Make ServeHTTPS take in tls.Certificate

a942768a · Jonah Husson · a1eb3c8a · a942768a · a942768a
Commit a942768a authored Dec 20, 2022 by Jonah Husson
--- a/connect/comms.go
+++ b/connect/comms.go
@@ -465,7 +465,7 @@ func parseTlsPacket(r io.Reader) (*tlshacks.ClientHelloInfo, bool) {
 // not be usable until this has been called at least once, unblocking the
 // listenHTTP func in ServeWithWeb.  Future calls will be handled by the
 // startUpdateCertificate thread.
-func (c *ProtoComms) ServeHttps(cert, key []byte) error {
+func (c *ProtoComms) ServeHttps(keyPair tls.Certificate) error {
 	if c.mux == nil {
 		return errors.New("mux does not exist; is https enabled?")
 	}
@@ -477,16 +477,17 @@ func (c *ProtoComms) ServeHttps(cert, key []byte) error {
 	httpL := c.mux.Match(c.matchWebTls)

 	grpcServer := c.grpcServer
-	keyPair, err := tls.X509KeyPair(
-		cert, key)
-	if err != nil {
-		return errors.WithMessage(err, "cert & key could not be parsed to valid tls certificate")
-	}
-
-	parsedLeafCert, err := x509.ParseCertificate(keyPair.Certificate[0])
+	var parsedLeafCert *x509.Certificate
+	var err error
+	if keyPair.Leaf == nil {
+		parsedLeafCert, err = x509.ParseCertificate(keyPair.Certificate[0])
 		if err != nil {
 			jww.FATAL.Panicf("Failed to load TLS certificate: %+v", err)
 		}
+	} else {
+		parsedLeafCert = keyPair.Leaf
+	}
+
 	c.httpsX509 = parsedLeafCert

 	listenHTTPS := func(l net.Listener) {

--- a/connect/connection_test.go
+++ b/connect/connection_test.go
@@ -2,6 +2,7 @@ package connect

 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"gitlab.com/xx_network/comms/connect/token"
 	pb "gitlab.com/xx_network/comms/messages"
@@ -174,7 +175,11 @@ func TestWebConnection_TLS(t *testing.T) {
 			pb.RegisterGenericServer(pc.grpcServer, &TestGenericServer{resp: expectedResponse})

 			pc.ServeWithWeb()
-			err = pc.ServeHttps(httpsCertBytes, httpsKeyBytes)
+			tlsKeypair, err := tls.X509KeyPair(httpsCertBytes, httpsKeyBytes)
+			if err != nil {
+				t.Fatal(err)
+			}
+			err = pc.ServeHttps(tlsKeypair)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -209,7 +214,7 @@ func TestWebConnection_TLS(t *testing.T) {
 				t.Errorf("Did not receive expected payload")
 			}

-			_, err := h.GetServerCert()
+			_, err = h.GetServerCert()
 			if err != nil {
 				t.Errorf("Did not receive cert: %+v", err)
 			}
@@ -266,7 +271,11 @@ func TestServeWeb_Matchers(t *testing.T) {
 			hostParams := GetDefaultHostParams()
 			hostParams.ConnectionType = ct
 			pc.ServeWithWeb()
-			err = pc.ServeHttps(httpsCertBytes, httpsKeyBytes)
+			tlsKeypair, err := tls.X509KeyPair(httpsCertBytes, httpsKeyBytes)
+			if err != nil {
+				t.Fatal(err)
+			}
+			err = pc.ServeHttps(tlsKeypair)
 			if err != nil {
 				t.Fatal(err)
 			}