add config support for client key and cert
This commit is contained in:
Mothiki
parent
beb8edc35f
commit
4b1150c3f3
6 changed files with 94 additions and 25 deletions
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDBzCCAe+gAwIBAgIJAMGwBqbVVuf2MA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
|
||||
BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNzEyMDgxODA5MDVaFw0yNzEyMDYxODA5
|
||||
MDVaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBALnspH4XEd++6VoBuayG3MsO/8bx4Jcb65mdLhGNZlNw
|
||||
/SrItomPwouFgaUNucbKEiYQyUyvPPePUgyre3FgSGO4vYUauyBrfoplUJLBXd0U
|
||||
r7NYgOEGo6H48jm2xEFGMNk6Cr31shDPk8sl/JuEb4Y2k3+UazVdKzMQ4AY9hZIu
|
||||
xZf3F2R9Xj7PhYE2CEW3wQl4o2zIosmiTH9isR7qPCnrio0RLpTDkx+yTEXvTWDB
|
||||
pOWNb3Kro8cAVXeC/vuRUk8qSYvXJJlCrN6D8dREVQ8W53tQ+EaOKQWaUxm10RM+
|
||||
Z/Bcgj0XYpl/idcTgUDhKdr9CqI7XOAx65H7H5gNa4kCAwEAAaNQME4wHQYDVR0O
|
||||
BBYEFJStrdJ/3t0MqwTOu6MqIAUpC0LQMB8GA1UdIwQYMBaAFJStrdJ/3t0MqwTO
|
||||
u6MqIAUpC0LQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAIJ8dkgg
|
||||
ljxOI9tUrLQ0wvD03pHKLntZy20Wjq5OBBj5sUbf6d/ufSv9K/MOMdT9mQzLBKG4
|
||||
OKstt93fOtrQLW8hA5llut0Rwa9g48l4KYQ8Ewa+vUIsoBiLPkbPpvX6chZG+HyJ
|
||||
v5b3fmBGBW0hwjLpfjHCSDavNqdAvoW527r75klBmBqiY8ErIa7UemHkDI0Nf/86
|
||||
CtWAEu/4bf7TMqKDvoXT5glkefjD2CZe0326UtQ0TJ/pXZvHOBzOVR1dzmBIVq9a
|
||||
b66CuO98jjWE/yDy7nfoFj7l93hxTpCnsJd9Q/utGg05wDqg90W9716OzMKRpGlH
|
||||
OWUrUgv5a+4mM3I=
|
||||
-----END CERTIFICATE-----
|
||||
22
examples/certs/client.cert
Normal file
22
examples/certs/client.cert
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDrTCCApWgAwIBAgIJAM+bKx50CY9JMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
|
||||
BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE
|
||||
CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MQowCAYD
|
||||
VQQDDAEqMB4XDTE3MTIwODIwNTMwMVoXDTI3MTIwNjIwNTMwMVowbTELMAkGA1UE
|
||||
BhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRgwFgYDVQQK
|
||||
DA9HbG9iYWwgU2VjdXJpdHkxFjAUBgNVBAsMDUlUIERlcGFydG1lbnQxCjAIBgNV
|
||||
BAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhdN0KH80BF3Dk
|
||||
RQqAARcf7F87uNhQM05HXK8ffpESvKhzrO9BHuDZ0yS3il0BK9XpTyTtHSLIbphk
|
||||
rO3BOsmPj0zhaM20LsPtwy8GmMCym3hVNSYYyP5XCdjA3uZIYq2R8ruk+vZTe4Zr
|
||||
F8GHV/xGYU4zKPMGzsQbICjZhj0yiYF9UQ2J+xw79nsqPTmo8+EdVuunLz39dt2o
|
||||
SbDA01g/kPTIg9K2CAUH0mm4zegiqytwpn2JKVoemmgrDYECWnhLprWlvN9t/fX9
|
||||
