mirror of
https://github.com/int128/kubelogin.git
synced 2026-05-14 11:56:35 +00:00
53 lines
1.8 KiB
Go
53 lines
1.8 KiB
Go
package cmd
|
|
|
|
import (
|
|
"crypto/tls"
|
|
|
|
"github.com/int128/kubelogin/pkg/tlsclientconfig"
|
|
"github.com/spf13/pflag"
|
|
)
|
|
|
|
type tlsOptions struct {
|
|
CACertFilename []string
|
|
CACertData []string
|
|
SkipTLSVerify bool
|
|
RenegotiateOnceAsClient bool
|
|
RenegotiateFreelyAsClient bool
|
|
}
|
|
|
|
func (o *tlsOptions) addFlags(f *pflag.FlagSet) {
|
|
f.StringArrayVar(&o.CACertFilename, "certificate-authority", nil, "Path to a cert file for the certificate authority")
|
|
f.StringArrayVar(&o.CACertData, "certificate-authority-data", nil, "Base64 encoded cert for the certificate authority")
|
|
f.BoolVar(&o.SkipTLSVerify, "insecure-skip-tls-verify", false, "[SECURITY RISK] If set, the server's certificate will not be checked for validity")
|
|
f.BoolVar(&o.RenegotiateOnceAsClient, "tls-renegotiation-once", false, "If set, allow a remote server to request renegotiation once per connection")
|
|
f.BoolVar(&o.RenegotiateFreelyAsClient, "tls-renegotiation-freely", false, "If set, allow a remote server to repeatedly request renegotiation")
|
|
}
|
|
|
|
func (o *tlsOptions) expandHomedir() {
|
|
var caCertFilenames []string
|
|
for _, caCertFilename := range o.CACertFilename {
|
|
expanded := expandHomedir(caCertFilename)
|
|
caCertFilenames = append(caCertFilenames, expanded)
|
|
}
|
|
o.CACertFilename = caCertFilenames
|
|
}
|
|
|
|
func (o tlsOptions) tlsClientConfig() tlsclientconfig.Config {
|
|
return tlsclientconfig.Config{
|
|
CACertFilename: o.CACertFilename,
|
|
CACertData: o.CACertData,
|
|
SkipTLSVerify: o.SkipTLSVerify,
|
|
Renegotiation: o.renegotiationSupport(),
|
|
}
|
|
}
|
|
|
|
func (o tlsOptions) renegotiationSupport() tls.RenegotiationSupport {
|
|
if o.RenegotiateOnceAsClient {
|
|
return tls.RenegotiateOnceAsClient
|
|
}
|
|
if o.RenegotiateFreelyAsClient {
|
|
return tls.RenegotiateFreelyAsClient
|
|
}
|
|
return tls.RenegotiateNever
|
|
}
|