CoCalc -- tls.go

GitHub Repository: aos/grafana-agent
Path: blob/main/pkg/integrations/elasticsearch_exporter/tls.go
⁵³⁹³ views
1
package elasticsearch_exporter //nolint:golint
2

3
import (
4
	"crypto/tls"
5
	"crypto/x509"
6
	"log"
7
	"os"
8
)
9

10
// this file was copied as is from
11
// http://github.com/justwatchcom/elasticsearch_exporter/blob/c4c7d2bf2ed55725515dd27df4fd41b6c0b5c33c/tls.go
12

13
func createTLSConfig(pemFile, pemCertFile, pemPrivateKeyFile string, insecureSkipVerify bool) *tls.Config {
14
	tlsConfig := tls.Config{}
15
	if insecureSkipVerify {
16
		// pem settings are irrelevant if we're skipping verification anyway
17
		tlsConfig.InsecureSkipVerify = true
18
	}
19
	if len(pemFile) > 0 {
20
		rootCerts, err := loadCertificatesFrom(pemFile)
21
		if err != nil {
22
			log.Fatalf("Couldn't load root certificate from %s. Got %s.", pemFile, err)
23
			return nil
24
		}
25
		tlsConfig.RootCAs = rootCerts
26
	}
27
	if len(pemCertFile) > 0 && len(pemPrivateKeyFile) > 0 {
28
		clientPrivateKey, err := loadPrivateKeyFrom(pemCertFile, pemPrivateKeyFile)
29
		if err != nil {
30
			log.Fatalf("Couldn't setup client authentication. Got %s.", err)
31
			return nil
32
		}
33
		tlsConfig.Certificates = []tls.Certificate{*clientPrivateKey}
34
	}
35
	return &tlsConfig
36
}
37

38
func loadCertificatesFrom(pemFile string) (*x509.CertPool, error) {
39
	caCert, err := os.ReadFile(pemFile)
40
	if err != nil {
41
		return nil, err
42
	}
43
	certificates := x509.NewCertPool()
44
	certificates.AppendCertsFromPEM(caCert)
45
	return certificates, nil
46
}
47

48
func loadPrivateKeyFrom(pemCertFile, pemPrivateKeyFile string) (*tls.Certificate, error) {
49
	privateKey, err := tls.LoadX509KeyPair(pemCertFile, pemPrivateKeyFile)
50
	if err != nil {
51
		return nil, err
52
	}
53
	return &privateKey, nil
54
}
55

56
Product

Resources

Company
