in src/go/util/transport_socket.go [77:130]
func CreateCommonTlsContext(rootCertsPath, sslPath, sslFileName, sslMinimumProtocol, sslMaximumProtocol string, cipherSuites string) (*tlspb.CommonTlsContext, error) {
commonTls := &tlspb.CommonTlsContext{}
// Add TLS certificate
if sslPath != "" && sslFileName != "" {
if !strings.HasSuffix(sslPath, "/") {
sslPath = fmt.Sprintf("%s/", sslPath)
}
commonTls.TlsCertificates = []*tlspb.TlsCertificate{
{
CertificateChain: &corepb.DataSource{
Specifier: &corepb.DataSource_Filename{
Filename: fmt.Sprintf("%s%s.crt", sslPath, sslFileName),
},
},
PrivateKey: &corepb.DataSource{
Specifier: &corepb.DataSource_Filename{
Filename: fmt.Sprintf("%s%s.key", sslPath, sslFileName),
},
},
},
}
}
// Add Validation Context
if rootCertsPath != "" {
commonTls.ValidationContextType = &tlspb.CommonTlsContext_ValidationContext{
ValidationContext: &tlspb.CertificateValidationContext{
TrustedCa: &corepb.DataSource{
Specifier: &corepb.DataSource_Filename{
Filename: rootCertsPath,
},
},
},
}
}
if sslMinimumProtocol != "" || sslMaximumProtocol != "" || cipherSuites != "" {
commonTls.TlsParams = &tlspb.TlsParameters{}
if minVersion, ok := tlsProtocolVersionMap[sslMinimumProtocol]; ok {
commonTls.TlsParams.TlsMinimumProtocolVersion = minVersion
}
if maxVersion, ok := tlsProtocolVersionMap[sslMaximumProtocol]; ok {
commonTls.TlsParams.TlsMaximumProtocolVersion = maxVersion
}
if cipherSuites != "" {
cipherSuitesList := strings.Split(cipherSuites, ",")
commonTls.TlsParams.CipherSuites = cipherSuitesList
}
}
return commonTls, nil
}