IgprDAHN1BsMrzfmfQXZpVmbIlTriVSdYVeTwG8rT7Tg8soIHqBrnJ1ykTpY4VrO
|
||||
6tc2z4kTAgMBAAGjUDBOMB0GA1UdDgQWBBSLvwax1Zd6ZiE7TjRklWYNPwgZ2zAf
|
||||
BgNVHSMEGDAWgBSLvwax1Zd6ZiE7TjRklWYNPwgZ2zAMBgNVHRMEBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQCJY/EJxlyiSrnO82QcsWm9cT/ciU/G7Y4vX/tGs74C
|
||||
tNxuBpc0vMfW4a9u6tmi3cW3EXD/KRvPwKZXxzTOhoQY9ZpbZLZ6VvCQ+aWQaXWT
|
||||
664IS/mrEUZ/p3pgqTNtifdpPAZqVqNdS+Od8/B3/nWUn6JBkDZ4WaFQgfsSulxK
|
||||
yzYN6UbwhLHfQUupFFhPfvYIVLH9ErGzcv5ZCHX9FornCc0W/8hL4EdjmpTW2ML2
|
||||
hM5aTKynMiR1GuGSdSpJ+BOeiUI7Go1jGwjV+H9Pw/kfmooq2wuuUGti5dr0Qq7h
|
||||
CQx1a14BmDBwGoMIOdjFATRwnami5e188fAJozL++i+s
|
||||
-----END CERTIFICATE-----
|
||||
28
examples/certs/client.key
Normal file
28
examples/certs/client.key
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDhdN0KH80BF3Dk
|
||||
RQqAARcf7F87uNhQM05HXK8ffpESvKhzrO9BHuDZ0yS3il0BK9XpTyTtHSLIbphk
|
||||
rO3BOsmPj0zhaM20LsPtwy8GmMCym3hVNSYYyP5XCdjA3uZIYq2R8ruk+vZTe4Zr
|
||||
F8GHV/xGYU4zKPMGzsQbICjZhj0yiYF9UQ2J+xw79nsqPTmo8+EdVuunLz39dt2o
|
||||
SbDA01g/kPTIg9K2CAUH0mm4zegiqytwpn2JKVoemmgrDYECWnhLprWlvN9t/fX9
|
||||
IgprDAHN1BsMrzfmfQXZpVmbIlTriVSdYVeTwG8rT7Tg8soIHqBrnJ1ykTpY4VrO
|
||||
6tc2z4kTAgMBAAECggEBAMZL7SY8dikhnu+HMgcH7njrg4+ZsthHZ/AoOvcucRbT
|
||||
zC2ByyWxrP6pUUAFeGvRTGHadJYA7FjxvSO/XZZ4yFN2LJ6NeW+jOjzjUXcx3zq4
|
||||
t4vqJUnjbqDLTlPFOTItaJBXuGcRPJqMqNuEl3kdEAwvBYLF34r7TUy2and4NFc/
|
||||
JziGljkiucoNBk62TCDrffnvxMJXht+ab6PMWO87PzMVs4xUFPe0ezv4O54btUcV
|
||||
EJsU58013EHeCai8AnxjcIPlMlB+lg4Y3C4VXf0mJ//cBvbCp+kyWybMw/e+e222
|
||||
xq/98vnCOIqcy4u+9ENPLJQe7hXZ3Sqh38kf0GuOh8ECgYEA+VFvuuBP0OQHTxeE
|
||||
dUizR3Iz/xkeGDUZ/8Ix4TCUmRRuhEXrV7ShwUmuanO3pNhChW6hXZ6qj/yuhfOC
|
||||
D4V4upEnJDccz/cbH1PdBsfALhC8/C0WSGvnEWZMw/SggmY4KwReqWwN9aA8qjdq
|
||||
kFTOJc2Js+dCHP9kn9J3U16A+oMCgYEA53+2lhckAI8bsrbCayWRZAVx7hUNPijt
|
||||
MQvH+PCJ3QeZ0z801zk+4ny5WQ1BT0vRzwj8an4Byi2ZuTQU//N4oawDK0JVYi7q
|
||||
rjKX/AhAx/puoGAgqiS1nDmuiUiplW06HqayCFbpJ1CoXz8+MwdRXiJ8dgioafVJ
|
||||
+7wHZDVmMjECgYEAoULxd/ia58x2hcv6Wzo469+MjlYaxyGhvXJIfRXFJ/a1PU1U
|
||||
Whh1/+W+sRBEGpXfARt7uGhmfle8Mtw8pfl5C4PTw3L6afG1U2AVOMt/HMyq0JoB
|
||||
LbrNbM20nZLfNzkS35AmAoPny5ZnZtoNTWntJTp69SiB9OuklFO35u7bki0CgYAL
|
||||
qQYkVzQMBylI/iWaygChvhh3+n15RQx1bPd8lXkMNgbMeiGKOaruM4QOdTl16ga+
|
||||
W+CC6KfkbBmTF4l7PuMzmXtrYWL1mBFgBtJa8nt41yddUpoyl7jCDrG43n0UNrU3
|
||||
uAO9ocsKnOhuK7xRS6wQhsIoG9WHyMAaOuVQadQk8QKBgQDVibcvOPXNcF1aRMG7
|
||||
V24nBb+YYz+00g/cLRkDnBX9/HORle0HSfeT70ctRhuFCoHHbHF4fnp/iAwDgxdB
