对https与websocket支持多证书

2026-02-03 22:45:13 +08:00 · 2019-04-11 10:19:16 +08:00
parent 1d607d9018
commit 3222f26d7e
3 changed files with 60 additions and 14 deletions
--- a/network/httpserver.go
+++ b/network/httpserver.go
@@ -1,6 +1,7 @@
 package network

 import (
+	"crypto/tls"
 	"fmt"
 	"net/http"
 	"os"
@@ -10,6 +11,11 @@ import (
 	"github.com/duanhf2012/origin/sysmodule"
 )

+type CA struct {
+	certfile string
+	keyfile  string
+}
+
 type HttpServer struct {
 	port uint16

@@ -18,8 +24,7 @@ type HttpServer struct {
 	writetimeout time.Duration

 	httpserver *http.Server
-	certfile   string
-	keyfile    string
+	caList     []CA

 	ishttps bool
 }
@@ -41,17 +46,35 @@ func (slf *HttpServer) Start() {

 func (slf *HttpServer) startListen() error {
 	listenPort := fmt.Sprintf(":%d", slf.port)
+
+	var tlscatList []tls.Certificate
+	var tlsConfig *tls.Config
+	for _, cadata := range slf.caList {
+		cer, err := tls.LoadX509KeyPair(cadata.certfile, cadata.keyfile)
+		if err != nil {
+			service.GetLogger().Printf(sysmodule.LEVER_FATAL, "load CA  [%s]-[%s] file is error :%s", cadata.certfile, cadata.keyfile, err.Error())
+			os.Exit(1)
+			return nil
+		}
+		tlscatList = append(tlscatList, cer)
+	}
+
+	if len(tlscatList) > 0 {
+		tlsConfig = &tls.Config{Certificates: tlscatList}
+	}
+
 	slf.httpserver = &http.Server{
 		Addr:           listenPort,
 		Handler:        slf.handler,
 		ReadTimeout:    10 * time.Second,
 		WriteTimeout:   10 * time.Second,
 		MaxHeaderBytes: 1 << 20,
+		TLSConfig:      tlsConfig,
 	}

 	var err error
 	if slf.ishttps == true {
-		err = slf.httpserver.ListenAndServeTLS(slf.certfile, slf.keyfile)
+		err = slf.httpserver.ListenAndServeTLS("", "")
 	} else {
 		err = slf.httpserver.ListenAndServe()
 	}
@@ -66,8 +89,10 @@ func (slf *HttpServer) startListen() error {
 }

 func (slf *HttpServer) SetHttps(certfile string, keyfile string) bool {
-	slf.certfile = certfile
-	slf.keyfile = keyfile
+	if certfile == "" || keyfile == "" {
+		return false
+	}
+	slf.caList = append(slf.caList, CA{certfile, keyfile})
 	slf.ishttps = true
 	return true
 }
--- a/network/websocketserver.go
+++ b/network/websocketserver.go
@@ -1,6 +1,7 @@
 package network

 import (
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"net/http"
@@ -31,6 +32,7 @@ type IMessageReceiver interface {
 	OnDisconnect(clientid uint64, err error)
 	OnRecvMsg(clientid uint64, msgtype int, data []byte)
 	OnHandleHttp(w http.ResponseWriter, r *http.Request)
+	IsInit() bool
 }

 type Reciver struct {
@@ -65,9 +67,9 @@ type WebsocketServer struct {
 	httpserver *http.Server
 	reciver    map[string]Reciver

-	certfile string
-	keyfile  string
-	iswss    bool
+	caList []CA
+
+	iswss bool
 }

 const (
@@ -114,17 +116,34 @@ func (slf *WebsocketServer) SetupReciver(pattern string, messageReciver IMessage
 func (slf *WebsocketServer) startListen() {
 	listenPort := fmt.Sprintf(":%d", slf.port)

+	var tlscatList []tls.Certificate
+	var tlsConfig *tls.Config
+	for _, cadata := range slf.caList {
+		cer, err := tls.LoadX509KeyPair(cadata.certfile, cadata.keyfile)
+		if err != nil {
+			service.GetLogger().Printf(sysmodule.LEVER_FATAL, "load CA  %s-%s file is error :%s", cadata.certfile, cadata.keyfile, err.Error())
+			os.Exit(1)
+			return
+		}
+		tlscatList = append(tlscatList, cer)
+	}
+
+	if len(tlscatList) > 0 {
+		tlsConfig = &tls.Config{Certificates: tlscatList}
+	}
+
 	slf.httpserver = &http.Server{
 		Addr:           listenPort,
 		Handler:        slf.initRouterHandler(),
 		ReadTimeout:    10 * time.Second,
 		WriteTimeout:   10 * time.Second,
 		MaxHeaderBytes: 1 << 20,
+		TLSConfig:      tlsConfig,
 	}

 	var err error
 	if slf.iswss == true {
-		err = slf.httpserver.ListenAndServeTLS(slf.certfile, slf.keyfile)
+		err = slf.httpserver.ListenAndServeTLS("", "")
 	} else {
 		err = slf.httpserver.ListenAndServe()
 	}
@@ -244,7 +263,9 @@ func (slf *WebsocketServer) initRouterHandler() http.Handler {
 	r := mux.NewRouter()

 	for pattern, reciver := range slf.reciver {
-		r.HandleFunc(pattern, reciver.messageReciver.OnHandleHttp)
+		if reciver.messageReciver.IsInit() == true {
+			r.HandleFunc(pattern, reciver.messageReciver.OnHandleHttp)
+		}
 	}

 	cors := cors.AllowAll()
@@ -252,8 +273,10 @@ func (slf *WebsocketServer) initRouterHandler() http.Handler {
 }

 func (slf *WebsocketServer) SetWSS(certfile string, keyfile string) bool {
-	slf.certfile = certfile
-	slf.keyfile = keyfile
+	if certfile == "" || keyfile == "" {
+		return false
+	}
+	slf.caList = append(slf.caList, CA{certfile, keyfile})
 	slf.iswss = true
 	return true
 }