refactor and remove unnecessary exttlsconfig

salrashid123 · salrashid123 · commit 4b78a1d16745 · 2024-05-13T08:51:25.000-04:00
diff --git a/README.md b/README.md
@@ -56,15 +56,13 @@ If you just want to issue JWT's, see
 
 ### Usage TLS
 
-see `example/mtls` folder
-
 * for tpm see [mTLS with TPM bound private key](https://github.com/salrashid123/go_tpm_https_embed)
 * for kms see [mTLS with Google Cloud KMS](https://github.com/salrashid123/kms_golang_signer)
 
 
 ### Sign/Verify PSS
 
-see `example/sign_verify` folder
+see `example/sign_verify*` folders
 
 
 ### Sign/Verify ECC
diff --git a/kms/kms.go b/kms/kms.go
@@ -39,7 +39,6 @@ type KMS struct {
 	crypto.Signer // https://golang.org/pkg/crypto/#Signer
 
 	PublicKeyFile      string
-	ExtTLSConfig       *tls.Config
 	publicKey          crypto.PublicKey
 	ProjectId          string
 	LocationId         string
@@ -62,15 +61,6 @@ func NewKMSCrypto(conf *KMS) (KMS, error) {
 	if conf.ProjectId == "" {
 		return KMS{}, fmt.Errorf("ProjectID cannot be null")
 	}
-	if conf.ExtTLSConfig != nil {
-		if len(conf.ExtTLSConfig.Certificates) > 0 {
-			return KMS{}, fmt.Errorf("certificates value in ExtTLSConfig Ignored")
-		}
-
-		if len(conf.ExtTLSConfig.CipherSuites) > 0 {
-			return KMS{}, fmt.Errorf("cipherSuites value in ExtTLSConfig Ignored")
-		}
-	}
 	return *conf, nil
 }
 
@@ -134,19 +124,6 @@ func (t KMS) TLSCertificate() tls.Certificate {
 	}
 }
 
-func (t KMS) TLSConfig() *tls.Config {
-	return &tls.Config{
-		Certificates: []tls.Certificate{t.TLSCertificate()},
-		RootCAs:      t.ExtTLSConfig.RootCAs,
-		ClientCAs:    t.ExtTLSConfig.ClientCAs,
-		ClientAuth:   t.ExtTLSConfig.ClientAuth,
-		ServerName:   t.ExtTLSConfig.ServerName,
-
-		CipherSuites: t.ExtTLSConfig.CipherSuites,
-		MaxVersion:   t.ExtTLSConfig.MaxVersion,
-	}
-}
-
 func (t KMS) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
 	refreshMutex.Lock()
 	defer refreshMutex.Unlock()
diff --git a/tpm/tpm.go b/tpm/tpm.go
@@ -43,8 +43,7 @@ type TPM struct {
 	KeyHandle      uint32             // path to the ptm device /dev/tpm0
 	ECCRawOutput   bool               // for ECC keys, output raw signatures. If false, signature is ans1 formatted
 	refreshMutex   sync.Mutex
-	PublicCertFile string      // a provided public x509 certificate for the signer
-	ExtTLSConfig   *tls.Config // override tls.Config values
+	PublicCertFile string // a provided public x509 certificate for the signer
 	PCRs           []int
 
 	x509Certificate x509.Certificate
@@ -70,15 +69,6 @@ func NewTPMCrypto(conf *TPM) (TPM, error) {
 	if conf.TpmPath != "" && conf.KeyHandle == 0 {
 		return TPM{}, fmt.Errorf("salrashid123/x/oauth2/google:  if TPMTokenConfig.TPMPath is specified, a KeyHandle must be set")
 	}
-	if conf.ExtTLSConfig != nil {
-		if len(conf.ExtTLSConfig.Certificates) > 0 {
-			return TPM{}, fmt.Errorf("certificates value in ExtTLSConfig Ignored")
-		}
-
-		if len(conf.ExtTLSConfig.CipherSuites) > 0 {
-			return TPM{}, fmt.Errorf("cipherSuites value in ExtTLSConfig Ignored")
-		}
-	}
 	return *conf, nil
 }
 
@@ -237,18 +227,3 @@ func (t TPM) TLSCertificate() tls.Certificate {
 		Certificate: [][]byte{t.x509Certificate.Raw},
 	}
 }
-
-func (t TPM) TLSConfig() *tls.Config {
-
-	return &tls.Config{
-		Certificates: []tls.Certificate{t.TLSCertificate()},
-
-		RootCAs:      t.ExtTLSConfig.RootCAs,
-		ClientCAs:    t.ExtTLSConfig.ClientCAs,
-		ClientAuth:   t.ExtTLSConfig.ClientAuth,
-		ServerName:   t.ExtTLSConfig.ServerName,
-		CipherSuites: t.ExtTLSConfig.CipherSuites,
-		MaxVersion:   t.ExtTLSConfig.MaxVersion,
-		MinVersion:   t.ExtTLSConfig.MinVersion,
-	}
-}
