2022-10-21 08:41:33 +00:00
package validator
import (
"crypto/tls"
"errors"
"fmt"
"github.com/authelia/authelia/v4/internal/configuration/schema"
)
// ValidateTLSConfig sets the default values and validates a schema.TLSConfig.
func ValidateTLSConfig ( config * schema . TLSConfig , configDefault * schema . TLSConfig ) ( err error ) {
2023-04-19 04:27:10 +00:00
if configDefault == nil {
return errors . New ( "must provide configDefault" )
}
2022-10-21 08:41:33 +00:00
if config == nil {
return
}
if config . ServerName == "" {
config . ServerName = configDefault . ServerName
}
if config . MinimumVersion . Value == 0 {
config . MinimumVersion . Value = configDefault . MinimumVersion . Value
}
if config . MaximumVersion . Value == 0 {
config . MaximumVersion . Value = configDefault . MaximumVersion . Value
}
if config . MinimumVersion . MinVersion ( ) < tls . VersionTLS10 {
return errors . New ( "option 'minimum_version' is invalid: minimum version is TLS1.0 but SSL3.0 was configured" )
}
if config . MinimumVersion . MinVersion ( ) > config . MaximumVersion . MaxVersion ( ) {
return fmt . Errorf ( "option combination of 'minimum_version' and 'maximum_version' is invalid: minimum version %s is greater than the maximum version %s" , config . MinimumVersion . String ( ) , config . MaximumVersion . String ( ) )
}
if ( config . CertificateChain . HasCertificates ( ) || config . PrivateKey != nil ) && ! config . CertificateChain . EqualKey ( config . PrivateKey ) {
2023-04-19 04:27:10 +00:00
return errors . New ( "option 'certificates' is invalid: provided certificate does not contain the public key for the private key provided" )
2022-10-21 08:41:33 +00:00
}
return nil
}