/
transport.go
139 lines (123 loc) · 3.64 KB
/
transport.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package winrmkrb5
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"net/http"
"strings"
"time"
"github.com/bhoriuchi/go-winrmkrb5/spnego"
"github.com/pkg/errors"
"github.com/masterzen/winrm"
"github.com/masterzen/winrm/soap"
)
const soapXML = "application/soap+xml"
// Transport implements the winrm.Transporter interface.
type Transport struct {
HTTPClient *http.Client
Endpoint *winrm.Endpoint
Username string
Password string
Domain string
KDC []string
KRB5Conf string
Timeout time.Duration
}
// Transport applies configuration parameters from the Endpoint to the underlying HTTPClient.
// If the HTTPClient is nil, a new instance of http.Client will be created.
func (t *Transport) Transport(endpoint *winrm.Endpoint) error {
if t.HTTPClient == nil {
t.HTTPClient = &http.Client{
Transport: &spnego.Transport{
Username: t.Username,
Password: t.Password,
Domain: t.Domain,
KDC: t.KDC,
KRB5Config: t.KRB5Conf,
},
}
// Add optional timeout
if t.Timeout > 0 {
t.HTTPClient.Timeout = t.Timeout
}
}
if httpTr, ok := t.HTTPClient.Transport.(*spnego.Transport); ok {
if httpTr.TLSClientConfig == nil {
httpTr.TLSClientConfig = &tls.Config{}
}
httpTr.TLSClientConfig.InsecureSkipVerify = endpoint.Insecure
httpTr.TLSClientConfig.ServerName = endpoint.TLSServerName
httpTr.ResponseHeaderTimeout = endpoint.Timeout
if len(endpoint.CACert) > 0 {
certPool := x509.NewCertPool()
if !certPool.AppendCertsFromPEM(endpoint.CACert) {
return errors.New("unable to read certificates")
}
httpTr.TLSClientConfig.RootCAs = certPool
}
} else {
return errors.New("unable to apply WinRM endpoint parameters to unknown HTTP Transport")
}
t.Endpoint = endpoint
return nil
}
// Post sends a POST request to WinRM server with the provided SOAP payload.
// If the WinRM web service responds with Unauthorized status, the method performs KRB5 authentication.
func (t *Transport) Post(client *winrm.Client, request *soap.SoapMessage) (string, error) {
req, err := t.makeRequest(request.String())
if err != nil {
return "", err
}
resp, err := t.HTTPClient.Do(req)
if err != nil {
return "", err
}
body, err := t.body(resp)
if err != nil {
return "", err
}
bodyErrStr := func(body string) string {
if len(body) > 100 {
return body[:100] + "..."
}
if len(body) == 0 {
return "<no http content>"
}
return body
}
if resp.StatusCode != http.StatusOK {
return "", fmt.Errorf("http error %d: %s", resp.StatusCode, bodyErrStr(body))
}
ct := resp.Header.Get("Content-Type")
if !strings.Contains(ct, soapXML) {
return body, fmt.Errorf("incorrect Content-Type \"%s\" (expected %s): %s",
ct, soapXML, bodyErrStr(body))
}
return body, nil
}
// EndpointURL returns a WinRM http(s) URL.
// It does the same job as unexported method url() for the winrm.Endpoint type.
func (t *Transport) EndpointURL() string {
scheme := "http"
if t.Endpoint.HTTPS {
scheme = "https"
}
return fmt.Sprintf("%s://%s:%d/wsman", scheme, t.Endpoint.Host, t.Endpoint.Port)
}
func (t *Transport) makeRequest(payload string) (*http.Request, error) {
req, err := http.NewRequest("POST", t.EndpointURL(), strings.NewReader(payload))
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", soapXML+";charset=UTF-8")
return req, nil
}
// body func reads the response body and return it as a string
func (t *Transport) body(response *http.Response) (string, error) {
body, err := ioutil.ReadAll(response.Body)
if err != nil {
return "", errors.Wrap(err, "reading http response body")
}
return string(body), errors.Wrap(response.Body.Close(), "reading http response body")
}