Add a convenience type to specify TLS auth ACLs on the command line

serverutil/tls.go

@@ -2,10 +2,12 @@ package serverutil
 
 import (
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"log"
 	"net/http"
 	"regexp"
+	"strings"
 
 	common "git.autistici.org/ai3/go-common"
 )
@@ -42,6 +44,31 @@ func (p *TLSAuthACL) match(req *http.Request) bool {
 	return false
 }
 
+// TLSAuthACLListFlag is a convenience type that allows callers to use
+// the 'flag' package to specify a list of TLSAuthACL objects. It
+// implements the flag.Value interface.
+type TLSAuthACLListFlag []*TLSAuthACL
+
+func (l TLSAuthACLListFlag) String() string {
+	var out []string
+	for _, acl := range l {
+		out = append(out, fmt.Sprintf("%s:%s", acl.Path, acl.CommonName))
+	}
+	return strings.Join(out, ",")
+}
+
+func (l *TLSAuthACLListFlag) Set(value string) error {
+	parts := strings.SplitN(value, ":", 2)
+	if len(parts) != 2 {
+		return errors.New("bad acl format")
+	}
+	*l = append(*l, &TLSAuthACL{
+		Path:       parts[0],
+		CommonName: parts[1],
+	})
+	return nil
+}
+
 // TLSAuthConfig stores access control lists for TLS authentication. Access
 // control lists are matched against the request path and the
 // CommonName component of the peer certificate subject.