1package main
 2
 3import (
 4	"crypto/tls"
 5	"crypto/x509"
 6	"flag"
 7	"os"
 8
 9	"github.com/charmbracelet/log"
10	"gopkg.in/yaml.v3"
11)
12
13type Config struct {
14	Server struct {
15		CertFilePath string `yaml:"certFilePath"`
16		KeyFilePath  string `yaml:"keyFilePath"`
17	} `yaml:"server"`
18	Client struct {
19		CACertFilePath string `yaml:"cACertFilePath"`
20	} `yaml:"client"`
21
22	TodoPath string `yaml:"todoPath"`
23}
24
25func getConfig() Config {
26	configPath := flag.String("config", "config.yaml", "Path to config file")
27	flag.Parse()
28
29	configFile, err := os.ReadFile(*configPath)
30	if err != nil {
31		log.Fatalf("Can't read config file: %s", err)
32	}
33
34	var cfg Config
35	yaml.Unmarshal(configFile, &cfg)
36	return cfg
37}
38
39func getTLSConfig(config Config) *tls.Config {
40
41	serverTLSCert, err := tls.LoadX509KeyPair(config.Server.CertFilePath, config.Server.KeyFilePath)
42	if err != nil {
43		log.Fatalf("error opening certificate and key file for control connection. Error %v", err)
44		return nil
45	}
46
47	certPool := x509.NewCertPool()
48	if caCertPEM, err := os.ReadFile(config.Client.CACertFilePath); err != nil {
49		panic(err)
50	} else if ok := certPool.AppendCertsFromPEM(caCertPEM); !ok {
51		panic("invalid cert in CA PEM")
52	}
53
54	return &tls.Config{
55		ClientAuth:   tls.RequireAndVerifyClientCert,
56		ClientCAs:    certPool,
57		Certificates: []tls.Certificate{serverTLSCert},
58	}
59}