Merge pull request #45 from islax/set_http_default_transport_tls_config

Set http default transport tls config
islax · Feb 3, 2022 · 68f93bb · 68f93bb
2 parents 69dfe6e + 9d458d4
commit 68f93bb
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 8 deletions.
diff --git a/app.go b/app.go
@@ -109,6 +109,12 @@ func NewWithEnvValues(appName string, appConfigDefaults map[string]interface{})
 		consoleOnlyLogger.Fatal().Err(err).Msg("Failed to initialize memcached, exiting the application!!")
 	}
 
+	tlsConfig, err := app.setTLSClientConfig()
+	if err != nil {
+		consoleOnlyLogger.Fatal().Err(err).Msg("Failed to set TLS Client Config, exiting the application!!")
+	}
+	http.DefaultTransport.(*http.Transport).TLSClientConfig = tlsConfig
+
 	return &app
 }
 
@@ -131,7 +137,7 @@ func (app *App) initializeDB() error {
 				dbconf.NamingStrategy = schema.NamingStrategy{SingularTable: true}
 			}
 
-			if err = registerTLSconfig(app.Config.GetString("DB_SSL_CA_PATH"), app.Config.GetString("DB_SSL_CERT_PATH"), app.Config.GetString("DB_SSL_KEY_PATH")); err != nil {
+			if err = registerTLSConfig(app.Config.GetString("DB_SSL_CA_PATH"), app.Config.GetString("DB_SSL_CERT_PATH"), app.Config.GetString("DB_SSL_KEY_PATH")); err != nil {
 				app.log.Warn().Err(err).Msgf("TLS config error [%v]. Connecting without certificates", err)
 			}
 
@@ -225,9 +231,8 @@ func (app *App) Initialize(routeSpecifiers []RouteSpecifier) {
 
 //Start http server and start listening to the requests
 func (app *App) Start() {
-
-	if app.Config.GetString("ENABLE_TLS") == "true" {
-		app.StartSecure(app.Config.GetString("TLS_CRT"), app.Config.GetString("TLS_KEY"))
+	if app.Config.GetBool(config.EvSuffixForEnableTLS) {
+		app.StartSecure(app.Config.GetString(config.EvSuffixForTLSCert), app.Config.GetString(config.EvSuffixForTLSKey))
 	} else {
 		if err := app.server.ListenAndServe(); err != nil {
 			if err != http.ErrServerClosed {
@@ -402,17 +407,17 @@ func GetCorrelationIDFromRequest(r *http.Request) string {
 	return r.Header.Get("X-Correlation-ID")
 }
 
-func registerTLSconfig(ssl_ca, ssl_cert, ssl_key string) error {
+func registerTLSConfig(sslCA, sslCert, sslKey string) error {
 	rootCertPool := x509.NewCertPool()
-	pem, err := ioutil.ReadFile(ssl_ca)
+	pem, err := ioutil.ReadFile(sslCA)
 	if err != nil {
 		return err
 	}
 	if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
 		return err
 	}
 	clientCert := make([]tls.Certificate, 0, 1)
-	certs, err := tls.LoadX509KeyPair(ssl_cert, ssl_key)
+	certs, err := tls.LoadX509KeyPair(sslCert, sslKey)
 	if err != nil {
 		return err
 	}
@@ -433,7 +438,7 @@ func (app *App) initializeMemcache() error {
 	memcachedHost := app.Config.GetString(config.EvSuffixForMemCachedHost)
 	memcachedPort := app.Config.GetString(config.EvSuffixForMemCachedPort)
 
-	app.log.Debug().Msgf("connecting to %s\n",net.JoinHostPort(memcachedHost, memcachedPort))
+	app.log.Debug().Msgf("connecting to %s\n", net.JoinHostPort(memcachedHost, memcachedPort))
 
 	memcachedClient := memcache.New(net.JoinHostPort(memcachedHost, memcachedPort))
 	if memcachedClient == nil {
@@ -458,3 +463,31 @@ func (app *App) initializeMemcache() error {
 	app.log.Info().Msg("Memcached connected!")
 	return nil
 }
+
+func (app *App) setTLSClientConfig() (*tls.Config, error) {
+	tlsConfig := &tls.Config{}
+
+	if app.Config.GetBool(config.EvSuffixForSkipInsecureTLSVerification) {
+		tlsConfig.InsecureSkipVerify = true
+		return tlsConfig, nil
+	}
+
+	certPool, err := x509.SystemCertPool()
+	if err != nil {
+		return nil, errors.New(fmt.Sprintf("unable to load system certificates, err: %s", err.Error()))
+	}
+
+	if app.Config.GetBool(config.EvSuffixForEnableTLS) {
+		tlsConfig.ServerName = app.Config.GetString(config.EvSuffixForTLSServerName)
+
+		pemBytes, err := ioutil.ReadFile(app.Config.GetString(config.EvSuffixForTLSCert))
+		if err != nil {
+			return nil, errors.New(fmt.Sprintf("unable to read TLS_CERT with err: %s", err.Error()))
+		}
+		certPool.AppendCertsFromPEM(pemBytes)
+	}
+
+	tlsConfig.RootCAs = certPool
+
+	return tlsConfig, nil
+}
diff --git a/config/constants.go b/config/constants.go
@@ -52,4 +52,14 @@ const (
 	EvSuffixForMemCachedPort = "MEMCACHED_PORT"
 	// EvSuffixForMemCachedRequired environment variable name for memcached required flag
 	EvSuffixForMemCachedRequired = "MEMCACHED_REQUIRED"
+	// EvSuffixForSkipInsecureTLSVerification environment variable name for skipping insecure tls verification
+	EvSuffixForSkipInsecureTLSVerification = "TLS_INSECURE_SKIP_VERIFY"
+	// EvSuffixForEnableTLS environment variable name for enabling tls
+	EvSuffixForEnableTLS = "ENABLE_TLS"
+	// EvSuffixForTLSServerName environment variable name for tls server name
+	EvSuffixForTLSServerName = "TLS_SERVER_NAME"
+	// EvSuffixForTLSCert environment variable name for tls certificate
+	EvSuffixForTLSCert = "TLS_CRT"
+	// EvSuffixForTLSKey environment variable name for tls private key
+	EvSuffixForTLSKey = "TLS_KEY"
 )