|
||||
dNufthftTZTtFGITUsJDN36fSXNjEvKzmKEAlEYkGAYijLlDwknPB+bf4NQ6T0R+
|
||||
AtnKQY6G4kFSfw9AKgWGy7ZKfg==
|
||||
-----END PRIVATE KEY-----
|
||||
18
examples/certs/server.crt
Normal file
18
examples/certs/server.crt
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIC6zCCAdOgAwIBAgIJAMgY8gND5lFnMA0GCSqGSIb3DQEBCwUAMAwxCjAIBgNV
|
||||
BAMMASowHhcNMTcxMjA4MjA1MTQyWhcNMjcxMjA2MjA1MTQyWjAMMQowCAYDVQQD
|
||||
DAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKcyyXg90wen25yh
|
||||
QA17MDyzjzBsIL9+kznzRD1azoNqA3RShAAWXn5a81HeWvncpVL+TKPMU3UC02XT
|
||||
I6GtX1U7xmdKstBLKiHQxGWX04DshSrVgcVzLUI6OHBG6feoL1mGAa8jB2UEE6ER
|
||||
uXdgYgKbLUrvduSn4fBvPIhhXg9YL2n2TVujkaY9bPZ9M5tQ5K+g4wRwCAYgjTUN
|
||||
55J82uzAsLCs+AQi9D4bLJmw0z2H7enRLkd9sRE2pArhXm4LLg/QlL8I5ZHv7vfl
|
||||
RYdOoC3bjgKk+OVOmb2Fb/dWVlOMcnO8qeo9WyQbhAcjNK2W9Tqk5E5orGZ/bkw/
|
||||
iZc0MwIDAQABo1AwTjAdBgNVHQ4EFgQUA0xmNKQqxUQgaM9ceCzFyocn9jswHwYD
|
||||
VR0jBBgwFoAUA0xmNKQqxUQgaM9ceCzFyocn9jswDAYDVR0TBAUwAwEB/zANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEAnL7VvBTcFyLeNeuTAWmM0bjlwWsuL9Va2LZitnATgzE7
|
||||
ACS+ZNURnpK/o3UHGc2ePDCFgPsF2mnh4Jmye2tl5uPxQS2zR96hp16ZGVi9N1gx
|
||||
4aQyknKt6UFRP/cvWwgDN5N3pnRZQ7J0kaAWCPtAIldeGK7UDjOJ1DLDVLeByr7x
|
||||
27TCt69ysisTtz6Tzr5vvVDEtu2yNIf/uGk3od+pe/0E1UXVCTItvwM30wvfcTPU
|
||||
aMZXBYNmSrjnJ4k/9FSjZYNKPtK1c/JR+zUng1h+I3b7itY5VBGdzdq9fEk20PHm
|
||||
Xdg1Ptbebtl6PJqWX+rydXuen6SUt8vFJE89MkbWSw==
|
||||
-----END CERTIFICATE-----
|
||||
30
realis.go
30
realis.go
|
|
@ -86,6 +86,7 @@ type RealisConfig struct {
|
|||
logger Logger
|
||||
InsecureSkipVerify bool
|
||||
certspath string
|
||||
clientkey, clientcert string
|
||||
}
|
||||
|
||||
type Backoff struct {
|
||||
|
|
@ -172,6 +173,12 @@ func Certspath(certspath string) ClientOption {
|
|||
}
|
||||
}
|
||||
|
||||
func ClientCerts(clientKey, clientCert string) ClientOption {
|
||||
return func(config *RealisConfig) {
|
||||
config.clientkey, config.clientcert = clientKey, clientCert
|
||||
}
|
||||
}
|
||||
|
||||
// Using the word set to avoid name collision with Interface
|
||||
func SetLogger(l Logger) ClientOption {
|
||||
return func(config *RealisConfig) {
|
||||
|
|
@ -324,18 +331,32 @@ func defaultTTransport(urlstr string, timeoutms int, config *RealisConfig) (thri
|
|||
}
|
||||
var transport http.Transport
|
||||
if config != nil {
|
||||
tlsConfig:= &tls.Config{}
