Automatically detect mkcert certificates

bradleyjkemp · Jun 18, 2019 · 17c6b08 · 17c6b08
1 parent 0dbaa0d
commit 17c6b08
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 1 deletion.
diff --git a/grpc-proxy/proxy.go b/grpc-proxy/proxy.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"github.com/bradleyjkemp/grpc-tools/internal"
 	"github.com/bradleyjkemp/grpc-tools/internal/codec"
+	"github.com/bradleyjkemp/grpc-tools/internal/detectcert"
 	"github.com/bradleyjkemp/grpc-tools/internal/tlsmux"
 	"github.com/improbable-eng/grpc-web/go/grpcweb"
 	"github.com/sirupsen/logrus"
@@ -51,6 +52,13 @@ func New(configurators ...Configurator) (*server, error) {
 	}
 	logger.SetLevel(level)
 
+	if s.certFile == "" && s.keyFile == "" {
+		s.certFile, s.keyFile, err = detectcert.Detect()
+		if err != nil {
+			s.logger.WithError(err).Info("Failed to detect certificates")
+		}
+	}
+
 	if s.certFile != "" && s.keyFile != "" {
 		var err error
 		s.tlsCert, err = tls.LoadX509KeyPair(s.certFile, s.keyFile)
@@ -73,6 +81,11 @@ func (s *server) Start() error {
 		return fmt.Errorf("failed to listen on port (%d): %v", s.port, err)
 	}
 	s.logger.Infof("Listening on %s", listener.Addr())
+	if s.x509Cert != nil {
+		s.logger.Infof("Intercepting TLS connections to domains: %s", s.x509Cert.DNSNames)
+	} else {
+		s.logger.Infof("Not intercepting TLS connections")
+	}
 
 	grpcWebHandler := grpcweb.WrapServer(
 		grpc.NewServer(s.serverOptions...),

diff --git a/internal/detectcert/detect.go b/internal/detectcert/detect.go
@@ -0,0 +1,43 @@
+package detectcert
+
+import (
+	"io/ioutil"
+	"os"
+	"strings"
+)
+
+var (
+	keySuffix = "-key.pem"
+	certSuffix = ".pem"
+)
+
+// Detect finds files in the current directory that look like
+// mkcert-generated key-certificate pairs
+func Detect() (cert string, key string, err error) {
+	wd, err := os.Getwd()
+	if err != nil {
+		return "", "", err
+	}
+	files, err := ioutil.ReadDir(wd)
+	if err != nil {
+		return "", "", err
+	}
+
+	for _, file := range files {
+		if file.IsDir() {
+			continue
+		}
+
+		if strings.HasSuffix(file.Name(), keySuffix) {
+			keyName := file.Name()
+			certName := strings.TrimSuffix(file.Name(), keySuffix) + certSuffix
+			_, err := os.Stat(certName)
+			if err == nil {
+				// found a key and a cert that match the mkcert pattern
+				return certName, keyName, nil
+			}
+		}
+	}
+
+	return "", "", nil
+}
diff --git a/internal/tlsmux/tls_mux.go b/internal/tlsmux/tls_mux.go
@@ -140,7 +140,7 @@ func handleTlsConn(logger logrus.FieldLogger, conn net.Conn, cert *x509.Certific
 	}
 
 	// cannot intercept so will just transparently proxy instead
-	logger.Infof("No certificate able to intercept connections to %s, proxying instead.", originalHostname)
+	logger.Debugf("No certificate able to intercept connections to %s, proxying instead.", originalHostname)
 	destConn, err := net.Dial(conn.LocalAddr().Network(), proxConn.OriginalDestination())
 	if err != nil {
 		logger.WithError(err).Warnf("Failed proxying connection to %s, Error while dialing.", originalHostname)