From a10299ffbf3ef106d37c4fad76f2f273562c11fd Mon Sep 17 00:00:00 2001 From: joshblakeley Date: Wed, 1 Aug 2018 16:13:46 +0100 Subject: [PATCH] enable inialisation of tls client for dash comms --- api_definition.go | 4 +--- dashboard_register.go | 36 ++++++++++++++++++++++++++++++++---- policy.go | 4 +--- 3 files changed, 34 insertions(+), 10 deletions(-) diff --git a/api_definition.go b/api_definition.go index c5a2b666366a..a54d86c503a2 100644 --- a/api_definition.go +++ b/api_definition.go @@ -254,9 +254,7 @@ func (a APIDefinitionLoader) FromDashboardService(endpoint, secret string) ([]*A newRequest.Header.Set("x-tyk-nonce", ServiceNonce) - c := &http.Client{ - Timeout: 120 * time.Second, - } + c := initialiseClient(120 * time.Second) resp, err := c.Do(newRequest) if err != nil { return nil, err diff --git a/dashboard_register.go b/dashboard_register.go index 38f44d074b2c..cfc24608f6f4 100644 --- a/dashboard_register.go +++ b/dashboard_register.go @@ -1,6 +1,7 @@ package main import ( + "crypto/tls" "encoding/json" "errors" "fmt" @@ -36,6 +37,34 @@ type HTTPDashboardHandler struct { heartBeatStopSentinel bool } +func initialiseClient(timeout time.Duration) *http.Client { + client := &http.Client{} + if config.Global().HttpServerOptions.UseSSL { + certs := make([]tls.Certificate, len(config.Global().HttpServerOptions.Certificates)) + certNameMap := make(map[string]*tls.Certificate) + for i, certData := range config.Global().HttpServerOptions.Certificates { + cert, err := tls.LoadX509KeyPair(certData.CertFile, certData.KeyFile) + if err != nil { + log.Fatalf("Server error: loadkeys: %s", err) + } + certs[i] = cert + certNameMap[certData.Name] = &certs[i] + } + // Setup HTTPS client + tlsConfig := &tls.Config{ + Certificates: certs, + InsecureSkipVerify: config.Global().HttpServerOptions.SSLInsecureSkipVerify, + NameToCertificate: certNameMap, + } + transport := &http.Transport{TLSClientConfig: tlsConfig} + client = &http.Client{Transport: transport} + + } else { + + client = &http.Client{Timeout: timeout} + } + return client +} func reLogin() { if !config.Global().UseDBAppConfigs { return @@ -84,8 +113,7 @@ func (h *HTTPDashboardHandler) Init() error { func (h *HTTPDashboardHandler) Register() error { req := h.newRequest(h.RegistrationEndpoint) - - c := &http.Client{Timeout: 5 * time.Second} + c := initialiseClient(5 * time.Second) resp, err := c.Do(req) if err != nil { @@ -156,8 +184,8 @@ func (h *HTTPDashboardHandler) sendHeartBeat() error { req := h.newRequest(h.HeartBeatEndpoint) req.Header.Set("x-tyk-nodeid", NodeID) req.Header.Set("x-tyk-nonce", ServiceNonce) + c := initialiseClient(5 * time.Second) - c := &http.Client{Timeout: 5 * time.Second} resp, err := c.Do(req) if err != nil || resp.StatusCode != 200 { return errors.New("dashboard is down? Heartbeat is failing") @@ -182,7 +210,7 @@ func (h *HTTPDashboardHandler) DeRegister() error { req.Header.Set("x-tyk-nodeid", NodeID) req.Header.Set("x-tyk-nonce", ServiceNonce) - c := &http.Client{Timeout: 5 * time.Second} + c := initialiseClient(5 * time.Second) resp, err := c.Do(req) if err != nil { diff --git a/policy.go b/policy.go index e386d8464106..2b5280297f08 100644 --- a/policy.go +++ b/policy.go @@ -80,9 +80,7 @@ func LoadPoliciesFromDashboard(endpoint, secret string, allowExplicit bool) map[ log.WithFields(logrus.Fields{ "prefix": "policy", }).Info("Mutex lock acquired... calling") - c := &http.Client{ - Timeout: 10 * time.Second, - } + c := initialiseClient(10 * time.Second) log.WithFields(logrus.Fields{ "prefix": "policy",