MEDIUM: Add global ocsp-update keywords

Added: - ocsp-update.disable - ocsp-update.httpproxy - ocsp-update.maxdelay - ocsp-update.mindelay - ocsp-update.mode
haproxytech · Jul 1, 2024 · 9e3c9b2 · 9e3c9b2
1 parent 71696d3
commit 9e3c9b2
Show file tree

Hide file tree

Showing 11 changed files with 1,012 additions and 8 deletions.
diff --git a/configuration/global.go b/configuration/global.go
@@ -1195,6 +1195,11 @@ func ParseGlobalSection(p parser.Parser) (*models.Global, error) { //nolint:goco
 		}
 	}
 
+	ocspUpdate, err := parseOcspUpdateOptions(p)
+	if err != nil {
+		return nil, err
+	}
+
 	global := &models.Global{
 		Anonkey:                           anonkey,
 		PresetEnvs:                        presetEnvs,
@@ -1312,6 +1317,7 @@ func ParseGlobalSection(p parser.Parser) (*models.Global, error) { //nolint:goco
 		SslSecurityLevel:                  sslSecurityLevel,
 		HTTPErrCodes:                      errCodes,
 		HTTPFailCodes:                     failCodes,
+		OcspUpdate:                        ocspUpdate,
 	}
 
 	return global, nil
@@ -2375,6 +2381,10 @@ func SerializeGlobalSection(p parser.Parser, data *models.Global) error { //noli
 		return err
 	}
 
+	if err := serializeOcspUpdateOptions(p, data.OcspUpdate); err != nil {
+		return err
+	}
+
 	return serializeTuneOptions(p, data.TuneOptions)
 }
 
@@ -2394,6 +2404,49 @@ func serializeHardenOptions(p parser.Parser, options *models.GlobalHarden) error
 	return serializeOnOffOption(p, "harden.reject-privileged-ports.tcp", rppTCP)
 }
 
+func serializeOcspUpdateOptions(p parser.Parser, options *models.GlobalOcspUpdate) error {
+	if options == nil {
+		return nil
+	}
+	disable := ""
+	if options.Disable != nil {
+		switch *options.Disable {
+		case true:
+			disable = "enabled"
+		case false:
+			disable = "disabled"
+		}
+	}
+	if err := serializeOnOffOption(p, "ocsp-update.disable", disable); err != nil {
+		return err
+	}
+
+	if options.Maxdelay != nil && options.Mindelay != nil && *options.Maxdelay < *options.Mindelay {
+		return errors.New("ocsp-update.maxdelay must be greater than ocsp-update.mindelay")
+	}
+
+	if err := serializeInt64POption(p, "ocsp-update.mindelay", options.Mindelay); err != nil {
+		return err
+	}
+	if err := serializeInt64POption(p, "ocsp-update.maxdelay", options.Maxdelay); err != nil {
+		return err
+	}
+
+	addr := ""
+	if options.Httpproxy != nil {
+		addr = options.Httpproxy.Address
+		if options.Httpproxy.Port != nil {
+			addr = fmt.Sprintf("%s:%d", addr, *options.Httpproxy.Port)
+		}
+
+	}
+	if err := serializeStringOption(p, "ocsp-update.httpproxy", addr); err != nil {
+		return err
+	}
+
+	return serializeOnOffOption(p, "ocsp-update.mode", options.Mode)
+}
+
 func serializeWurflOptions(p parser.Parser, options *models.GlobalWurflOptions) error {
 	if options == nil {
 		return nil
@@ -2861,6 +2914,53 @@ func parseFiftyOneDegreesOptions(p parser.Parser) (*models.GlobalFiftyOneDegrees
 	return options, nil
 }
 
+func parseOcspUpdateOptions(p parser.Parser) (*models.GlobalOcspUpdate, error) {
+	options := &models.GlobalOcspUpdate{}
+	ocspUpdateDisable, err := parseOnOffOption(p, "ocsp-update.disable")
+	if err != nil {
+		return nil, err
+	}
+	switch ocspUpdateDisable {
+	case "disabled":
+		options.Disable = misc.BoolP(false)
+	case "enabled":
+		options.Disable = misc.BoolP(true)
+	default:
+		options.Disable = nil
+	}
+
+	minDelayP, err := parseInt64POption(p, "ocsp-update.mindelay")
+	if err != nil {
+		return nil, err
+	}
+	options.Mindelay = minDelayP
+
+	maxDelayP, err := parseInt64POption(p, "ocsp-update.maxdelay")
+	if err != nil {
+		return nil, err
+	}
+	options.Maxdelay = maxDelayP
+
+	addressPort, err := parseStringOption(p, "ocsp-update.httpproxy")
+	if err != nil {
+		return nil, err
+	}
+	address, port := ParseAddress(addressPort)
+	if address != "" {
+		options.Httpproxy = &models.GlobalOcspUpdateHttpproxy{}
+		options.Httpproxy.Address = address
+		options.Httpproxy.Port = port
+	}
+
+	mode, err := parseOnOffOption(p, "ocsp-update.mode")
+	if err != nil {
+		return nil, err
+	}
+	options.Mode = mode
+
+	return options, nil
+}
+
 func parseHardenOptions(p parser.Parser) (*models.GlobalHarden, error) {
 	options := &models.GlobalHarden{}
 	hardenRejectPrivilgedPortQuic, err := parseOnOffOption(p, "harden.reject-privileged-ports.quic")

diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/google/renameio v1.0.1
 	github.com/google/uuid v1.6.0
-	github.com/haproxytech/config-parser/v5 v5.1.1-0.20240624075631-c75eaad880c2
+	github.com/haproxytech/config-parser/v5 v5.1.1-0.20240624144932-f03e520c3b70
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/mitchellh/mapstructure v1.5.0

diff --git a/go.sum b/go.sum
@@ -32,8 +32,8 @@ github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU
 github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/haproxytech/config-parser/v5 v5.1.1-0.20240624075631-c75eaad880c2 h1:sdgelGYw2i16OL47z2bYEiwjuH7KDWC4P9WLQ0BFZd0=
-github.com/haproxytech/config-parser/v5 v5.1.1-0.20240624075631-c75eaad880c2/go.mod h1:uzi0JXWJYW31M1AzGsczaJtEaoG54qP0LX8B1A2iQRw=
+github.com/haproxytech/config-parser/v5 v5.1.1-0.20240624144932-f03e520c3b70 h1:8pxJQsl770NboyHoa6t2i2hvRfzSLi8FvFwTAIlg8J4=
+github.com/haproxytech/config-parser/v5 v5.1.1-0.20240624144932-f03e520c3b70/go.mod h1:uzi0JXWJYW31M1AzGsczaJtEaoG54qP0LX8B1A2iQRw=
 github.com/haproxytech/go-logger v1.1.0 h1:HgGtYaI1ApkvbQdsm7f9AzQQoxTB7w37criTflh7IQE=
 github.com/haproxytech/go-logger v1.1.0/go.mod h1:OekUd8HCb7ubxMplzHUPBTHNxZmddOWfOjWclZsqIeM=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=