLE THIS UNLESS YOU ARE !!
|
||||
!! ABSOLUTELY SURE WHAT YOU ARE DOING. !!
|
||||
!! IT SEVERELY COMPROMISES SECURITY !!
|
||||
!! AND IS ONLY INTENDED FOR DEBUGGING PURPOSES! !!
|
||||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
|
||||
See ParamKeylog for details and special values.
|
||||
*/
|
||||
Keylog *string `json:"keylog,omitempty" toml:"Keylog,omitempty" yaml:"Keylog,omitempty" xml:"keylog,attr,omitempty" validate:"omitempty,dive"`
|
||||
// MaxTlsProtocol specifies the maximum TLS version. See ParamMaxTls.
|
||||
MaxTlsProtocol *string `json:"max_tls_protocol,omitempty" xml:"maxTlsProtocol,attr,omitempty" yaml:"MaxTlsProtocol,omitempty" toml:"MaxTlsProtocol,omitempty" tlsUri:"ParamMaxTls"`
|
||||
// MinTlsProtocol specifies the minimum TLS version. See ParamMinTls.
|
||||
MinTlsProtocol *string `json:"min_tls_protocol,omitempty" xml:"minTlsProtocol,attr,omitempty" yaml:"MinTlsProtocol,omitempty" toml:"MinTlsProtocol,omitempty" tlsUri:"ParamMinTls"`
|
||||
// MutualTlsCAs specify path(s) to CA certificates/"trust anchors" in PEM format. See ParamMtlsCa.
|
||||
MutualTlsCAs []string `json:"mtls_ca,omitempty" toml:"mTLSRoots,omitempty" yaml:"MTLS CA Files,omitempty" xml:"mTlsRoots>ca,omitempty" tlsUri:"ParamMtlsCa"`
|
||||
// MutualTls specifies mutual TLS and, if enabled, what type/mode/level of required validation. See ParamMtlsMode.
|
||||
MutualTls *string `json:"mtls_auth" toml:"mTLS,omitempty" yaml:"mTLS Type,omitempty" xml:"mtlsAuth,attr,omitempty" tlsUri:"ParamMtlsMode"`
|
||||
// NetMode is the "network type" as found in e.g. net.Dial. See ParamNet for details.
|
||||
NetMode *string
|
||||
// SkipVerify, if true, will bypass certificate verification. You generally should not enable this. See ParamNoVerify.
|
||||
SkipVerify bool `json:"skip_verify,omitempty" toml:"SkipVerify,omitempty" yaml:"Skip Verification,omitempty" xml:"skipVerify,attr,omitempty"`
|
||||
// Certs contains 0 or more TlsFlatCert certificate definitions. See TlsUriParamCert and TlsUriParamKey as well.
|
||||
Certs []*TlsFlatCert `json:"certs,omitempty" toml:"Certs,omitempty" yaml:"Certificates,omitempty" xml:"certs>cert,omitempty"validate:"omitempty,dive"`
|
||||
// CaFiles contains filepaths to CA certificates/"trust anchors" in PEM format. They may be combined. See TlsUriParamCa.
|
||||
CaFiles []string `json:"ca_files,omitempty" toml:"CaFiles,omitempty" yaml:"CA Files,omitempty" xml:"roots>ca,omitempty" validate:"omitempty,dive,filepath"`
|
||||
// CipherSuites represents desired ciphers/cipher suites for this TLS environment. See TlsUriParamCipher.
|
||||
CipherSuites []string `json:"cipher_suites,omitempty" toml:"CipherSuites,omitempty" yaml:"Cipher Suites,omitempty" xml:"ciphers,omitempty"`
|
||||
// Curves specifies desired cryptographic curves to be used. See TlsUriParamCurve.
|
||||
Curves []string `json:"curves,omitempty" xml:"curves>curve,omitempty" yaml:"Curves,omitempty" toml:"Curves,omitempty" validate:"omitempty,dive"`
|
||||
// MinTlsProtocol specifies the minimum TLS version. See TlsUriParamMinTls.
|
||||
MinTlsProtocol *string `json:"min_tls_protocol,omitempty" xml:"minTlsProtocol,attr,omitempty" yaml:"MinTlsProtocol,omitempty" toml:"MinTlsProtocol,omitempty"`
|
||||
// MaxTlsProtocol specifies the maximum TLS version. See TlsUriParamMaxTls.
|
||||
MaxTlsProtocol *string `json:"max_tls_protocol,omitempty" xml:"maxTlsProtocol,attr,omitempty" yaml:"MaxTlsProtocol,omitempty" toml:"MaxTlsProtocol,omitempty"`
|
||||
/*
|
||||
SniName represents the expected Server Name Indicator's name. If not nil, Host will be used to connect/listen
|
||||
and this name will be used for certificate validation/verification.
|
||||
See ParamSni.
|
||||
*/
|
||||
SniName *string `json:"sni_name" toml:"SNIName" yaml:"SNI Name" xml:"sniName,attr" tlsUri:"ParamSni" required:"true" validate:"required"`
|
||||
}
|
||||
|
||||
// TlsFlatCert represents a certificate (and, possibly, paired key).
|
||||
type TlsFlatCert struct {
|
||||
XMLName xml.Name `xml:"cert" json:"-" yaml:"-" toml:"-"`
|
||||
// KeyFile is a filepath to a PEM-encoded key file. See TlsUriParamKey.
|
||||
KeyFile *string `json:"key,omitempty" xml:"key,attr,omitempty" yaml:"Key,omitempty" toml:"Key,omitempty" validate:"omitempty,filepath"`
|
||||
// CertFile is a filepath to a PEM-encoded certificate file. See TlsUriParamCert.
|
||||
CertFile string `json:"cert" xml:",chardata" yaml:"Certificate" toml:"Certificate" required:"true" validate:"required,filepath"`
|
||||
// KeyFile is a filepath to a PEM-encoded key file. See ParamKey.
|
||||
KeyFile *string `json:"key,omitempty" xml:"key,attr,omitempty" yaml:"Key,omitempty" toml:"Key,omitempty" tlsUri:"ParamKey" validate:"omitempty,filepath"`
|
||||
// CertFile is a filepath to a PEM-encoded certificate file. See ParamCert.
|
||||
CertFile string `json:"cert" xml:",chardata" yaml:"Certificate" toml:"Certificate" required:"true" tlsUri:"ParamCert" validate:"required,filepath"`
|
||||
}
|
||||
|
||||
// TlsPkiChain contains a whole X.509 PKI chain -- Root CA(s) (trust anchors) which sign Intermediate(s) which sign Certificate(s).
|
||||
// TODO
|
||||
type TlsPkiChain struct {
|
||||
/*
|
||||
Roots are all trust anchors/root certificates.
|
||||
|
||||
Reference in New Issue
Block a user