mirror of
https://github.com/passbolt/go-passbolt-cli.git
synced 2025-05-11 02:28:22 +00:00
44 lines
1 KiB
Go
44 lines
1 KiB
Go
package util
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/spf13/viper"
|
|
)
|
|
|
|
func GetClientCertificate() (tls.Certificate, error) {
|
|
cert := viper.GetString("tlsClientCert")
|
|
certExists := cert != ""
|
|
key := viper.GetString("tlsClientPrivateKey")
|
|
keyExists := key != ""
|
|
if !certExists && !keyExists {
|
|
return tls.Certificate{}, nil
|
|
}
|
|
if certExists && !keyExists {
|
|
return tls.Certificate{}, fmt.Errorf("Client TLS private key is empty, but client TLS cert was set.")
|
|
}
|
|
if !certExists && keyExists {
|
|
return tls.Certificate{}, fmt.Errorf("Client TLS cert is empty, but client TLS private key was set.")
|
|
}
|
|
return tls.X509KeyPair([]byte(cert), []byte(key))
|
|
}
|
|
|
|
func GetHttpClient() (*http.Client, error) {
|
|
tlsSkipVerify := viper.GetBool("tlsSkipVerify")
|
|
cert, err := GetClientCertificate()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
httpClient := http.Client{
|
|
Transport: &http.Transport{
|
|
TLSClientConfig: &tls.Config{
|
|
Certificates: []tls.Certificate{cert},
|
|
InsecureSkipVerify: tlsSkipVerify,
|
|
},
|
|
},
|
|
}
|
|
|
|
return &httpClient, nil
|
|
}
|