1package main
 2
 3import (
 4	"crypto/tls"
 5	"crypto/x509"
 6	"os"
 7
 8	"github.com/charmbracelet/log"
 9	"gopkg.in/yaml.v3"
10)
11
12type Config struct {
13	Server struct {
14		CertFilePath string `yaml:"certFilePath"`
15		KeyFilePath  string `yaml:"keyFilePath"`
16	} `yaml:"server"`
17	Client struct {
18		CACertFilePath string `yaml:"cACertFilePath"`
19	} `yaml:"client"`
20
21	TodoPath string `yaml:"todoPath"`
22}
23
24func getConfig() Config {
25	configFile, err := os.ReadFile("./config.yaml")
26	if err != nil {
27		log.Fatalf("Can't read config file: %s", err)
28	}
29
30	var cfg Config
31	yaml.Unmarshal(configFile, &cfg)
32	return cfg
33}
34
35func getTLSConfig(config Config) *tls.Config {
36
37	serverTLSCert, err := tls.LoadX509KeyPair(config.Server.CertFilePath, config.Server.KeyFilePath)
38	if err != nil {
39		log.Fatalf("error opening certificate and key file for control connection. Error %v", err)
40		return nil
41	}
42
43	certPool := x509.NewCertPool()
44	if caCertPEM, err := os.ReadFile(config.Client.CACertFilePath); err != nil {
45		panic(err)
46	} else if ok := certPool.AppendCertsFromPEM(caCertPEM); !ok {
47		panic("invalid cert in CA PEM")
48	}
49
50	return &tls.Config{
51		ClientAuth:   tls.RequireAndVerifyClientCert,
52		ClientCAs:    certPool,
53		Certificates: []tls.Certificate{serverTLSCert},
54	}
55}