-
Notifications
You must be signed in to change notification settings - Fork 84
/
token_secured_client.go
127 lines (97 loc) · 4 KB
/
token_secured_client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package clients
import (
"context"
"crypto/rsa"
"crypto/tls"
"testing"
"github.com/kyma-incubator/compass/components/connector/pkg/graphql/externalschema"
"github.com/kyma-incubator/compass/tests/pkg/certs"
"github.com/stretchr/testify/require"
"net/http"
gcli "github.com/machinebox/graphql"
"github.com/pkg/errors"
)
const (
TokenHeader = "Connector-Token"
)
type TokenSecuredClient struct {
graphQlClient *gcli.Client
queryProvider queryProvider
}
func NewTokenSecuredClient(endpoint string) *TokenSecuredClient {
httpClient := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
graphQlClient := gcli.NewClient(endpoint, gcli.WithHTTPClient(httpClient))
return &TokenSecuredClient{
graphQlClient: graphQlClient,
queryProvider: queryProvider{},
}
}
func (c *TokenSecuredClient) Configuration(token string, headers ...http.Header) (externalschema.Configuration, error) {
query := c.queryProvider.configuration()
req := gcli.NewRequest(query)
req.Header.Add(TokenHeader, token)
var response certs.ConfigurationResponse
if err := c.graphQlClient.Run(context.Background(), req, &response); err != nil {
return externalschema.Configuration{}, errors.Wrap(err, "failed to get configuration")
}
return response.Result, nil
}
func (c *TokenSecuredClient) SignCSR(csr string, token string, headers ...http.Header) (externalschema.CertificationResult, error) {
query := c.queryProvider.signCSR(csr)
req := gcli.NewRequest(query)
req.Header.Add(TokenHeader, token)
var response certs.CertificationResponse
if err := c.graphQlClient.Run(context.Background(), req, &response); err != nil {
return externalschema.CertificationResult{}, errors.Wrap(err, "Failed to generate certificate")
}
return response.Result, nil
}
func (c *TokenSecuredClient) GenerateAndSignCert(t *testing.T, certConfig externalschema.Configuration) (*externalschema.CertificationResult, *rsa.PrivateKey, error) {
clientKey, err := certs.GenerateKey()
if err != nil {
return nil, nil, err
}
csr := certs.CreateCsr(t, certConfig.CertificateSigningRequestInfo.Subject, clientKey)
if err != nil {
return nil, nil, err
}
certResult, err := c.SignCSR(certs.EncodeBase64(csr), certConfig.Token.Token)
if err != nil {
return nil, nil, err
}
return &certResult, clientKey, nil
}
func GenerateRuntimeCertificate(t *testing.T, token *externalschema.Token, connectorClient *TokenSecuredClient, clientKey *rsa.PrivateKey) (externalschema.CertificationResult, externalschema.Configuration) {
return generateCertificateForToken(t, connectorClient, token.Token, clientKey)
}
func GetConfiguration(t *testing.T, client *CertSecuredGraphQLClient, connectorClient *TokenSecuredClient, appID string) externalschema.Configuration {
token, err := client.GenerateApplicationToken(t, appID)
require.NoError(t, err)
configuration, err := connectorClient.Configuration(token.Token)
require.NoError(t, err)
certs.AssertConfiguration(t, configuration)
return configuration
}
func GenerateApplicationCertificate(t *testing.T, client *CertSecuredGraphQLClient, connectorClient *TokenSecuredClient, appID string, clientKey *rsa.PrivateKey) (externalschema.CertificationResult, externalschema.Configuration) {
token, err := client.GenerateApplicationToken(t, appID)
require.NoError(t, err)
return generateCertificateForToken(t, connectorClient, token.Token, clientKey)
}
func generateCertificateForToken(t *testing.T, connectorClient *TokenSecuredClient, token string, clientKey *rsa.PrivateKey) (externalschema.CertificationResult, externalschema.Configuration) {
configuration, err := connectorClient.Configuration(token)
require.NoError(t, err)
certs.AssertConfiguration(t, configuration)
certToken := configuration.Token.Token
subject := configuration.CertificateSigningRequestInfo.Subject
csr := certs.CreateCsr(t, subject, clientKey)
require.NoError(t, err)
result, err := connectorClient.SignCSR(certs.EncodeBase64(csr), certToken)
require.NoError(t, err)
return result, configuration
}