-
Notifications
You must be signed in to change notification settings - Fork 276
/
ztsclient.go
61 lines (56 loc) · 1.36 KB
/
ztsclient.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
// Copyright 2018 Yahoo Holdings, Inc.
// Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms.
package athenzutils
import (
"crypto/tls"
"crypto/x509"
"io/ioutil"
"net/http"
"github.com/AthenZ/athenz/clients/go/zts"
)
func ZtsClient(ztsUrl, keyFile, certFile, caCertFile string, proxy bool) (*zts.ZTSClient, error) {
keypem, err := ioutil.ReadFile(keyFile)
if err != nil {
return nil, err
}
certpem, err := ioutil.ReadFile(certFile)
if err != nil {
return nil, err
}
var cacertpem []byte
if caCertFile != "" {
cacertpem, err = ioutil.ReadFile(caCertFile)
if err != nil {
return nil, err
}
}
config, err := tlsConfiguration(keypem, certpem, cacertpem)
if err != nil {
return nil, err
}
tr := &http.Transport{
TLSClientConfig: config,
}
if proxy {
tr.Proxy = http.ProxyFromEnvironment
}
client := zts.NewClient(ztsUrl, tr)
return &client, nil
}
func tlsConfiguration(keypem, certpem, cacertpem []byte) (*tls.Config, error) {
config := &tls.Config{}
if certpem != nil && keypem != nil {
mycert, err := tls.X509KeyPair(certpem, keypem)
if err != nil {
return nil, err
}
config.Certificates = make([]tls.Certificate, 1)
config.Certificates[0] = mycert
}
if cacertpem != nil {
certPool := x509.NewCertPool()
certPool.AppendCertsFromPEM(cacertpem)
config.RootCAs = certPool
}
return config, nil
}