forked from cloudfoundry/bosh-bootloader
/
client_provider.go
82 lines (68 loc) · 2 KB
/
client_provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package bosh
import (
"crypto/tls"
"crypto/x509"
"fmt"
"net"
"net/http"
"github.com/cloudfoundry/bosh-bootloader/storage"
"golang.org/x/net/proxy"
)
var proxySOCKS5 func(string, string, *proxy.Auth, proxy.Dialer) (proxy.Dialer, error) = proxy.SOCKS5
type ClientProvider struct {
socks5Proxy socks5Proxy
sshKeyGetter sshKeyGetter
}
type socks5Proxy interface {
Start(string, string) error
Addr() (string, error)
}
func NewClientProvider(socks5Proxy socks5Proxy, sshKeyGetter sshKeyGetter) ClientProvider {
return ClientProvider{
socks5Proxy: socks5Proxy,
sshKeyGetter: sshKeyGetter,
}
}
func (c ClientProvider) Dialer(jumpbox storage.Jumpbox) (proxy.Dialer, error) {
privateKey, err := c.sshKeyGetter.Get("jumpbox")
if err != nil {
return nil, fmt.Errorf("get jumpbox ssh key: %s", err)
}
err = c.socks5Proxy.Start(privateKey, jumpbox.URL)
if err != nil {
return nil, fmt.Errorf("start proxy: %s", err)
}
addr, err := c.socks5Proxy.Addr()
if err != nil {
return nil, fmt.Errorf("get proxy address: %s", err)
}
socks5Dialer, err := proxySOCKS5("tcp", addr, nil, proxy.Direct)
if err != nil {
return nil, fmt.Errorf("create socks5 client: %s", err)
}
return socks5Dialer, nil
}
func (ClientProvider) HTTPClient(dialer proxy.Dialer, directorCACert []byte) *http.Client {
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(directorCACert)
return &http.Client{
Transport: &http.Transport{
Dial: func(network, addr string) (net.Conn, error) {
return dialer.Dial(network, addr)
},
TLSClientConfig: &tls.Config{
RootCAs: pool,
},
},
}
}
func (c ClientProvider) Client(jumpbox storage.Jumpbox, directorAddress, directorUsername, directorPassword, directorCACert string) (Client, error) {
dialer, err := c.Dialer(jumpbox)
if err != nil {
// not tested
return client{}, err
}
httpClient := c.HTTPClient(dialer, []byte(directorCACert))
boshClient := NewClient(httpClient, directorAddress, directorUsername, directorPassword, directorCACert)
return boshClient, nil
}