package goxy import ( "crypto/tls" "crypto/x509" "fmt" "net/http" ) // Certs holds certificates type Certs map[string]*tls.Certificate // GetCertificate returns certificate for SNI negotiation func (c Certs) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) { if v, ok := c[h.ServerName]; ok { return v, nil } return nil, fmt.Errorf("no cert for %q", h.ServerName) } func (c Certs) addCertificate(cert, key []byte) error { crt, err := tls.X509KeyPair(cert, key) if err != nil { return err } crt.Leaf, err = x509.ParseCertificate(crt.Certificate[0]) if err != nil { return err } if cn := crt.Leaf.Subject.CommonName; cn != "" { c[cn] = &crt } for _, name := range crt.Leaf.DNSNames { c[name] = &crt } for _, ip := range crt.Leaf.IPAddresses { c[ip.String()] = &crt } return nil } func (c Certs) ServeHTTP(w http.ResponseWriter, _ *http.Request) { for k, v := range c { fmt.Fprintf(w, "%v: valid untill %v\n", k, v.Leaf.NotAfter) } }