Skip to content

Commit 7c4e6dc

Browse files
marainomaraino
committed
Remove duplicated code in bootstrap methods
1 parent 64c19d4 commit 7c4e6dc

File tree

1 file changed

+42
-49
lines changed

1 file changed

+42
-49
lines changed

ca/bootstrap.go

+42-49
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,14 @@ package ca
22

33
import (
44
"context"
5+
"crypto"
56
"crypto/tls"
67
"net"
78
"net/http"
89
"strings"
910

1011
"github.com/pkg/errors"
12+
"github.com/smallstep/certificates/api"
1113
"go.step.sm/crypto/jose"
1214
)
1315

@@ -58,22 +60,7 @@ func Bootstrap(token string) (*Client, error) {
5860
// }
5961
// resp, err := client.Get("https://internal.smallstep.com")
6062
func BootstrapClient(ctx context.Context, token string, options ...TLSOption) (*http.Client, error) {
61-
client, err := Bootstrap(token)
62-
if err != nil {
63-
return nil, err
64-
}
65-
66-
version, err := client.Version()
67-
if err != nil {
68-
return nil, err
69-
}
70-
71-
req, pk, err := CreateSignRequest(token)
72-
if err != nil {
73-
return nil, err
74-
}
75-
76-
sign, err := client.Sign(req)
63+
b, err := createBootstrap(token)
7764
if err != nil {
7865
return nil, err
7966
}
@@ -83,11 +70,11 @@ func BootstrapClient(ctx context.Context, token string, options ...TLSOption) (*
8370
// The roots request is only supported if identity certificates are not
8471
// required. In all cases the current root is also added after applying all
8572
// options too.
86-
if !version.RequireClientAuthentication {
73+
if !b.RequireClientAuth {
8774
options = append(options, AddRootsToRootCAs())
8875
}
8976

90-
transport, err := client.Transport(ctx, sign, pk, options...)
77+
transport, err := b.Client.Transport(ctx, b.SignResponse, b.PrivateKey, options...)
9178
if err != nil {
9279
return nil, err
9380
}
@@ -131,22 +118,7 @@ func BootstrapServer(ctx context.Context, token string, base *http.Server, optio
131118
return nil, errors.New("server TLSConfig is already set")
132119
}
133120

134-
client, err := Bootstrap(token)
135-
if err != nil {
136-
return nil, err
137-
}
138-
139-
version, err := client.Version()
140-
if err != nil {
141-
return nil, err
142-
}
143-
144-
req, pk, err := CreateSignRequest(token)
145-
if err != nil {
146-
return nil, err
147-
}
148-
149-
sign, err := client.Sign(req)
121+
b, err := createBootstrap(token)
150122
if err != nil {
151123
return nil, err
152124
}
@@ -156,11 +128,11 @@ func BootstrapServer(ctx context.Context, token string, base *http.Server, optio
156128
// The roots request is only supported if identity certificates are not
157129
// required. In all cases the current root is also added after applying all
158130
// options too.
159-
if !version.RequireClientAuthentication {
131+
if !b.RequireClientAuth {
160132
options = append(options, AddRootsToCAs())
161133
}
162134

163-
tlsConfig, err := client.GetServerTLSConfig(ctx, sign, pk, options...)
135+
tlsConfig, err := b.Client.GetServerTLSConfig(ctx, b.SignResponse, b.PrivateKey, options...)
164136
if err != nil {
165137
return nil, err
166138
}
@@ -194,39 +166,60 @@ func BootstrapServer(ctx context.Context, token string, base *http.Server, optio
194166
// ... // register services
195167
// srv.Serve(lis)
196168
func BootstrapListener(ctx context.Context, token string, inner net.Listener, options ...TLSOption) (net.Listener, error) {
197-
client, err := Bootstrap(token)
169+
b, err := createBootstrap(token)
198170
if err != nil {
199171
return nil, err
200172
}
201173

202-
version, err := client.Version()
174+
// Make sure the tlsConfig have all supported roots on RootCAs.
175+
//
176+
// The roots request is only supported if identity certificates are not
177+
// required. In all cases the current root is also added after applying all
178+
// options too.
179+
if !b.RequireClientAuth {
180+
options = append(options, AddRootsToCAs())
181+
}
182+
183+
tlsConfig, err := b.Client.GetServerTLSConfig(ctx, b.SignResponse, b.PrivateKey, options...)
203184
if err != nil {
204185
return nil, err
205186
}
206187

207-
req, pk, err := CreateSignRequest(token)
188+
return tls.NewListener(inner, tlsConfig), nil
189+
}
190+
191+
type bootstrap struct {
192+
Client *Client
193+
RequireClientAuth bool
194+
SignResponse *api.SignResponse
195+
PrivateKey crypto.PrivateKey
196+
}
197+
198+
func createBootstrap(token string) (*bootstrap, error) {
199+
client, err := Bootstrap(token)
208200
if err != nil {
209201
return nil, err
210202
}
211203

212-
sign, err := client.Sign(req)
204+
version, err := client.Version()
213205
if err != nil {
214206
return nil, err
215207
}
216208

217-
// Make sure the tlsConfig have all supported roots on RootCAs.
218-
//
219-
// The roots request is only supported if identity certificates are not
220-
// required. In all cases the current root is also added after applying all
221-
// options too.
222-
if !version.RequireClientAuthentication {
223-
options = append(options, AddRootsToCAs())
209+
req, pk, err := CreateSignRequest(token)
210+
if err != nil {
211+
return nil, err
224212
}
225213

226-
tlsConfig, err := client.GetServerTLSConfig(ctx, sign, pk, options...)
214+
sign, err := client.Sign(req)
227215
if err != nil {
228216
return nil, err
229217
}
230218

231-
return tls.NewListener(inner, tlsConfig), nil
219+
return &bootstrap{
220+
Client: client,
221+
RequireClientAuth: version.RequireClientAuthentication,
222+
SignResponse: sign,
223+
PrivateKey: pk,
224+
}, nil
232225
}

0 commit comments

Comments
 (0)