func configureTransport(t1 *http.Transport) error {
connPool := new(clientConnPool)
t2 := &Transport{ConnPool: noDialClientConnPool{connPool}}
if err := registerHTTPSProtocol(t1, noDialH2RoundTripper{t2}); err != nil {
return err
}
if t1.TLSClientConfig == nil {
t1.TLSClientConfig = new(tls.Config)
}
if !strSliceContains(t1.TLSClientConfig.NextProtos, "h2") {
t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...)
}
upgradeFn := func(authority string, c *tls.Conn) http.RoundTripper {
cc, err := t2.NewClientConn(c)
if err != nil {
c.Close()
return erringRoundTripper{err}
}
connPool.addConn(authorityAddr(authority), cc)
return t2
}
if m := t1.TLSNextProto; len(m) == 0 {
t1.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{
"h2": upgradeFn,
}
} else {
m["h2"] = upgradeFn
}
return nil
}
func (auth *Auth) NewClient() *http.Client {
var client *http.Client
var transport *http.Transport
if auth.Settings["insecure"] != "" || auth.Settings["proxy_host"] != "" {
transport = &http.Transport{}
}
if auth.Settings["insecure"] != "" {
//FIXME
os.Setenv("HTTP_PROXY", "http://127.0.0.1:10004")
os.Setenv("NO_PROXY", "")
var config *tls.Config = &tls.Config{
InsecureSkipVerify: true,
}
transport.TLSClientConfig = config
}
if auth.Settings["proxy_host"] != "" {
turl, _ := url.Parse("http://" + auth.Settings["proxy_host"] + ":" + auth.Settings["proxy_port"])
transport.Proxy = http.ProxyURL(turl)
}
if auth.Settings["insecure"] != "" || auth.Settings["proxy_host"] != "" {
client = &http.Client{
Jar: auth.CookieJar,
Transport: transport,
}
} else {
client = &http.Client{
Jar: auth.CookieJar,
}
}
return client
}
// Creates a new HTTP connection pool using the given address and pool parameters.
//
// 'addr' is a net.Dial()-style 'host:port' destination for making the TCP connection for
// HTTP/HTTPS traffic. It will be used as the hostname by default for virtual hosting
// and SSL certificate validation; if you'd like to use a different hostname,
// set params.HostHeader.
func NewSimplePool(addr string, params ConnectionParams) *SimplePool {
pool := &SimplePool{
addr: addr,
params: params,
client: new(http.Client),
}
// setup HTTP transport
transport := new(http.Transport)
transport.ResponseHeaderTimeout = params.ResponseTimeout
transport.MaxIdleConnsPerHost = params.MaxIdle
transport.Proxy = http.ProxyFromEnvironment
if params.Dial == nil {
// dialTimeout could only be used in none proxy requests since it talks directly
// to pool.addr
if getenvEitherCase("HTTP_PROXY") == "" {
transport.Dial = pool.dialTimeout
}
} else {
transport.Dial = params.Dial
}
pool.transport = transport
pool.client.Transport = transport
if params.UseSSL && params.SkipVerifySSL {
transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
}
return pool
}
// Creates a new Client with the provided options.
func New(o Options) (*Client, error) {
if len(o.Endpoints) == 0 {
return nil, missingEtcdEndpoint
}
if o.Timeout == 0 {
o.Timeout = defaultTimeout
}
httpClient := &http.Client{Timeout: o.Timeout}
if o.Insecure {
var transport *http.Transport
if dt, ok := http.DefaultTransport.(*http.Transport); ok {
dtc := *dt
transport = &dtc
} else {
transport = &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second}).Dial,
TLSHandshakeTimeout: 10 * time.Second}
}
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
httpClient.Transport = transport
}
return &Client{
endpoints: o.Endpoints,
routesRoot: o.Prefix + routesPath,
client: httpClient,
etcdIndex: 0}, nil
}
func main() {
transport := new(http.Transport)
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
client := new(http.Client)
client.Transport = transport
url := "https://10.80.65.70:9443/rest/agent/1a5dc1ef-f0e6-4aad-839a-a7880d539e8d"
req, err := http.NewRequest("GET", url, nil)
if err != nil {
panic(err)
}
creds := convertCredentials("admin", "admin")
req.Header.Add("Authorization", "Basic "+creds)
resp, err := client.Do(req)
if err != nil {
panic(err)
}
fmt.Println(resp)
}
func main() {
flag.Parse()
if *port == 0 {
xport, err := strconv.Atoi(os.Getenv("PORT"))
if err != nil {
fmt.Println("Please specify the HTTP port (either flag or environment)")
os.Exit(1)
}
*port = xport
}
if flag.NArg() < 1 {
fmt.Println("Specify remote URL on the command line")
os.Exit(1)
}
remote, err := url.Parse(flag.Arg(0))
if err != nil {
fmt.Println("error parsing remote URL", err)
os.Exit(1)
}
transport := new(http.Transport)
switch remote.Scheme {
case "http":
if *ca != "" {
log.Println("ignoring ca flag for non-https remote")
}
case "https":
if *ca != "" {
pool := x509.NewCertPool()
data, err := ioutil.ReadFile(*ca)
if err != nil {
log.Fatal(err)
os.Exit(1)
}
pool.AppendCertsFromPEM(data)
tlsconfig := new(tls.Config)
tlsconfig.RootCAs = pool
transport.TLSClientConfig = tlsconfig
}
default:
fmt.Println("unsupported remote scheme:", remote.Scheme)
os.Exit(1)
}
rp := &ReverseProxy{
remote,
transport,
}
log.Fatal(http.ListenAndServe(
fmt.Sprintf(":%v", *port), rp))
}
func NewClient(e *Env, config *ClientConfig, needCookie bool) *Client {
var jar *cookiejar.Jar
if needCookie && (config == nil || config.UseCookies) && e.GetTorMode().UseCookies() {
jar, _ = cookiejar.New(nil)
}
var timeout time.Duration
// from http.DefaultTransport;
//
// TODO: change this back (see comment below) to allow
// shared Transport after we switch to go1.7
xprt := http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
}
// This disables HTTP/2. There's a bug introduced between (go1.6, go1.6.3]
// that makes client.Get hang on certain HTTP/2 servers. See CORE-3441 for
// details.
//
// TODO: remove this after the bug is fixed.
xprt.TLSNextProto = make(
map[string]func(authority string, c *tls.Conn) http.RoundTripper)
if (config != nil && config.RootCAs != nil) || e.GetTorMode().Enabled() {
if config != nil && config.RootCAs != nil {
xprt.TLSClientConfig = &tls.Config{RootCAs: config.RootCAs}
}
if e.GetTorMode().Enabled() {
dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, e.GetTorProxy())
xprt.Dial = dialSocksProxy
} else {
xprt.Proxy = http.ProxyFromEnvironment
}
}
if config == nil || config.Timeout == 0 {
timeout = HTTPDefaultTimeout
} else {
timeout = config.Timeout
}
ret := &Client{
cli: &http.Client{Timeout: timeout},
config: config,
}
if jar != nil {
ret.cli.Jar = jar
}
ret.cli.Transport = &xprt
return ret
}
// newRawClient creates an http package Client taking into account both the parameters and package
// variables.
func newRawClient(noredirect bool) *http.Client {
tr := http.Transport{ResponseHeaderTimeout: ResponseHeaderTimeout, Proxy: http.ProxyFromEnvironment}
tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: NoCertCheck}
c := http.Client{Transport: &tr}
if noredirect {
c.CheckRedirect = func(*http.Request, []*http.Request) error {
return fmt.Errorf(noRedirectError)
}
}
return &c
}
func main() {
transport := new(http.Transport)
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
client := new(http.Client)
client.Transport = transport
url := "https://10.80.65.70:9443/rest/agent/1a5dc1ef-f0e6-4aad-839a-a7880d539e8d/log/9429c03e-a07a-48ef-8a74-a4c2ace992a2"
req, err := http.NewRequest("GET", url, nil)
if err != nil {
panic(err)
}
creds := convertCredentials("admin", "admin")
req.Header.Add("Authorization", "Basic "+creds)
resp, err := client.Do(req)
if err != nil {
panic(err)
}
// bytes, err := ioutil.ReadAll(resp.Body)
// if err != nil {
// panic(err)
// }
//temp := resp.Header["Content-Disposition"]
//temp2 := string.Fields("[attachment; filename=")
//temp2 := strings.Trim(temp, "[attachment; filename=")
//fmt.Println(temp2)
//fmt.Println(bytes)
//var result map[string]interface{}
//err = json.Unmarshal(bytes, &result)
//if err != nil {
// panic(err)
// }
// fmt.Println(result)
/*
defer resp.Body.Close()
out, err := os.Create("filename.tar.gz")
if err != nil {
panic(err)
}
defer out.Close()
io.Copy(out, resp.Body)
fmt.Println(out)
*/
}
// New creates a new JSON-RPC over HTTPS client which uses the given
// certificate file to communicate with the server if the scheme of the URL is
// https.
func New(URL string, cert []byte) (*URLClient, error) {
var pool *x509.CertPool
transport := new(http.Transport)
urlparsed, err := url.Parse(URL)
if err != nil {
return nil, err
}
if urlparsed.Scheme == "https" {
pool = x509.NewCertPool()
if !pool.AppendCertsFromPEM(cert) {
return nil, ErrCertLoad
}
transport.TLSClientConfig = &tls.Config{RootCAs: pool}
}
return &URLClient{transport: transport, curl: URL}, nil
}
// Creates a new HTTP connection pool using the given address and pool parameters.
//
// 'addr' is a net.Dial()-style 'host:port' destination for making the TCP connection for
// HTTP/HTTPS traffic. It will be used as the hostname by default for virtual hosting
// and SSL certificate validation; if you'd like to use a different hostname,
// set params.HostHeader.
func NewSimplePool(addr string, params ConnectionParams) *SimplePool {
pool := &SimplePool{
addr: addr,
params: params,
client: new(http.Client),
}
// It's desirable to enforce the timeout at the client-level since it
// includes the connection time, redirects and the time to finish reading
// the full response. Unlike ResponseHeaderTimeout supported by
// `http.Transport` which merely accounts for the timeout to receive the
// first response header byte. It ignores the time to send the request or
// the time to read the full response.
pool.client.Timeout = params.ResponseTimeout
// setup HTTP transport
transport := new(http.Transport)
transport.ResponseHeaderTimeout = params.ResponseTimeout
transport.MaxIdleConnsPerHost = params.MaxIdle
if params.Proxy != nil {
transport.Proxy = params.Proxy
} else {
transport.Proxy = http.ProxyFromEnvironment
}
if params.Dial == nil {
// dialTimeout could only be used in none proxy requests since it talks directly
// to pool.addr
if getenvEitherCase("HTTP_PROXY") == "" && params.Proxy == nil {
transport.Dial = pool.dialTimeout
}
} else {
transport.Dial = params.Dial
}
pool.transport = transport
pool.client.Transport = transport
if params.UseSSL && params.SkipVerifySSL {
transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
}
return pool
}
func configureTransport(t1 *http.Transport) (*Transport, error) {
connPool := new(clientConnPool)
t2 := &Transport{
ConnPool: noDialClientConnPool{connPool},
t1: t1,
}
connPool.t = t2
if err := registerHTTPSProtocol(t1, noDialH2RoundTripper{t2}); err != nil {
return nil, err
}
if t1.TLSClientConfig == nil {
t1.TLSClientConfig = new(tls.Config)
}
if !strSliceContains(t1.TLSClientConfig.NextProtos, "h2") {
t1.TLSClientConfig.NextProtos = append([]string{"h2"}, t1.TLSClientConfig.NextProtos...)
}
if !strSliceContains(t1.TLSClientConfig.NextProtos, "http/1.1") {
t1.TLSClientConfig.NextProtos = append(t1.TLSClientConfig.NextProtos, "http/1.1")
}
upgradeFn := func(authority string, c *tls.Conn) http.RoundTripper {
addr := authorityAddr(authority)
if used, err := connPool.addConnIfNeeded(addr, t2, c); err != nil {
go c.Close()
return erringRoundTripper{err}
} else if !used {
// Turns out we don't need this c.
// For example, two goroutines made requests to the same host
// at the same time, both kicking off TCP dials. (since protocol
// was unknown)
go c.Close()
}
return t2
}
if m := t1.TLSNextProto; len(m) == 0 {
t1.TLSNextProto = map[string]func(string, *tls.Conn) http.RoundTripper{
"h2": upgradeFn,
}
} else {
m["h2"] = upgradeFn
}
return t2, nil
}
func (c *HttpsTaobaoClient) Excute(request TaobaoRequest, response interface{}, accessToken string) ([]byte, error) {
request.Set(METHOD, request.GetApiMethodName())
request.Set(FORMAT, c.Format)
request.Set(VERSION, c.Version)
request.Set("access_token", accessToken)
body := strings.NewReader(request.GetValues().Encode())
req, err := http.NewRequest("POST", c.ServerUrl, body)
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") //必须
transport := new(http.Transport)
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: false}
client := new(http.Client)
client.Transport = transport
return clientDo(client, req, response)
}
func NewClient(e *Env, config *ClientConfig, needCookie bool) *Client {
var jar *cookiejar.Jar
if needCookie && (config == nil || config.UseCookies) && e.GetTorMode().UseCookies() {
jar, _ = cookiejar.New(nil)
}
var xprt *http.Transport
var timeout time.Duration
if (config != nil && config.RootCAs != nil) || e.GetTorMode().Enabled() {
xprt = &http.Transport{}
if config != nil && config.RootCAs != nil {
xprt.TLSClientConfig = &tls.Config{RootCAs: config.RootCAs}
}
if e.GetTorMode().Enabled() {
dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, e.GetTorProxy())
xprt.Dial = dialSocksProxy
} else {
xprt.Proxy = http.ProxyFromEnvironment
}
}
if config == nil || config.Timeout == 0 {
timeout = HTTPDefaultTimeout
} else {
timeout = config.Timeout
}
ret := &Client{
cli: &http.Client{Timeout: timeout},
config: config,
}
if jar != nil {
ret.cli.Jar = jar
}
if xprt != nil {
ret.cli.Transport = xprt
}
return ret
}
// ConfigureTransport configures the http client transport (ssl, proxy)
func ConfigureTransport(insecure bool, clientCertFile string, clientKeyFile string, caCerts ...string) (*http.Transport, error) {
Log.Debug("configure transport",
"insecure", insecure,
"clientCertFile", clientCertFile,
"clientKeyFile", clientKeyFile,
"cacerts", strings.Join(caCerts, ","),
)
transport := new(http.Transport)
tlsConfig := &tls.Config{InsecureSkipVerify: insecure}
if len(clientCertFile) != 0 && len(clientKeyFile) != 0 {
clientCert, err := tls.LoadX509KeyPair(clientCertFile, clientKeyFile)
if err != nil {
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{clientCert}
}
if len(caCerts) > 0 {
caCertPool := x509.NewCertPool()
for _, cert := range caCerts {
if len(cert) == 0 {
continue
}
caCert, err := ioutil.ReadFile(cert)
if err != nil {
return nil, err
}
caCertPool.AppendCertsFromPEM(caCert)
}
tlsConfig.RootCAs = caCertPool
}
tlsConfig.BuildNameToCertificate()
transport.TLSClientConfig = tlsConfig
proxyURL, err := url.Parse(os.Getenv("http_proxy"))
if err == nil {
transport.Proxy = http.ProxyURL(proxyURL)
}
return transport, nil
}
func Authenticate(name string, serverId string, sharedSecret []byte, publicKey []byte) (profile GameProfile, err error) {
transport := new(http.Transport)
transport.TLSClientConfig = new(tls.Config)
transport.TLSClientConfig.RootCAs = x509.NewCertPool()
transport.TLSClientConfig.RootCAs.AppendCertsFromPEM([]byte(Certificate))
client := new(http.Client)
client.Transport = transport
response, err := client.Get(fmt.Sprintf(URL, name, MojangSha1Hex([]byte(serverId), sharedSecret, publicKey)))
if err != nil {
return
}
defer response.Body.Close()
jsonDecoder := json.NewDecoder(response.Body)
profile = GameProfile{}
err = jsonDecoder.Decode(&profile)
if err != nil {
return
}
if len(profile.Id) != 32 {
err = errors.New(fmt.Sprintf("Id is not 32 characters: %d", len(profile.Id)))
}
return
}
// Transport returns an http.RoundTripper with the correct timeouts
func (ci *ConfigInfo) Transport() http.RoundTripper {
noTransport.Do(func() {
// Start with a sensible set of defaults then override.
// This also means we get new stuff when it gets added to go
t := new(http.Transport)
setDefaults(t, http.DefaultTransport.(*http.Transport))
t.Proxy = http.ProxyFromEnvironment
t.MaxIdleConnsPerHost = 4 * (ci.Checkers + ci.Transfers + 1)
t.TLSHandshakeTimeout = ci.ConnectTimeout
t.ResponseHeaderTimeout = ci.Timeout
t.TLSClientConfig = &tls.Config{InsecureSkipVerify: ci.InsecureSkipVerify}
t.DisableCompression = *noGzip
// Set in http_old.go initTransport
// t.Dial
// Set in http_new.go initTransport
// t.DialContext
// t.IdelConnTimeout
// t.ExpectContinueTimeout
ci.initTransport(t)
// Wrap that http.Transport in our own transport
transport = NewTransport(t, ci.DumpHeaders, ci.DumpBodies)
})
return transport
}
// InstallAPI registers endpoints for an OAuth2 server into the provided mux,
// then returns an array of strings indicating what endpoints were started
// (these are format strings that will expect to be sent a single string value).
func (c *AuthConfig) InstallAPI(container *restful.Container) []string {
// TODO: register into container
mux := container.ServeMux
accessTokenStorage := accesstokenetcd.NewREST(c.EtcdHelper)
accessTokenRegistry := accesstokenregistry.NewRegistry(accessTokenStorage)
authorizeTokenStorage := authorizetokenetcd.NewREST(c.EtcdHelper)
authorizeTokenRegistry := authorizetokenregistry.NewRegistry(authorizeTokenStorage)
clientStorage := clientetcd.NewREST(c.EtcdHelper)
clientRegistry := clientregistry.NewRegistry(clientStorage)
clientAuthStorage := clientauthetcd.NewREST(c.EtcdHelper)
clientAuthRegistry := clientauthregistry.NewRegistry(clientAuthStorage)
authRequestHandler, authHandler, authFinalizer, err := c.getAuthorizeAuthenticationHandlers(mux)
if err != nil {
glog.Fatal(err)
}
storage := registrystorage.New(accessTokenRegistry, authorizeTokenRegistry, clientRegistry, registry.NewUserConversion())
config := osinserver.NewDefaultServerConfig()
if c.Options.TokenConfig.AuthorizeTokenMaxAgeSeconds > 0 {
config.AuthorizationExpiration = c.Options.TokenConfig.AuthorizeTokenMaxAgeSeconds
}
if c.Options.TokenConfig.AccessTokenMaxAgeSeconds > 0 {
config.AccessExpiration = c.Options.TokenConfig.AccessTokenMaxAgeSeconds
}
grantChecker := registry.NewClientAuthorizationGrantChecker(clientAuthRegistry)
grantHandler := c.getGrantHandler(mux, authRequestHandler, clientRegistry, clientAuthRegistry)
server := osinserver.New(
config,
storage,
osinserver.AuthorizeHandlers{
handlers.NewAuthorizeAuthenticator(
authRequestHandler,
authHandler,
handlers.EmptyError{},
),
handlers.NewGrantCheck(
grantChecker,
grantHandler,
handlers.EmptyError{},
),
authFinalizer,
},
osinserver.AccessHandlers{
handlers.NewDenyAccessAuthenticator(),
},
osinserver.NewDefaultErrorHandler(),
)
server.Install(mux, OpenShiftOAuthAPIPrefix)
CreateOrUpdateDefaultOAuthClients(c.Options.MasterPublicURL, c.AssetPublicAddresses, clientRegistry)
