Use constants for tls versions

gogatekeeper · Oct 28, 2024 · 7d5ee9a · 7d5ee9a
1 parent 35bfe7e
commit 7d5ee9a
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 16 deletions.
diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go
@@ -103,6 +103,9 @@ const (
 	DefaultOpaTimeout                    = 10 * time.Second
 
 	ForwardingGrantTypePassword = "password"
+
+	TLS13 = "tlsv1.3"
+	TLS12 = "tlsv1.2"
 )
 
 var SignatureAlgs = [3]jose.SignatureAlgorithm{jose.RS256, jose.HS256, jose.HS512}
diff --git a/pkg/google/config/config.go b/pkg/google/config/config.go
@@ -222,7 +222,7 @@ func NewDefaultConfig() *Config {
 		SkipAccessTokenIssuerCheck:    true,
 		SkipAccessTokenClientIDCheck:  true,
 		Tags:                          make(map[string]string),
-		TLSMinVersion:                 "tlsv1.3",
+		TLSMinVersion:                 constant.TLS13,
 		UpstreamExpectContinueTimeout: constant.DefaultUpstreamExpectContinueTimeout,
 		UpstreamKeepaliveTimeout:      constant.DefaultUpstreamKeepaliveTimeout,
 		UpstreamKeepalives:            true,
@@ -485,8 +485,8 @@ func (r *Config) isTLSMinValid() error {
 	switch strings.ToLower(r.TLSMinVersion) {
 	case "":
 		return apperrors.ErrMinimalTLSVersionEmpty
-	case "tlsv1.2":
-	case "tlsv1.3":
+	case constant.TLS12:
+	case constant.TLS13:
 	default:
 		return apperrors.ErrInvalidMinimalTLSVersion
 	}

diff --git a/pkg/keycloak/config/config.go b/pkg/keycloak/config/config.go
@@ -232,7 +232,7 @@ func NewDefaultConfig() *Config {
 		SkipAccessTokenIssuerCheck:    true,
 		SkipAccessTokenClientIDCheck:  true,
 		Tags:                          make(map[string]string),
-		TLSMinVersion:                 "tlsv1.3",
+		TLSMinVersion:                 constant.TLS13,
 		UpstreamExpectContinueTimeout: constant.DefaultUpstreamExpectContinueTimeout,
 		UpstreamKeepaliveTimeout:      constant.DefaultUpstreamKeepaliveTimeout,
 		UpstreamKeepalives:            true,
@@ -491,8 +491,8 @@ func (r *Config) isTLSMinValid() error {
 	switch strings.ToLower(r.TLSMinVersion) {
 	case "":
 		return apperrors.ErrMinimalTLSVersionEmpty
-	case "tlsv1.2":
-	case "tlsv1.3":
+	case constant.TLS12:
+	case constant.TLS13:
 	default:
 		return apperrors.ErrInvalidMinimalTLSVersion
 	}

diff --git a/pkg/keycloak/config/config_test.go b/pkg/keycloak/config/config_test.go
@@ -148,7 +148,7 @@ func TestIsConfig(t *testing.T) {
 				Upstream:            "http://120.0.0.1",
 				MaxIdleConns:        100,
 				MaxIdleConnsPerHost: 50,
-				TLSMinVersion:       "tlsv1.2",
+				TLSMinVersion:       constant.TLS12,
 			},
 			Ok: true,
 		},
@@ -198,7 +198,7 @@ func TestIsConfig(t *testing.T) {
 				Upstream:              "http://120.0.0.1",
 				MaxIdleConns:          100,
 				MaxIdleConnsPerHost:   50,
-				TLSMinVersion:         "tlsv1.3",
+				TLSMinVersion:         constant.TLS13,
 			},
 			Ok: true,
 		},
@@ -260,7 +260,7 @@ func TestIsConfig(t *testing.T) {
 				SecureCookie:        true,
 				MaxIdleConns:        100,
 				MaxIdleConnsPerHost: 50,
-				TLSMinVersion:       "tlsv1.3",
+				TLSMinVersion:       constant.TLS13,
 			},
 			Ok: true,
 		},
@@ -1222,14 +1222,14 @@ func TestIsTLSMinValid(t *testing.T) {
 		{
 			Name: "ValidTLS1.2",
 			Config: &Config{
-				TLSMinVersion: "tlsv1.2",
+				TLSMinVersion: constant.TLS12,
 			},
 			Valid: true,
 		},
 		{
 			Name: "ValidTLS1.3",
 			Config: &Config{
-				TLSMinVersion: "tlsv1.3",
+				TLSMinVersion: constant.TLS13,
 			},
 			Valid: true,
 		},

diff --git a/pkg/keycloak/proxy/server.go b/pkg/keycloak/proxy/server.go
@@ -1119,9 +1119,9 @@ func makeListenerConfig(config *config.Config) listenerConfig {
 	switch strings.ToLower(config.TLSMinVersion) {
 	case "":
 		minTLSVersion = 0 // zero means default value
-	case "tlsv1.2":
+	case constant.TLS12:
 		minTLSVersion = tls.VersionTLS12
-	case "tlsv1.3":
+	case constant.TLS13:
 		minTLSVersion = tls.VersionTLS13
 	}
 

diff --git a/pkg/testsuite/server_test.go b/pkg/testsuite/server_test.go
@@ -1870,7 +1870,7 @@ func TestTLS(t *testing.T) {
 				conf.TLSPrivateKey = os.TempDir() + FakePrivFilePrefix + strconv.Itoa(rand.Intn(10000))
 				conf.TLSCaCertificate = os.TempDir() + FakeCaFilePrefix + strconv.Itoa(rand.Intn(10000))
 				conf.Listen = testProxyAddr
-				conf.TLSMinVersion = "tlsv1.3"
+				conf.TLSMinVersion = constant.TLS13
 				conf.NoRedirects = true
 			},
 			ExecutionSettings: []fakeRequest{
@@ -1891,7 +1891,7 @@ func TestTLS(t *testing.T) {
 				conf.TLSPrivateKey = os.TempDir() + FakePrivFilePrefix + strconv.Itoa(rand.Intn(10000))
 				conf.TLSCaCertificate = os.TempDir() + FakeCaFilePrefix + strconv.Itoa(rand.Intn(10000))
 				conf.Listen = testProxyAddr
-				conf.TLSMinVersion = "tlsv1.2"
+				conf.TLSMinVersion = constant.TLS12
 				conf.NoRedirects = true
 			},
 			ExecutionSettings: []fakeRequest{
@@ -1912,7 +1912,7 @@ func TestTLS(t *testing.T) {
 				conf.TLSPrivateKey = os.TempDir() + FakePrivFilePrefix + strconv.Itoa(rand.Intn(10000))
 				conf.TLSCaCertificate = os.TempDir() + FakeCaFilePrefix + strconv.Itoa(rand.Intn(10000))
 				conf.Listen = testProxyAddr
-				conf.TLSMinVersion = "tlsv1.3"
+				conf.TLSMinVersion = constant.TLS13
 			},
 			ExecutionSettings: []fakeRequest{
 				{