1 package websvr
2 import (
3 "github.com/tjfoc/gmsm/gmtls"
4 "github.com/tjfoc/gmsm/x509"
5 "io/ioutil"
6 "crypto/tls"
7 x "crypto/x509"
8 )
9
10 const (
11 rsaCertPath = "./certs/rsa_sign.cer"
12 rsaKeyPath = "./certs/rsa_sign_key.pem"
13 RSACaCertPath = "./certs/RSA_CA.cer"
14 RSAAuthCertPath = "./certs/rsa_auth_cert.cer"
15 RSAAuthKeyPath = "./certs/rsa_auth_key.pem"
16 SM2CaCertPath = "./certs/SM2_CA.cer"
17 SM2AuthCertPath = "./certs/sm2_auth_cert.cer"
18 SM2AuthKeyPath = "./certs/sm2_auth_key.pem"
19 sm2SignCertPath = "./certs/sm2_sign_cert.cer"
20 sm2SignKeyPath = "./certs/sm2_sign_key.pem"
21 sm2EncCertPath = "./certs/sm2_enc_cert.cer"
22 sm2EncKeyPath = "./certs/sm2_enc_key.pem"
23 )
24
25
26 func loadRsaConfig() (*gmtls.Config, error) {
27 cert, err := gmtls.LoadX509KeyPair(rsaCertPath, rsaKeyPath)
28 if err != nil {
29 return nil, err
30 }
31 return &gmtls.Config{Certificates: []gmtls.Certificate{cert}}, nil
32 }
33
34
35 func loadSM2Config() (*gmtls.Config, error) {
36 sigCert, err := gmtls.LoadX509KeyPair(sm2SignCertPath, sm2SignKeyPath)
37 if err != nil {
38 return nil, err
39 }
40 encCert, err := gmtls.LoadX509KeyPair(sm2EncCertPath, sm2EncKeyPath)
41 if err != nil {
42 return nil, err
43 }
44 return &gmtls.Config{
45 GMSupport: &gmtls.GMSupport{},
46 Certificates: []gmtls.Certificate{sigCert, encCert},
47 }, nil
48 }
49
50
51 func loadAutoSwitchConfig() (*gmtls.Config, error) {
52 rsaKeypair, err := gmtls.LoadX509KeyPair(rsaCertPath, rsaKeyPath)
53 if err != nil {
54 return nil, err
55 }
56 sigCert, err := gmtls.LoadX509KeyPair(sm2SignCertPath, sm2SignKeyPath)
57 if err != nil {
58 return nil, err
59 }
60 encCert, err := gmtls.LoadX509KeyPair(sm2EncCertPath, sm2EncKeyPath)
61 if err != nil {
62 return nil, err
63
64 }
65 return gmtls.NewBasicAutoSwitchConfig(&sigCert, &encCert, &rsaKeypair)
66 }
67
68
69 func loadAutoSwitchConfigClientAuth() (*gmtls.Config, error) {
70 config, err := loadAutoSwitchConfig()
71 if err != nil {
72 return nil, err
73 }
74
75 config.ClientAuth = gmtls.RequireAndVerifyClientCert
76 return config, nil
77 }
78
79
80 func bothAuthConfig() (*gmtls.Config, error) {
81
82 certPool := x509.NewCertPool()
83 cacert, err := ioutil.ReadFile(SM2CaCertPath)
84 if err != nil {
85 return nil, err
86 }
87 certPool.AppendCertsFromPEM(cacert)
88 authKeypair, err := gmtls.LoadX509KeyPair(SM2AuthCertPath, SM2AuthKeyPath)
89 if err != nil {
90 return nil, err
91 }
92 return &gmtls.Config{
93 GMSupport: &gmtls.GMSupport{},
94 RootCAs: certPool,
95 Certificates: []gmtls.Certificate{authKeypair},
96 InsecureSkipVerify: false,
97 }, nil
98
99 }
100
101
102 func singleSideAuthConfig() (*gmtls.Config, error) {
103
104 certPool := x509.NewCertPool()
105 cacert, err := ioutil.ReadFile(SM2CaCertPath)
106 if err != nil {
107 return nil, err
108 }
109 certPool.AppendCertsFromPEM(cacert)
110
111 return &gmtls.Config{
112 GMSupport: &gmtls.GMSupport{},
113 RootCAs: certPool,
114 }, nil
115 }
116
117 func rsaBothAuthConfig() (*tls.Config, error) {
118
119 certPool := x.NewCertPool()
120 cacert, err := ioutil.ReadFile(RSACaCertPath)
121 if err != nil {
122 return nil, err
123 }
124 certPool.AppendCertsFromPEM(cacert)
125 authKeypair, err := tls.LoadX509KeyPair(RSAAuthCertPath, RSAAuthKeyPath)
126 if err != nil {
127 return nil, err
128 }
129 return &tls.Config{
130 MaxVersion: tls.VersionTLS12,
131 RootCAs: certPool,
132 Certificates: []tls.Certificate{authKeypair},
133 InsecureSkipVerify: false,
134 }, nil
135
136 }
137
138
139 func rsaSingleSideAuthConfig() (*tls.Config, error) {
140
141 certPool := x.NewCertPool()
142 cacert, err := ioutil.ReadFile(RSACaCertPath)
143 if err != nil {
144 return nil, err
145 }
146 certPool.AppendCertsFromPEM(cacert)
147
148 return &tls.Config{
149 MaxVersion: tls.VersionTLS12,
150 RootCAs: certPool,
151 }, nil
152 }
153
View as plain text