From 1ef50ddd7f6ae07c68fec7c87c7052e4004179ea Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Mon, 4 Apr 2016 14:35:55 +0200 Subject: Add Certs debug overview --- server.go | 43 +++++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/server.go b/server.go index 3437590..d31c1d8 100644 --- a/server.go +++ b/server.go @@ -12,40 +12,46 @@ import ( type Server struct { DataFile string Routes - SNI + Certs wwwServer http.Server tlsServer http.Server rpcServer http.Server } -// SNI holds certificates -type SNI map[string]*tls.Certificate +// Certs holds certificates +type Certs map[string]*tls.Certificate // GetCertificate returns certificate for SNI negotiation -func (s SNI) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) { - if v, ok := s[h.ServerName]; ok { +func (c Certs) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) { + if v, ok := c[h.ServerName]; ok { return v, nil } return nil, fmt.Errorf("no cert for %q", h.ServerName) } -func (s SNI) addCertificate(cert, key []byte) error { - c, err := tls.X509KeyPair(cert, key) +func (c Certs) ServeHTTP(w http.ResponseWriter, _ *http.Request) { + for k, v := range c { + fmt.Fprintf(w, "%v: valid untill %v\n", k, v.Leaf.NotAfter) + } +} + +func (c Certs) addCertificate(cert, key []byte) error { + crt, err := tls.X509KeyPair(cert, key) if err != nil { return err } - c.Leaf, err = x509.ParseCertificate(c.Certificate[0]) + crt.Leaf, err = x509.ParseCertificate(crt.Certificate[0]) if err != nil { return err } - if cn := c.Leaf.Subject.CommonName; cn != "" { - s[cn] = &c + if cn := crt.Leaf.Subject.CommonName; cn != "" { + c[cn] = &crt } - for _, name := range c.Leaf.DNSNames { - s[name] = &c + for _, name := range crt.Leaf.DNSNames { + c[name] = &crt } - for _, ip := range c.Leaf.IPAddresses { - s[ip.String()] = &c + for _, ip := range crt.Leaf.IPAddresses { + c[ip.String()] = &crt } return nil } @@ -57,7 +63,7 @@ func NewServer(dataFile, listenWWW, listenTLS, listenRPC string) (*Server, error server := &Server{ DataFile: dataFile, Routes: make(Routes), - SNI: make(SNI), + Certs: make(Certs), wwwServer: http.Server{Addr: listenWWW}, tlsServer: http.Server{Addr: listenTLS}, rpcServer: http.Server{Addr: listenRPC}, @@ -69,7 +75,8 @@ func NewServer(dataFile, listenWWW, listenTLS, listenRPC string) (*Server, error server.Load(dataFile) } registerRPC(server) - http.Handle("/debug/route", server) + http.Handle("/debug/routes", server.Routes) + http.Handle("/debug/certs", server.Certs) return server, server.UpdateMux() } @@ -98,7 +105,7 @@ func (s *Server) UpdateMux() error { case "http", "": wwwMux.Handle(host, NewReverseProxy(upstream)) case "https": - err := s.SNI.addCertificate(route.Cert, route.Key) + err := s.Certs.addCertificate(route.Cert, route.Key) if err != nil { return err } @@ -107,7 +114,7 @@ func (s *Server) UpdateMux() error { case "ws": wwwMux.Handle(host, NewWebSocketProxy(upstream)) case "wss": - err := s.SNI.addCertificate(route.Cert, route.Key) + err := s.Certs.addCertificate(route.Cert, route.Key) if err != nil { return err } -- cgit v1.2.3