extract functionality for determining signature algorithm per code review feedback

This commit is contained in:
Chelsea Holland Komlo 2018-08-13 16:08:23 -04:00
parent 91edec5bf4
commit 16ffb2e412

View file

@ -447,20 +447,9 @@ func ParseCiphers(tlsConfig *config.TLSConfig) ([]uint16, error) {
keyLoader.LoadKeyPair(tlsConfig.CertFile, tlsConfig.KeyFile)
if keyLoader.GetCertificate() != nil {
var supportedSignatureAlgorithm algorithmStringRepr
tlsCert := keyLoader.GetCertificate()
// Determine what type of signature algorithm is being used by typecasting
// the certificate's private key
privKey := tlsCert.PrivateKey
switch privKey.(type) {
case *rsa.PrivateKey:
supportedSignatureAlgorithm = rsaStringRepr
case *ecdsa.PrivateKey:
supportedSignatureAlgorithm = ecdsaStringRepr
default:
return []uint16{}, fmt.Errorf("Unsupported signature algorithm %T; RSA and ECDSA only are supported.", privKey)
supportedSignatureAlgorithm, err := getSignatureAlgorithm(keyLoader.GetCertificate())
if err != nil {
return []uint16{}, err
}
for _, cipher := range parsedCiphers {
@ -482,6 +471,22 @@ func ParseCiphers(tlsConfig *config.TLSConfig) ([]uint16, error) {
return []uint16{}, nil
}
// getSignatureAlgorithm returns the signature algorithm for a TLS certificate
// This is determined by examining the type of the certificate's public key,
// as Golang doesn't expose a more straightforward API which returns this
// type
func getSignatureAlgorithm(tlsCert *tls.Certificate) (algorithmStringRepr, error) {
privKey := tlsCert.PrivateKey
switch privKey.(type) {
case *rsa.PrivateKey:
return rsaStringRepr, nil
case *ecdsa.PrivateKey:
return ecdsaStringRepr, nil
default:
return "", fmt.Errorf("Unsupported signature algorithm %T; RSA and ECDSA only are supported.", privKey)
}
}
// ParseMinVersion parses the specified minimum TLS version for the Nomad agent
func ParseMinVersion(version string) (uint16, error) {
if version == "" {