Skip to content

Commit 43b1b8b

Browse files
BRUHItsABunnyBRUHItsABunny
committed
feat: add tls options
1 parent 0f2c797 commit 43b1b8b

File tree

2 files changed

+179
-24
lines changed

2 files changed

+179
-24
lines changed

client/opt_disable_tls_verification.go

-24
This file was deleted.

client/opt_tls_config.go

+179
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,179 @@
1+
package gokhttp_client
2+
3+
import (
4+
"crypto/tls"
5+
"crypto/x509"
6+
"errors"
7+
"fmt"
8+
"io"
9+
"net/http"
10+
"os"
11+
"time"
12+
13+
"golang.org/x/net/http2"
14+
)
15+
16+
type TLSConfigOption interface {
17+
Execute(client *http.Client) error
18+
ExecuteTLSConfig(config *tls.Config) error
19+
}
20+
21+
func executeTLSConfig(hClient *http.Client, tlsConfigOpt TLSConfigOption) error {
22+
typedH1Trans, ok := hClient.Transport.(*http.Transport)
23+
if ok {
24+
if typedH1Trans.TLSClientConfig == nil {
25+
typedH1Trans.TLSClientConfig = &tls.Config{}
26+
}
27+
err := tlsConfigOpt.ExecuteTLSConfig(typedH1Trans.TLSClientConfig)
28+
if err != nil {
29+
return err
30+
}
31+
}
32+
typedH2Trans, ok := hClient.Transport.(*http2.Transport)
33+
if ok {
34+
if typedH2Trans.TLSClientConfig == nil {
35+
typedH2Trans.TLSClientConfig = &tls.Config{}
36+
}
37+
err := tlsConfigOpt.ExecuteTLSConfig(typedH2Trans.TLSClientConfig)
38+
if err != nil {
39+
return err
40+
}
41+
}
42+
return nil
43+
}
44+
45+
type RawTLSConfigOption struct {
46+
Config *tls.Config
47+
}
48+
49+
func (opt *RawTLSConfigOption) Execute(client *http.Client) error {
50+
typedH1Trans, ok := client.Transport.(*http.Transport)
51+
if ok {
52+
typedH1Trans.TLSClientConfig = opt.Config
53+
}
54+
typedH2Trans, ok := client.Transport.(*http2.Transport)
55+
if ok {
56+
typedH2Trans.TLSClientConfig = opt.Config
57+
}
58+
return nil
59+
}
60+
61+
func (opt *RawTLSConfigOption) ExecuteTLSConfig(config *tls.Config) error {
62+
config = opt.Config
63+
return nil
64+
}
65+
66+
func NewRawTLSConfigOption(config *tls.Config) *RawTLSConfigOption {
67+
return &RawTLSConfigOption{Config: config}
68+
}
69+
70+
type DisableTLSVerificationOption struct{}
71+
72+
func (opt *DisableTLSVerificationOption) Execute(client *http.Client) error {
73+
return executeTLSConfig(client, opt)
74+
}
75+
76+
func (opt *DisableTLSVerificationOption) ExecuteTLSConfig(config *tls.Config) error {
77+
config.InsecureSkipVerify = true
78+
return nil
79+
}
80+
81+
func NewDisableTLSVerificationOption() *DisableTLSVerificationOption {
82+
return &DisableTLSVerificationOption{}
83+
}
84+
85+
type MTLSOption struct {
86+
CAs *x509.CertPool
87+
Certificates []tls.Certificate
88+
}
89+
90+
func (opt *MTLSOption) Execute(client *http.Client) error {
91+
return executeTLSConfig(client, opt)
92+
}
93+
94+
func (opt *MTLSOption) ExecuteTLSConfig(config *tls.Config) error {
95+
config.Certificates = opt.Certificates
96+
config.RootCAs = opt.CAs
97+
return nil
98+
}
99+
100+
func (opt *MTLSOption) AddCAFromCert(ca *x509.Certificate) error {
101+
opt.CAs.AddCert(ca)
102+
return nil
103+
}
104+
105+
func (opt *MTLSOption) AddCAFromPEM(pemCerts []byte) error {
106+
ok := opt.CAs.AppendCertsFromPEM(pemCerts)
107+
if !ok {
108+
return errors.New("failed to add ca from pem")
109+
}
110+
return nil
111+
}
112+
113+
func (opt *MTLSOption) AddCAFromFile(caPath string) error {
114+
caCert, err := os.ReadFile(caPath)
115+
if err != nil {
116+
return errors.New("failed to read ca")
117+
}
118+
119+
ok := opt.CAs.AppendCertsFromPEM(caCert)
120+
if !ok {
121+
return errors.New("failed to add ca from pem")
122+
}
123+
return nil
124+
}
125+
126+
func (opt *MTLSOption) AddClientCertFromCert(cert tls.Certificate) error {
127+
opt.Certificates = append(opt.Certificates, cert)
128+
return nil
129+
}
130+
131+
func (opt *MTLSOption) AddClientCertFromPEM(certPEMBlock, keyPEMBlock []byte) error {
132+
clientCert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
133+
if err != nil {
134+
return errors.New("failed to add client certificate from pem")
135+
}
136+
opt.Certificates = append(opt.Certificates, clientCert)
137+
return nil
138+
}
139+
140+
func (opt *MTLSOption) AddClientCertFromFile(clientCertPath, clientKeyPath string) error {
141+
clientCert, err := tls.LoadX509KeyPair(clientCertPath, clientKeyPath)
142+
if err != nil {
143+
return errors.New("failed to add client certificate from path")
144+
}
145+
opt.Certificates = append(opt.Certificates, clientCert)
146+
return nil
147+
}
148+
149+
func NewMTLSOption(caPool *x509.CertPool, certificates []tls.Certificate) *MTLSOption {
150+
return &MTLSOption{CAs: caPool, Certificates: certificates}
151+
}
152+
153+
type TLSKeyLoggingOption struct {
154+
Destination io.Writer
155+
}
156+
157+
func (opt *TLSKeyLoggingOption) Execute(client *http.Client) error {
158+
return executeTLSConfig(client, opt)
159+
}
160+
161+
func (opt *TLSKeyLoggingOption) ExecuteTLSConfig(config *tls.Config) error {
162+
config.KeyLogWriter = opt.Destination
163+
return nil
164+
}
165+
166+
func NewTLSKeyLoggingOption(writer io.Writer) *TLSKeyLoggingOption {
167+
return &TLSKeyLoggingOption{Destination: writer}
168+
}
169+
170+
func NewTLSKeyLoggingOptionToFile(path string) (*TLSKeyLoggingOption, error) {
171+
if path == "" {
172+
path = fmt.Sprintf("gokhttp_keys_%d.log", time.Now().Unix())
173+
}
174+
writer, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0666)
175+
if err != nil {
176+
return nil, fmt.Errorf("os.OpenFile: %w", err)
177+
}
178+
return &TLSKeyLoggingOption{Destination: writer}, nil
179+
}

0 commit comments

Comments
 (0)