/* * Copyright 2020 Huawei Technologies Co., Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package service import ( "crypto/tls" "crypto/x509" "errors" "io/ioutil" "log" "net/http" "os" "strconv" "strings" ) // const var cipherSuiteMap = map[string]uint16{ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, } // register to mep func RegisterToMep(param string, url string) (string, error) { response, errPost := DoPost(param, url) if errPost != nil { log.Println("Failed to send request") return "", errPost } defer response.Body.Close() if response.StatusCode != http.StatusCreated { return "", errors.New("request failed, status is " + strconv.Itoa(response.StatusCode)) } body, err := ioutil.ReadAll(response.Body) if err != nil { log.Println("Failed to read response") return "", err } return string(body), nil } func DoPost(param string, url string) (*http.Response, error) { sslMode := os.Getenv("APP_SSL_MODE") //if ssl mode is enabled, then config tls if sslMode == "0" { response, errPost := http.Post(url, "application/json", strings.NewReader(param)) if errPost != nil { log.Println("Failed to create http request") return nil, errPost } return response, nil } else { req, errReq := http.NewRequest("POST", url, strings.NewReader(param)) if errReq != nil { log.Println("Failed to create https request") return nil, errReq } response, errDo := DoRegister(req) if errDo != nil { log.Println("Failed to post https request %s", errDo) return nil, errDo } return response, nil } } func DoRegister(req *http.Request) (*http.Response, error) { config, err := TlsConfig() if err != nil { log.Println("Failed to config HTTPS") return nil, err } trans := &http.Transport{ TLSClientConfig: config, } client := &http.Client{Transport: trans} return client.Do(req) } func TlsConfig() (*tls.Config, error) { caCert, err := ioutil.ReadFile(os.Getenv("SSL_ROOT")) if err != nil { log.Println("Failed to read cert from file") return nil, err } CACERT := x509.NewCertPool() CACERT.AppendCertsFromPEM(caCert) appconf, err1 := GetAppConf("./conf/app_info.yaml") if err1 != nil { log.Println("Failed to read cipher from file") return nil, err1 } cipherslist := appconf.SslCipherSuite if cipherslist == "" { log.Println("no cipher provided in conf") return nil, err } ciphermap := getcipher(cipherslist) if ciphermap == nil { return nil, err } return &tls.Config{ RootCAs: CACERT, ServerName: os.Getenv("CA_CERT_DOMAIN_NAME"), CipherSuites: ciphermap, MinVersion: tls.VersionTLS12, }, nil } func getcipher(ciphers string) []uint16 { ciphersmap := make([]uint16, 0) cipherlist := strings.Split(ciphers, ",") for _, ciphername := range cipherlist { ciphernametrim := strings.TrimSpace(ciphername) if len(ciphernametrim) == 0 { continue } ciphervalue, ok := cipherSuiteMap[ciphernametrim] if !ok { log.Println("not recommended cipher") return nil } ciphersmap = append(ciphersmap, ciphervalue) } if len(ciphersmap) <= 0 { log.Println("no cipher in list") return nil } return ciphersmap }