extract functionality for determining signature algorithm per code review feedback
This commit is contained in:
parent
91edec5bf4
commit
16ffb2e412
|
@ -447,20 +447,9 @@ func ParseCiphers(tlsConfig *config.TLSConfig) ([]uint16, error) {
|
|||
keyLoader.LoadKeyPair(tlsConfig.CertFile, tlsConfig.KeyFile)
|
||||
|
||||
if keyLoader.GetCertificate() != nil {
|
||||
var supportedSignatureAlgorithm algorithmStringRepr
|
||||
|
||||
tlsCert := keyLoader.GetCertificate()
|
||||
|
||||
// Determine what type of signature algorithm is being used by typecasting
|
||||
// the certificate's private key
|
||||
privKey := tlsCert.PrivateKey
|
||||
switch privKey.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
supportedSignatureAlgorithm = rsaStringRepr
|
||||
case *ecdsa.PrivateKey:
|
||||
supportedSignatureAlgorithm = ecdsaStringRepr
|
||||
default:
|
||||
return []uint16{}, fmt.Errorf("Unsupported signature algorithm %T; RSA and ECDSA only are supported.", privKey)
|
||||
supportedSignatureAlgorithm, err := getSignatureAlgorithm(keyLoader.GetCertificate())
|
||||
if err != nil {
|
||||
return []uint16{}, err
|
||||
}
|
||||
|
||||
for _, cipher := range parsedCiphers {
|
||||
|
@ -482,6 +471,22 @@ func ParseCiphers(tlsConfig *config.TLSConfig) ([]uint16, error) {
|
|||
return []uint16{}, nil
|
||||
}
|
||||
|
||||
// getSignatureAlgorithm returns the signature algorithm for a TLS certificate
|
||||
// This is determined by examining the type of the certificate's public key,
|
||||
// as Golang doesn't expose a more straightforward API which returns this
|
||||
// type
|
||||
func getSignatureAlgorithm(tlsCert *tls.Certificate) (algorithmStringRepr, error) {
|
||||
privKey := tlsCert.PrivateKey
|
||||
switch privKey.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
return rsaStringRepr, nil
|
||||
case *ecdsa.PrivateKey:
|
||||
return ecdsaStringRepr, nil
|
||||
default:
|
||||
return "", fmt.Errorf("Unsupported signature algorithm %T; RSA and ECDSA only are supported.", privKey)
|
||||
}
|
||||
}
|
||||
|
||||
// ParseMinVersion parses the specified minimum TLS version for the Nomad agent
|
||||
func ParseMinVersion(version string) (uint16, error) {
|
||||
if version == "" {
|
||||
|
|
Loading…
Reference in a new issue