|
||||
tlsConfig := &tls.Config{}
|
||||
if config.InsecureSkipVerify {
|
||||
tlsConfig.InsecureSkipVerify = true
|
||||
}
|
||||
if config.certspath != "" {
|
||||
rootCAs, err := Getcerts(config.certspath)
|
||||
rootCAs, err := Getcerts("examples/certs")
|
||||
if err != nil {
|
||||
fmt.Println("error occured couldn't fetch certs")
|
||||
config.logger.Println("error occured couldn't fetch certs")
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig.RootCAs = rootCAs
|
||||
}
|
||||
if config.clientkey != "" && config.clientcert == "" {
|
||||
return nil, fmt.Errorf("have to provide both client key,cert. Only client key provided ")
|
||||
}
|
||||
if config.clientkey == "" && config.clientcert != "" {
|
||||
return nil, fmt.Errorf("have to provide both client key,cert. Only client cert provided ")
|
||||
}
|
||||
if config.clientkey != "" && config.clientcert != "" {
|
||||
cert, err := tls.LoadX509KeyPair(config.clientcert, config.clientkey)
|
||||
if err != nil {
|
||||
config.logger.Println("error occured loading client certs and keys")
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||
}
|
||||
transport.TLSClientConfig = tlsConfig
|
||||
}
|
||||
|
||||
|
|
@ -417,7 +438,7 @@ func (r *realisClient) ReestablishConn() error {
|
|||
//Re-establish using cluster object.
|
||||
url, err = LeaderFromZK(*r.config.cluster)
|
||||
if err != nil {
|
||||
fmt.Errorf("LeaderFromZK error: %+v\n ", err)
|
||||
r.config.logger.Println("LeaderFromZK error: %+v\n ", err)
|
||||
}
|
||||
r.logger.Println("ReestablishConn url: ", url)
|
||||
if r.config.jsonTransport {
|
||||
|
|
@ -898,7 +919,6 @@ func (r *realisClient) GetTaskStatus(query *aurora.TaskQuery) (tasks []*aurora.S
|
|||
|
||||
retryErr := ExponentialBackoff(*r.config.backoff, func() (bool, error) {
|
||||
resp, clientErr = CheckAndRetryConn(r, func() (*aurora.Response, error) {
|
||||
fmt.Println(clientErr)
|
||||
return r.client.GetTasksStatus(query)
|
||||
})
|
||||
if clientErr != nil && clientErr.Error() == RetryConnErr.Error() {
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ func TestLeaderFromZK(t *testing.T) {
|
|||
func TestGetCacerts(t *testing.T) {
|
||||
certs, err := realis.Getcerts("./examples/certs")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, len(certs.Subjects()), 1)
|
||||
assert.Equal(t, len(certs.Subjects()), 2)
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue