func configureTransport(t1 *http.Transport) error { connPool := new(clientConnPool) t2 := &Transport{ConnPool: noDialClientConnPool{connPool}} if err := registerHTTPSProtocol(t1, noDialH2RoundTripper{t2}); err != nil { return err } if t1.TLSClientConfig == nil { t1.TLSClientConfig = new(tls.Config) } if !strSliceContains(t1.TLSClientConfig.NextProtos, "h2") { t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...) } upgradeFn := func(authority string, c *tls.Conn) http.RoundTripper { cc, err := t2.NewClientConn(c) if err != nil { c.Close() return erringRoundTripper{err} } connPool.addConn(authorityAddr(authority), cc) return t2 } if m := t1.TLSNextProto; len(m) == 0 { t1.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{ "h2": upgradeFn, } } else { m["h2"] = upgradeFn } return nil }
func (auth *Auth) NewClient() *http.Client { var client *http.Client var transport *http.Transport if auth.Settings["insecure"] != "" || auth.Settings["proxy_host"] != "" { transport = &http.Transport{} } if auth.Settings["insecure"] != "" { //FIXME os.Setenv("HTTP_PROXY", "http://127.0.0.1:10004") os.Setenv("NO_PROXY", "") var config *tls.Config = &tls.Config{ InsecureSkipVerify: true, } transport.TLSClientConfig = config } if auth.Settings["proxy_host"] != "" { turl, _ := url.Parse("http://" + auth.Settings["proxy_host"] + ":" + auth.Settings["proxy_port"]) transport.Proxy = http.ProxyURL(turl) } if auth.Settings["insecure"] != "" || auth.Settings["proxy_host"] != "" { client = &http.Client{ Jar: auth.CookieJar, Transport: transport, } } else { client = &http.Client{ Jar: auth.CookieJar, } } return client }
// Creates a new HTTP connection pool using the given address and pool parameters. // // 'addr' is a net.Dial()-style 'host:port' destination for making the TCP connection for // HTTP/HTTPS traffic. It will be used as the hostname by default for virtual hosting // and SSL certificate validation; if you'd like to use a different hostname, // set params.HostHeader. func NewSimplePool(addr string, params ConnectionParams) *SimplePool { pool := &SimplePool{ addr: addr, params: params, client: new(http.Client), } // setup HTTP transport transport := new(http.Transport) transport.ResponseHeaderTimeout = params.ResponseTimeout transport.MaxIdleConnsPerHost = params.MaxIdle transport.Proxy = http.ProxyFromEnvironment if params.Dial == nil { // dialTimeout could only be used in none proxy requests since it talks directly // to pool.addr if getenvEitherCase("HTTP_PROXY") == "" { transport.Dial = pool.dialTimeout } } else { transport.Dial = params.Dial } pool.transport = transport pool.client.Transport = transport if params.UseSSL && params.SkipVerifySSL { transport.TLSClientConfig = &tls.Config{ InsecureSkipVerify: true, } } return pool }
// Creates a new Client with the provided options. func New(o Options) (*Client, error) { if len(o.Endpoints) == 0 { return nil, missingEtcdEndpoint } if o.Timeout == 0 { o.Timeout = defaultTimeout } httpClient := &http.Client{Timeout: o.Timeout} if o.Insecure { var transport *http.Transport if dt, ok := http.DefaultTransport.(*http.Transport); ok { dtc := *dt transport = &dtc } else { transport = &http.Transport{ Proxy: http.ProxyFromEnvironment, Dial: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second}).Dial, TLSHandshakeTimeout: 10 * time.Second} } transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} httpClient.Transport = transport } return &Client{ endpoints: o.Endpoints, routesRoot: o.Prefix + routesPath, client: httpClient, etcdIndex: 0}, nil }
func main() { transport := new(http.Transport) transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} client := new(http.Client) client.Transport = transport url := "https://10.80.65.70:9443/rest/agent/1a5dc1ef-f0e6-4aad-839a-a7880d539e8d" req, err := http.NewRequest("GET", url, nil) if err != nil { panic(err) } creds := convertCredentials("admin", "admin") req.Header.Add("Authorization", "Basic "+creds) resp, err := client.Do(req) if err != nil { panic(err) } fmt.Println(resp) }
func main() { flag.Parse() if *port == 0 { xport, err := strconv.Atoi(os.Getenv("PORT")) if err != nil { fmt.Println("Please specify the HTTP port (either flag or environment)") os.Exit(1) } *port = xport } if flag.NArg() < 1 { fmt.Println("Specify remote URL on the command line") os.Exit(1) } remote, err := url.Parse(flag.Arg(0)) if err != nil { fmt.Println("error parsing remote URL", err) os.Exit(1) } transport := new(http.Transport) switch remote.Scheme { case "http": if *ca != "" { log.Println("ignoring ca flag for non-https remote") } case "https": if *ca != "" { pool := x509.NewCertPool() data, err := ioutil.ReadFile(*ca) if err != nil { log.Fatal(err) os.Exit(1) } pool.AppendCertsFromPEM(data) tlsconfig := new(tls.Config) tlsconfig.RootCAs = pool transport.TLSClientConfig = tlsconfig } default: fmt.Println("unsupported remote scheme:", remote.Scheme) os.Exit(1) } rp := &ReverseProxy{ remote, transport, } log.Fatal(http.ListenAndServe( fmt.Sprintf(":%v", *port), rp)) }
func NewClient(e *Env, config *ClientConfig, needCookie bool) *Client { var jar *cookiejar.Jar if needCookie && (config == nil || config.UseCookies) && e.GetTorMode().UseCookies() { jar, _ = cookiejar.New(nil) } var timeout time.Duration // from http.DefaultTransport; // // TODO: change this back (see comment below) to allow // shared Transport after we switch to go1.7 xprt := http.Transport{ Proxy: http.ProxyFromEnvironment, Dial: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, }).Dial, TLSHandshakeTimeout: 10 * time.Second, ExpectContinueTimeout: 1 * time.Second, } // This disables HTTP/2. There's a bug introduced between (go1.6, go1.6.3] // that makes client.Get hang on certain HTTP/2 servers. See CORE-3441 for // details. // // TODO: remove this after the bug is fixed. xprt.TLSNextProto = make( map[string]func(authority string, c *tls.Conn) http.RoundTripper) if (config != nil && config.RootCAs != nil) || e.GetTorMode().Enabled() { if config != nil && config.RootCAs != nil { xprt.TLSClientConfig = &tls.Config{RootCAs: config.RootCAs} } if e.GetTorMode().Enabled() { dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, e.GetTorProxy()) xprt.Dial = dialSocksProxy } else { xprt.Proxy = http.ProxyFromEnvironment } } if config == nil || config.Timeout == 0 { timeout = HTTPDefaultTimeout } else { timeout = config.Timeout } ret := &Client{ cli: &http.Client{Timeout: timeout}, config: config, } if jar != nil { ret.cli.Jar = jar } ret.cli.Transport = &xprt return ret }
// newRawClient creates an http package Client taking into account both the parameters and package // variables. func newRawClient(noredirect bool) *http.Client { tr := http.Transport{ResponseHeaderTimeout: ResponseHeaderTimeout, Proxy: http.ProxyFromEnvironment} tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: NoCertCheck} c := http.Client{Transport: &tr} if noredirect { c.CheckRedirect = func(*http.Request, []*http.Request) error { return fmt.Errorf(noRedirectError) } } return &c }
func main() { transport := new(http.Transport) transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} client := new(http.Client) client.Transport = transport url := "https://10.80.65.70:9443/rest/agent/1a5dc1ef-f0e6-4aad-839a-a7880d539e8d/log/9429c03e-a07a-48ef-8a74-a4c2ace992a2" req, err := http.NewRequest("GET", url, nil) if err != nil { panic(err) } creds := convertCredentials("admin", "admin") req.Header.Add("Authorization", "Basic "+creds) resp, err := client.Do(req) if err != nil { panic(err) } // bytes, err := ioutil.ReadAll(resp.Body) // if err != nil { // panic(err) // } //temp := resp.Header["Content-Disposition"] //temp2 := string.Fields("[attachment; filename=") //temp2 := strings.Trim(temp, "[attachment; filename=") //fmt.Println(temp2) //fmt.Println(bytes) //var result map[string]interface{} //err = json.Unmarshal(bytes, &result) //if err != nil { // panic(err) // } // fmt.Println(result) /* defer resp.Body.Close() out, err := os.Create("filename.tar.gz") if err != nil { panic(err) } defer out.Close() io.Copy(out, resp.Body) fmt.Println(out) */ }
// New creates a new JSON-RPC over HTTPS client which uses the given // certificate file to communicate with the server if the scheme of the URL is // https. func New(URL string, cert []byte) (*URLClient, error) { var pool *x509.CertPool transport := new(http.Transport) urlparsed, err := url.Parse(URL) if err != nil { return nil, err } if urlparsed.Scheme == "https" { pool = x509.NewCertPool() if !pool.AppendCertsFromPEM(cert) { return nil, ErrCertLoad } transport.TLSClientConfig = &tls.Config{RootCAs: pool} } return &URLClient{transport: transport, curl: URL}, nil }
// Creates a new HTTP connection pool using the given address and pool parameters. // // 'addr' is a net.Dial()-style 'host:port' destination for making the TCP connection for // HTTP/HTTPS traffic. It will be used as the hostname by default for virtual hosting // and SSL certificate validation; if you'd like to use a different hostname, // set params.HostHeader. func NewSimplePool(addr string, params ConnectionParams) *SimplePool { pool := &SimplePool{ addr: addr, params: params, client: new(http.Client), } // It's desirable to enforce the timeout at the client-level since it // includes the connection time, redirects and the time to finish reading // the full response. Unlike ResponseHeaderTimeout supported by // `http.Transport` which merely accounts for the timeout to receive the // first response header byte. It ignores the time to send the request or // the time to read the full response. pool.client.Timeout = params.ResponseTimeout // setup HTTP transport transport := new(http.Transport) transport.ResponseHeaderTimeout = params.ResponseTimeout transport.MaxIdleConnsPerHost = params.MaxIdle if params.Proxy != nil { transport.Proxy = params.Proxy } else { transport.Proxy = http.ProxyFromEnvironment } if params.Dial == nil { // dialTimeout could only be used in none proxy requests since it talks directly // to pool.addr if getenvEitherCase("HTTP_PROXY") == "" && params.Proxy == nil { transport.Dial = pool.dialTimeout } } else { transport.Dial = params.Dial } pool.transport = transport pool.client.Transport = transport if params.UseSSL && params.SkipVerifySSL { transport.TLSClientConfig = &tls.Config{ InsecureSkipVerify: true, } } return pool }
func configureTransport(t1 *http.Transport) (*Transport, error) { connPool := new(clientConnPool) t2 := &Transport{ ConnPool: noDialClientConnPool{connPool}, t1: t1, } connPool.t = t2 if err := registerHTTPSProtocol(t1, noDialH2RoundTripper{t2}); err != nil { return nil, err } if t1.TLSClientConfig == nil { t1.TLSClientConfig = new(tls.Config) } if !strSliceContains(t1.TLSClientConfig.NextProtos, "h2") { t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...) } if !strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") { t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1") } upgradeFn := func(authority string, c *tls.Conn) http.RoundTripper { addr := authorityAddr(authority) if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil { go c.Close() return erringRoundTripper{err} } else if !used { // Turns out we don't need this c. // For example, two goroutines made requests to the same host // at the same time, both kicking off TCP dials. (since protocol // was unknown) go c.Close() } return t2 } if m := t1.TLSNextProto; len(m) == 0 { t1.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{ "h2": upgradeFn, } } else { m["h2"] = upgradeFn } return t2, nil }
func (c *HttpsTaobaoClient) Excute(request TaobaoRequest, response interface{}, accessToken string) ([]byte, error) { request.Set(METHOD, request.GetApiMethodName()) request.Set(FORMAT, c.Format) request.Set(VERSION, c.Version) request.Set("access_token", accessToken) body := strings.NewReader(request.GetValues().Encode()) req, err := http.NewRequest("POST", c.ServerUrl, body) if err != nil { return nil, err } req.Header.Set("Content-Type", "application/x-www-form-urlencoded") //必须 transport := new(http.Transport) transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: false} client := new(http.Client) client.Transport = transport return clientDo(client, req, response) }
