Added TLS support to the example application

This commit is contained in:
abrand 2016-06-03 07:51:00 -04:00
parent 4440b3a085
commit 6f98dfeb96

View file

@ -31,6 +31,9 @@ func main() {
clientSecret := fs.String("client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "") clientSecret := fs.String("client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "")
caFile := fs.String("trusted-ca-file", "", "the TLS CA file, if empty then the host's root CA will be used") caFile := fs.String("trusted-ca-file", "", "the TLS CA file, if empty then the host's root CA will be used")
certFile := fs.String("tls-cert-file", "", "the TLS cert file. If empty, the app will listen on HTTP")
keyFile := fs.String("tls-key-file", "", "the TLS key file. If empty, the app will listen on HTTP")
discovery := fs.String("discovery", "http://127.0.0.1:5556", "") discovery := fs.String("discovery", "http://127.0.0.1:5556", "")
logDebug := fs.Bool("log-debug", false, "log debug-level information") logDebug := fs.Bool("log-debug", false, "log debug-level information")
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps") logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
@ -70,6 +73,16 @@ func main() {
log.Fatalf("Unable to parse host from --listen flag: %v", err) log.Fatalf("Unable to parse host from --listen flag: %v", err)
} }
redirectURLParsed, err := url.Parse(*redirectURL)
if err != nil {
log.Fatalf("Unable to parse url from --redirect-url flag: %v", err)
}
useTLS := *keyFile != "" && *certFile != ""
if useTLS && (redirectURLParsed.Scheme != "https" || l.Scheme != "https") {
log.Fatalf("TLS Cert File and Key File were provided. Ensure the listen and redirect URL are using HTTPS.")
}
cc := oidc.ClientCredentials{ cc := oidc.ClientCredentials{
ID: *clientID, ID: *clientID,
Secret: *clientSecret, Secret: *clientSecret,
@ -117,10 +130,6 @@ func main() {
client.SyncProviderConfig(*discovery) client.SyncProviderConfig(*discovery)
redirectURLParsed, err := url.Parse(*redirectURL)
if err != nil {
log.Fatalf("Unable to parse url from --redirect-url flag: %v", err)
}
hdlr := NewClientHandler(client, *discovery, *redirectURLParsed) hdlr := NewClientHandler(client, *discovery, *redirectURLParsed)
httpsrv := &http.Server{ httpsrv := &http.Server{
Addr: fmt.Sprintf(":%s", p), Addr: fmt.Sprintf(":%s", p),
@ -128,7 +137,13 @@ func main() {
} }
log.Infof("Binding to %s...", httpsrv.Addr) log.Infof("Binding to %s...", httpsrv.Addr)
if useTLS {
log.Info("Key and cert file provided. Using TLS")
log.Fatal(httpsrv.ListenAndServeTLS(*certFile, *keyFile))
} else {
log.Fatal(httpsrv.ListenAndServe()) log.Fatal(httpsrv.ListenAndServe())
}
} }
func NewClientHandler(c *oidc.Client, issuer string, cbURL url.URL) http.Handler { func NewClientHandler(c *oidc.Client, issuer string, cbURL url.URL) http.Handler {