-
Notifications
You must be signed in to change notification settings - Fork 10
/
httpclient.go
81 lines (74 loc) · 2.27 KB
/
httpclient.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
// SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Cloud Security Client Go contributors
//
// SPDX-License-Identifier: Apache-2.0
package httpclient
import (
"context"
"crypto/tls"
"crypto/x509"
"errors"
"fmt"
"io"
"net/http"
"time"
"github.com/sap/cloud-security-client-go/env"
)
const UserAgent = "go-sec-lib"
// DefaultTLSConfig creates default tls.Config. Initializes SystemCertPool with cert/key from identity config.
//
// identity provides certificate and key
func DefaultTLSConfig(identity env.Identity) (*tls.Config, error) {
if !identity.IsCertificateBased() {
return &tls.Config{
MinVersion: tls.VersionTLS12,
Renegotiation: tls.RenegotiateOnceAsClient,
}, nil
}
certPEMBlock := []byte(identity.GetCertificate())
keyPEMBlock := []byte(identity.GetKey())
tlsCert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
if err != nil {
return nil, fmt.Errorf("error creating x509 key pair for DefaultTLSConfig: %w", err)
}
tlsCertPool, err := x509.SystemCertPool()
if err != nil {
return nil, fmt.Errorf("error setting up cert pool for DefaultTLSConfig: %w", err)
}
ok := tlsCertPool.AppendCertsFromPEM(certPEMBlock)
if !ok {
return nil, errors.New("error adding certs to pool for DefaultTLSConfig")
}
tlsConfig := &tls.Config{
MinVersion: tls.VersionTLS12,
RootCAs: tlsCertPool,
Certificates: []tls.Certificate{tlsCert},
Renegotiation: tls.RenegotiateOnceAsClient,
}
return tlsConfig, nil
}
// DefaultHTTPClient
//
// tlsConfig required in case of cert-based identity config
func DefaultHTTPClient(tlsConfig *tls.Config) *http.Client {
client := &http.Client{
Timeout: time.Second * 10,
}
if tlsConfig != nil {
client.Transport = &http.Transport{
TLSClientConfig: tlsConfig,
MaxIdleConns: 50,
}
}
return client
}
// NewRequestWithUserAgent creates a request and sets the libs custom user agent
// it would be nicer to set this in the default http.client, but
// it's discouraged to manipulate the request in RoundTrip per official documentation
func NewRequestWithUserAgent(ctx context.Context, method, url string, body io.Reader) (*http.Request, error) {
r, err := http.NewRequestWithContext(ctx, method, url, body)
if err != nil {
return nil, err
}
r.Header.Set("User-Agent", UserAgent)
return r, nil
}