osOAuthClientConfig := c.NewOpenShiftOAuthClientConfig(&OSBrowserClientBase)
osOAuthClientConfig.RedirectUrl = c.Options.MasterPublicURL + path.Join(OpenShiftOAuthAPIPrefix, tokenrequest.DisplayTokenEndpoint)
osOAuthClient, _ := osincli.NewClient(osOAuthClientConfig)
if c.MasterRoots != nil {
// Copy the default transport
var transport http.Transport = *http.DefaultTransport.(*http.Transport)
// Set TLS CA roots
transport.TLSClientConfig = &tls.Config{RootCAs: c.MasterRoots}
osOAuthClient.Transport = &transport
}
tokenRequestEndpoints := tokenrequest.NewEndpoints(c.Options.MasterPublicURL, osOAuthClient)
tokenRequestEndpoints.Install(mux, OpenShiftOAuthAPIPrefix)
// glog.Infof("oauth server configured as: %#v", server)
// glog.Infof("auth handler: %#v", authHandler)
// glog.Infof("auth request handler: %#v", authRequestHandler)
// glog.Infof("grant checker: %#v", grantChecker)
// glog.Infof("grant handler: %#v", grantHandler)
return []string{
fmt.Sprintf("Started OAuth2 API at %%s%s", OpenShiftOAuthAPIPrefix),
fmt.Sprintf("Started Login endpoint at %%s%s", OpenShiftLoginPrefix),
}
}
func (c *Cmd) Client() (*consulapi.Client, error) {
config := consulapi.DefaultConfig()
csl := c.consul
csl.tlsConfig = new(tls.Config)
if csl.address != "" {
config.Address = c.consul.address
}
if csl.token != "" && csl.tokenFile != "" {
return nil, errors.New("--token and --token-file can not both be provided")
}
if csl.tokenFile != "" {
b, err := ioutil.ReadFile(csl.tokenFile)
if err != nil {
return nil, fmt.Errorf("Error reading token file: %s", err)
}
config.Token = strings.TrimSpace(string(b))
}
if csl.token != "" {
config.Token = csl.token
}
if csl.sslEnabled {
config.Scheme = "https"
if csl.sslCert != "" {
if csl.sslKey == "" {
return nil, errors.New("--ssl-key must be provided in order to use certificates for authentication")
}
clientCert, err := tls.LoadX509KeyPair(csl.sslCert, csl.sslKey)
if err != nil {
return nil, err
}
csl.tlsConfig.Certificates = []tls.Certificate{clientCert}
csl.tlsConfig.BuildNameToCertificate()
}
if csl.sslVerify {
if csl.sslCaCert == "" {
return nil, errors.New("--ssl-ca-cert must be provided in order to use certificates for verification")
}
caCert, err := ioutil.ReadFile(csl.sslCaCert)
if err != nil {
return nil, err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
csl.tlsConfig.RootCAs = caCertPool
}
}
transport := new(http.Transport)
transport.TLSClientConfig = csl.tlsConfig
if !csl.sslVerify {
transport.TLSClientConfig.InsecureSkipVerify = true
}
config.HttpClient.Transport = transport
if csl.auth.Enabled {
config.HttpAuth = &consulapi.HttpBasicAuth{
Username: csl.auth.Username,
Password: csl.auth.Password,
}
}
client, err := consulapi.NewClient(config)
if err != nil {
return nil, err
}
return client, nil
}
