-
Notifications
You must be signed in to change notification settings - Fork 14
/
client.go
40 lines (33 loc) · 1.02 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
package common
import (
"crypto/tls"
"crypto/x509"
"net/http"
"time"
"github.com/cyberark/conjur-authn-k8s-client/pkg/log"
)
// NewHTTPSClient Returns https client to communicate with Conjur
func NewHTTPSClient(CACert []byte, certPEMBlock, keyPEMBlock []byte) (*http.Client, error) {
caCertPool := x509.NewCertPool()
ok := caCertPool.AppendCertsFromPEM(CACert)
if !ok {
return nil, log.RecordedError(log.CAKC014)
}
// Setup HTTPS client
tlsConfig := &tls.Config{
RootCAs: caCertPool,
}
if certPEMBlock != nil && keyPEMBlock != nil {
cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
if err != nil {
return nil, log.RecordedError(log.CAKC017, err)
}
tlsConfig.GetClientCertificate = func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
return &cert, nil
}
}
// Doubt this is necessary because there's only one
//tlsConfig.BuildNameToCertificate()
transport := &http.Transport{TLSClientConfig: tlsConfig}
return &http.Client{Transport: transport, Timeout: time.Second * 10}, nil
}