From 6f98dfeb96d9c406617061e067a0c7ac7b23fc06 Mon Sep 17 00:00:00 2001 From: abrand Date: Fri, 3 Jun 2016 07:51:00 -0400 Subject: [PATCH 1/2] Added TLS support to the example application --- examples/app/main.go | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/examples/app/main.go b/examples/app/main.go index fdcd8d9e..2b79ed65 100644 --- a/examples/app/main.go +++ b/examples/app/main.go @@ -31,6 +31,9 @@ func main() { clientSecret := fs.String("client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "") caFile := fs.String("trusted-ca-file", "", "the TLS CA file, if empty then the host's root CA will be used") + certFile := fs.String("tls-cert-file", "", "the TLS cert file. If empty, the app will listen on HTTP") + keyFile := fs.String("tls-key-file", "", "the TLS key file. If empty, the app will listen on HTTP") + discovery := fs.String("discovery", "http://127.0.0.1:5556", "") logDebug := fs.Bool("log-debug", false, "log debug-level information") logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps") @@ -70,6 +73,16 @@ func main() { log.Fatalf("Unable to parse host from --listen flag: %v", err) } + redirectURLParsed, err := url.Parse(*redirectURL) + if err != nil { + log.Fatalf("Unable to parse url from --redirect-url flag: %v", err) + } + + useTLS := *keyFile != "" && *certFile != "" + if useTLS && (redirectURLParsed.Scheme != "https" || l.Scheme != "https") { + log.Fatalf("TLS Cert File and Key File were provided. Ensure the listen and redirect URL are using HTTPS.") + } + cc := oidc.ClientCredentials{ ID: *clientID, Secret: *clientSecret, @@ -117,10 +130,6 @@ func main() { client.SyncProviderConfig(*discovery) - redirectURLParsed, err := url.Parse(*redirectURL) - if err != nil { - log.Fatalf("Unable to parse url from --redirect-url flag: %v", err) - } hdlr := NewClientHandler(client, *discovery, *redirectURLParsed) httpsrv := &http.Server{ Addr: fmt.Sprintf(":%s", p), @@ -128,7 +137,13 @@ func main() { } log.Infof("Binding to %s...", httpsrv.Addr) - log.Fatal(httpsrv.ListenAndServe()) + + if useTLS { + log.Info("Key and cert file provided. Using TLS") + log.Fatal(httpsrv.ListenAndServeTLS(*certFile, *keyFile)) + } else { + log.Fatal(httpsrv.ListenAndServe()) + } } func NewClientHandler(c *oidc.Client, issuer string, cbURL url.URL) http.Handler { From 51659716e0aa0a17e935cf9668563d6dda1eead7 Mon Sep 17 00:00:00 2001 From: abrand Date: Fri, 3 Jun 2016 20:02:30 -0400 Subject: [PATCH 2/2] Improved error message when TLS config is specified, but listen/redirect URL are using wrong scheme --- examples/app/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/app/main.go b/examples/app/main.go index 2b79ed65..71215415 100644 --- a/examples/app/main.go +++ b/examples/app/main.go @@ -80,7 +80,7 @@ func main() { useTLS := *keyFile != "" && *certFile != "" if useTLS && (redirectURLParsed.Scheme != "https" || l.Scheme != "https") { - log.Fatalf("TLS Cert File and Key File were provided. Ensure the listen and redirect URL are using HTTPS.") + log.Fatalf(`TLS Cert File and Key File were provided. Ensure listen and redirect URLs are using the "https://" scheme.`) } cc := oidc.ClientCredentials{