func NewClient(e *Env, config *ClientConfig, needCookie bool) *Client { var jar *cookiejar.Jar if needCookie && (config == nil || config.UseCookies) && e.GetTorMode().UseCookies() { jar, _ = cookiejar.New(nil) } var xprt *http.Transport var timeout time.Duration if (config != nil && config.RootCAs != nil) || e.GetTorMode().Enabled() { xprt = &http.Transport{} if config != nil && config.RootCAs != nil { xprt.TLSClientConfig = &tls.Config{RootCAs: config.RootCAs} } if e.GetTorMode().Enabled() { dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, e.GetTorProxy()) xprt.Dial = dialSocksProxy } else { xprt.Proxy = http.ProxyFromEnvironment } } if config == nil || config.Timeout == 0 { timeout = HTTPDefaultTimeout } else { timeout = config.Timeout } ret := &Client{ cli: &http.Client{Timeout: timeout}, config: config, } if jar != nil { ret.cli.Jar = jar } if xprt != nil { ret.cli.Transport = xprt } return ret }
// ConfigureTransport configures the http client transport (ssl, proxy) func ConfigureTransport(insecure bool, clientCertFile string, clientKeyFile string, caCerts ...string) (*http.Transport, error) { Log.Debug("configure transport", "insecure", insecure, "clientCertFile", clientCertFile, "clientKeyFile", clientKeyFile, "cacerts", strings.Join(caCerts, ","), ) transport := new(http.Transport) tlsConfig := &tls.Config{InsecureSkipVerify: insecure} if len(clientCertFile) != 0 && len(clientKeyFile) != 0 { clientCert, err := tls.LoadX509KeyPair(clientCertFile, clientKeyFile) if err != nil { return nil, err } tlsConfig.Certificates = []tls.Certificate{clientCert} } if len(caCerts) > 0 { caCertPool := x509.NewCertPool() for _, cert := range caCerts { if len(cert) == 0 { continue } caCert, err := ioutil.ReadFile(cert) if err != nil { return nil, err } caCertPool.AppendCertsFromPEM(caCert) } tlsConfig.RootCAs = caCertPool } tlsConfig.BuildNameToCertificate() transport.TLSClientConfig = tlsConfig proxyURL, err := url.Parse(os.Getenv("http_proxy")) if err == nil { transport.Proxy = http.ProxyURL(proxyURL) } return transport, nil }
func Authenticate(name string, serverId string, sharedSecret []byte, publicKey []byte) (profile GameProfile, err error) { transport := new(http.Transport) transport.TLSClientConfig = new(tls.Config) transport.TLSClientConfig.RootCAs = x509.NewCertPool() transport.TLSClientConfig.RootCAs.AppendCertsFromPEM([]byte(Certificate)) client := new(http.Client) client.Transport = transport response, err := client.Get(fmt.Sprintf(URL, name, MojangSha1Hex([]byte(serverId), sharedSecret, publicKey))) if err != nil { return } defer response.Body.Close() jsonDecoder := json.NewDecoder(response.Body) profile = GameProfile{} err = jsonDecoder.Decode(&profile) if err != nil { return } if len(profile.Id) != 32 { err = errors.New(fmt.Sprintf("Id is not 32 characters: %d", len(profile.Id))) } return }
// Transport returns an http.RoundTripper with the correct timeouts func (ci *ConfigInfo) Transport() http.RoundTripper { noTransport.Do(func() { // Start with a sensible set of defaults then override. // This also means we get new stuff when it gets added to go t := new(http.Transport) setDefaults(t, http.DefaultTransport.(*http.Transport)) t.Proxy = http.ProxyFromEnvironment t.MaxIdleConnsPerHost = 4 * (ci.Checkers + ci.Transfers + 1) t.TLSHandshakeTimeout = ci.ConnectTimeout t.ResponseHeaderTimeout = ci.Timeout t.TLSClientConfig = &tls.Config{InsecureSkipVerify: ci.InsecureSkipVerify} t.DisableCompression = *noGzip // Set in http_old.go initTransport // t.Dial // Set in http_new.go initTransport // t.DialContext // t.IdelConnTimeout // t.ExpectContinueTimeout ci.initTransport(t) // Wrap that http.Transport in our own transport transport = NewTransport(t, ci.DumpHeaders, ci.DumpBodies) }) return transport }
// InstallAPI registers endpoints for an OAuth2 server into the provided mux, // then returns an array of strings indicating what endpoints were started // (these are format strings that will expect to be sent a single string value). func (c *AuthConfig) InstallAPI(container *restful.Container) []string { // TODO: register into container mux := container.ServeMux accessTokenStorage := accesstokenetcd.NewREST(c.EtcdHelper) accessTokenRegistry := accesstokenregistry.NewRegistry(accessTokenStorage) authorizeTokenStorage := authorizetokenetcd.NewREST(c.EtcdHelper) authorizeTokenRegistry := authorizetokenregistry.NewRegistry(authorizeTokenStorage) clientStorage := clientetcd.NewREST(c.EtcdHelper) clientRegistry := clientregistry.NewRegistry(clientStorage) clientAuthStorage := clientauthetcd.NewREST(c.EtcdHelper) clientAuthRegistry := clientauthregistry.NewRegistry(clientAuthStorage) authRequestHandler, authHandler, authFinalizer, err := c.getAuthorizeAuthenticationHandlers(mux) if err != nil { glog.Fatal(err) } storage := registrystorage.New(accessTokenRegistry, authorizeTokenRegistry, clientRegistry, registry.NewUserConversion()) config := osinserver.NewDefaultServerConfig() if c.Options.TokenConfig.AuthorizeTokenMaxAgeSeconds > 0 { config.AuthorizationExpiration = c.Options.TokenConfig.AuthorizeTokenMaxAgeSeconds } if c.Options.TokenConfig.AccessTokenMaxAgeSeconds > 0 { config.AccessExpiration = c.Options.TokenConfig.AccessTokenMaxAgeSeconds } grantChecker := registry.NewClientAuthorizationGrantChecker(clientAuthRegistry) grantHandler := c.getGrantHandler(mux, authRequestHandler, clientRegistry, clientAuthRegistry) server := osinserver.New( config, storage, osinserver.AuthorizeHandlers{ handlers.NewAuthorizeAuthenticator( authRequestHandler, authHandler, handlers.EmptyError{}, ), handlers.NewGrantCheck( grantChecker, grantHandler, handlers.EmptyError{}, ), authFinalizer, }, osinserver.AccessHandlers{ handlers.NewDenyAccessAuthenticator(), }, osinserver.NewDefaultErrorHandler(), ) server.Install(mux, OpenShiftOAuthAPIPrefix) CreateOrUpdateDefaultOAuthClients(c.Options.MasterPublicURL, c.AssetPublicAddresses, clientRegistry) osOAuthClientConfig := c.NewOpenShiftOAuthClientConfig(&OSBrowserClientBase) osOAuthClientConfig.RedirectUrl = c.Options.MasterPublicURL + path.Join(OpenShiftOAuthAPIPrefix, tokenrequest.DisplayTokenEndpoint) osOAuthClient, _ := osincli.NewClient(osOAuthClientConfig) if c.MasterRoots != nil { // Copy the default transport var transport http.Transport = *http.DefaultTransport.(*http.Transport) // Set TLS CA roots transport.TLSClientConfig = &tls.Config{RootCAs: c.MasterRoots} osOAuthClient.Transport = &transport } tokenRequestEndpoints := tokenrequest.NewEndpoints(c.Options.MasterPublicURL, osOAuthClient) tokenRequestEndpoints.Install(mux, OpenShiftOAuthAPIPrefix) // glog.Infof("oauth server configured as: %#v", server) // glog.Infof("auth handler: %#v", authHandler) // glog.Infof("auth request handler: %#v", authRequestHandler) // glog.Infof("grant checker: %#v", grantChecker) // glog.Infof("grant handler: %#v", grantHandler) return []string{ fmt.Sprintf("Started OAuth2 API at %%s%s", OpenShiftOAuthAPIPrefix), fmt.Sprintf("Started Login endpoint at %%s%s", OpenShiftLoginPrefix), } }
func (c *Cmd) Client() (*consulapi.Client, error) { config := consulapi.DefaultConfig() csl := c.consul csl.tlsConfig = new(tls.Config) if csl.address != "" { config.Address = c.consul.address } if csl.token != "" && csl.tokenFile != "" { return nil, errors.New("--token and --token-file can not both be provided") } if csl.tokenFile != "" { b, err := ioutil.ReadFile(csl.tokenFile) if err != nil { return nil, fmt.Errorf("Error reading token file: %s", err) } config.Token = strings.TrimSpace(string(b)) } if csl.token != "" { config.Token = csl.token } if csl.sslEnabled { config.Scheme = "https" if csl.sslCert != "" { if csl.sslKey == "" { return nil, errors.New("--ssl-key must be provided in order to use certificates for authentication") } clientCert, err := tls.LoadX509KeyPair(csl.sslCert, csl.sslKey) if err != nil { return nil, err } csl.tlsConfig.Certificates = []tls.Certificate{clientCert} csl.tlsConfig.BuildNameToCertificate() } if csl.sslVerify { if csl.sslCaCert == "" { return nil, errors.New("--ssl-ca-cert must be provided in order to use certificates for verification") } caCert, err := ioutil.ReadFile(csl.sslCaCert) if err != nil { return nil, err } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) csl.tlsConfig.RootCAs = caCertPool } } transport := new(http.Transport) transport.TLSClientConfig = csl.tlsConfig if !csl.sslVerify { transport.TLSClientConfig.InsecureSkipVerify = true } config.HttpClient.Transport = transport if csl.auth.Enabled { config.HttpAuth = &consulapi.HttpBasicAuth{ Username: csl.auth.Username, Password: csl.auth.Password, } } client, err := consulapi.NewClient(config) if err != nil { return nil, err } return client, nil }