interfaces (#20)

Author: f0ssel

jail.go

@@ -2,6 +2,7 @@ package jail
 
 import (
 "context"
+cryptotls "crypto/tls"
 "fmt"
 "log/slog"
 "os/exec"
@@ -10,7 +11,6 @@ import (
 
 "github.com/coder/jail/namespace"
 "github.com/coder/jail/proxy"
-"github.com/coder/jail/tls"
 )
 
 type Commander interface {
@@ -19,19 +19,23 @@ type Commander interface {
 Close() error
 }
 
+type CertificateManager interface {
+SetupTLSAndWriteCACert() (*cryptotls.Config, string, string, error)
+}
+
 type Config struct {
 RuleEngine proxy.RuleEvaluator
 Auditor proxy.Auditor
-CertManager *tls.CertificateManager
+CertManager CertificateManager
 Logger *slog.Logger
 }
 
 type Jail struct {
-commandExecutor Commander
-proxyServer  *proxy.ProxyServer
-logger  *slog.Logger
-ctx  context.Context
-cancel  context.CancelFunc
+commander  Commander
+proxyServer *proxy.ProxyServer
+logger *slog.Logger
+ctx context.Context
+cancel context.CancelFunc
 }
 
 func New(ctx context.Context, config Config) (*Jail, error) {
@@ -75,17 +79,17 @@ func New(ctx context.Context, config Config) (*Jail, error) {
 ctx, cancel := context.WithCancel(ctx)
 
 return &Jail{
-commandExecutor: commander,
-proxyServer:  proxyServer,
-logger:  config.Logger,
-ctx:  ctx,
-cancel:  cancel,
+commander:  commander,
+proxyServer: proxyServer,
+logger: config.Logger,
+ctx: ctx,
+cancel: cancel,
 }, nil
 }
 
 func (j *Jail) Start() error {
 // Open the command executor (network namespace)
-err := j.commandExecutor.Start()
+err := j.commander.Start()
 if err != nil {
 return fmt.Errorf("failed to open command executor: %v", err)
 }
@@ -105,7 +109,7 @@ func (j *Jail) Start() error {
 }
 
 func (j *Jail) Command(command []string) *exec.Cmd {
-return j.commandExecutor.Command(command)
+return j.commander.Command(command)
 }
 
 func (j *Jail) Close() error {
@@ -118,7 +122,7 @@ func (j *Jail) Close() error {
 }
 
 // Close command executor
-return j.commandExecutor.Close()
+return j.commander.Close()
 }
 
 // newCommander creates a new NetJail instance for the current platform

tls/tls.go

@@ -51,22 +51,6 @@ func NewCertificateManager(logger *slog.Logger) (*CertificateManager, error) {
 return cm, nil
 }
 
-// GetTLSConfig returns a TLS config that generates certificates on-demand
-func (cm *CertificateManager) GetTLSConfig() *tls.Config {
-return &tls.Config{
-GetCertificate: cm.getCertificate,
-MinVersion: tls.VersionTLS12,
-}
-}
-
-// GetCACertPEM returns the CA certificate in PEM format
-func (cm *CertificateManager) GetCACertPEM() ([]byte, error) {
-return pem.EncodeToMemory(&pem.Block{
-Type: "CERTIFICATE",
-Bytes: cm.caCert.Raw,
-}), nil
-}
-
 // SetupTLSAndWriteCACert sets up TLS config and writes CA certificate to file
 // Returns the TLS config, CA cert path, and config directory
 func (cm *CertificateManager) SetupTLSAndWriteCACert() (*tls.Config, string, string, error) {
@@ -77,10 +61,10 @@ func (cm *CertificateManager) SetupTLSAndWriteCACert() (*tls.Config, string, str
 }
 
 // Get TLS config
-tlsConfig := cm.GetTLSConfig()
+tlsConfig := cm.getTLSConfig()
 
 // Get CA certificate PEM
-caCertPEM, err := cm.GetCACertPEM()
+caCertPEM, err := cm.getCACertPEM()
 if err != nil {
 return nil, "", "", fmt.Errorf("failed to get CA certificate: %v", err)
 }
@@ -111,6 +95,22 @@ func (cm *CertificateManager) loadOrGenerateCA() error {
 return cm.generateCA(caKeyPath, caCertPath)
 }
 
+// getTLSConfig returns a TLS config that generates certificates on-demand
+func (cm *CertificateManager) getTLSConfig() *tls.Config {
+return &tls.Config{
+GetCertificate: cm.getCertificate,
+MinVersion: tls.VersionTLS12,
+}
+}
+
+// getCACertPEM returns the CA certificate in PEM format
+func (cm *CertificateManager) getCACertPEM() ([]byte, error) {
+return pem.EncodeToMemory(&pem.Block{
+Type: "CERTIFICATE",
+Bytes: cm.caCert.Raw,
+}), nil
+}
+
 // loadExistingCA attempts to load existing CA files
 func (cm *CertificateManager) loadExistingCA(keyPath, certPath string) bool {
 // Check if files exist