TLS support for both RT and Jira

mikkolehtisalo · Dec 28, 2014 · 506355f · 506355f
1 parent f39101d
commit 506355f
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 9 deletions.
diff --git a/jira.json b/jira.json
@@ -1,5 +1,6 @@
 {
     "BaseURL": "http://dev.localdomain:8080",
+    "CAFile": "/opt/cvesync/etc/ca.crt",
     "Username": "admin",
     "Password": "password",
     "Project": "10000",

diff --git a/rt.json b/rt.json
@@ -1,5 +1,6 @@
 {
     "BaseURL": "http://dev.localdomain",
+    "CAFile": "/opt/cvesync/etc/ca.crt",
     "Username": "root",
     "Password": "password",
     "Queue": "3",

diff --git a/tracker/jira.go b/tracker/jira.go
@@ -2,6 +2,8 @@ package tracker
 
 import (
 	"bytes"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -16,6 +18,7 @@ import (
 
 type Jira struct {
 	BaseURL        string
+	CAFile         string
 	Username       string
 	Password       string
 	Project        string
@@ -118,7 +121,7 @@ func (j Jira) Add(e nvd.Entry) (string, error) {
 		return "", err
 	}
 
-	id, err := jira_request("POST", j.BaseURL+"/rest/api/2/issue", j.Username, j.Password, string(json))
+	id, err := jira_request("POST", j.BaseURL+"/rest/api/2/issue", j.CAFile, j.Username, j.Password, string(json))
 	return id, err
 }
 
@@ -134,13 +137,33 @@ func (j Jira) Update(e nvd.Entry, ticketid string) error {
 		return err
 	}
 
-	_, err = jira_request("PUT", j.BaseURL+"/rest/api/2/issue/"+ticketid, j.Username, j.Password, string(json))
+	_, err = jira_request("PUT", j.BaseURL+"/rest/api/2/issue/"+ticketid, j.CAFile, j.Username, j.Password, string(json))
 	return err
 }
 
-func jira_request(reqtype string, path string, username string, password string, jsonstr string) (string, error) {
-	client := &http.Client{}
+func jira_request(reqtype string, path string, cafile string, username string, password string, jsonstr string) (string, error) {
+	var client *http.Client
+	// If https, add CA certificate checking
+	if strings.HasPrefix(path, "https://") {
+		capool := x509.NewCertPool()
+		cacert, err := ioutil.ReadFile(cafile)
+		if err != nil {
+			syslog.Errf("Unable to read CA file: %v", err)
+			return "", err
+		}
+		capool.AppendCertsFromPEM(cacert)
+
+		// Check server certificate
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{RootCAs: capool},
+		}
+
+		client = &http.Client{Transport: tr}
+	} else {
+		client = &http.Client{}
+	}
 
+	// Build request..
 	jsonreader := strings.NewReader(jsonstr)
 	req, err := http.NewRequest(reqtype, path, jsonreader)
 	if err != nil {

diff --git a/tracker/rt.go b/tracker/rt.go
@@ -2,6 +2,8 @@ package tracker
 
 import (
 	"bytes"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -19,6 +21,7 @@ import (
 
 type RT struct {
 	BaseURL        string
+	CAFile         string
 	Username       string
 	Password       string
 	Queue          string
@@ -157,13 +160,30 @@ func (rt RT) Add(e nvd.Entry) (string, error) {
 	// Build the request
 	request := fmt.Sprintf("id: ticket/new\nQueue: %v\nSubject: %v\nPriority: %v\nText:%v\n", ticket.Queue, ticket.Subject, ticket.Priority, ticket.Text)
 
-	id, err := rt_request("POST", rt.BaseURL+"/REST/1.0/ticket/new", jar, request)
+	id, err := rt_request("POST", rt.BaseURL+"/REST/1.0/ticket/new", rt.CAFile, jar, request)
 	return id, err
 }
 
-func rt_request(reqtype string, path string, jar *cookiejar.Jar, ticket string) (string, error) {
-	client := &http.Client{
-		Jar: jar,
+func rt_request(reqtype string, path string, cafile string, jar *cookiejar.Jar, ticket string) (string, error) {
+	var client *http.Client
+	// If https, add CA certificate checking
+	if strings.HasPrefix(path, "https://") {
+		capool := x509.NewCertPool()
+		cacert, err := ioutil.ReadFile(cafile)
+		if err != nil {
+			syslog.Errf("Unable to read CA file: %v", err)
+			return "", err
+		}
+		capool.AppendCertsFromPEM(cacert)
+
+		// Check server certificate
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{RootCAs: capool},
+		}
+
+		client = &http.Client{Transport: tr, Jar: jar}
+	} else {
+		client = &http.Client{Jar: jar}
 	}
 
 	data := url.Values{}
@@ -233,6 +253,6 @@ func (rt RT) Update(e nvd.Entry, ticketid string) error {
 	// Build the request
 	request := fmt.Sprintf("Queue: %v\nSubject: %v\nPriority: %v\nText:%v\n", ticket.Queue, ticket.Subject, ticket.Priority, ticket.Text)
 
-	_, err = rt_request("POST", rt.BaseURL+"/REST/1.0/ticket/"+ticketid+"/edit", jar, request)
+	_, err = rt_request("POST", rt.BaseURL+"/REST/1.0/ticket/"+ticketid+"/edit", rt.CAFile, jar, request)
 	return err
 }