Skip to content

Commit c85da28

Browse files
woodnathanfiorix
woodnathan
authored and
fiorix
committed
Added generator support for client x509 key pair
1 parent 57713bd commit c85da28

File tree

1 file changed

+28
-9
lines changed

1 file changed

+28
-9
lines changed

main.go

Lines changed: 28 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -17,12 +17,14 @@ import (
1717
var version = "tip"
1818

1919
type options struct {
20-
Src string
21-
Dst string
22-
Package string
23-
Namespace string
24-
Insecure bool
25-
Version bool
20+
Src string
21+
Dst string
22+
Package string
23+
Namespace string
24+
Insecure bool
25+
ClientCertFile string
26+
ClientKeyFile string
27+
Version bool
2628
}
2729

2830
func main() {
@@ -33,6 +35,8 @@ func main() {
3335
flag.StringVar(&opts.Namespace, "n", opts.Namespace, "override namespace")
3436
flag.StringVar(&opts.Package, "p", opts.Package, "package name")
3537
flag.BoolVar(&opts.Insecure, "yolo", opts.Insecure, "accept invalid https certificates")
38+
flag.StringVar(&opts.ClientCertFile, "cert", opts.ClientCertFile, "use client TLS cert file")
39+
flag.StringVar(&opts.ClientKeyFile, "key", opts.ClientKeyFile, "use client TLS key file")
3640
flag.BoolVar(&opts.Version, "version", opts.Version, "show version and exit")
3741
flag.Parse()
3842
if opts.Version {
@@ -52,7 +56,7 @@ func main() {
5256
w = f
5357
}
5458

55-
cli := httpClient(opts.Insecure)
59+
cli := httpClient(opts.Insecure, opts.ClientCertFile, opts.ClientKeyFile)
5660

5761
err := codegen(w, opts, cli)
5862
if err != nil {
@@ -99,7 +103,22 @@ func open(name string, cli *http.Client) (io.ReadCloser, error) {
99103
}
100104

101105
// httpClient returns http client with default options
102-
func httpClient(insecure bool) *http.Client {
106+
func httpClient(insecure bool, clientCertPath, clientKeyPath string) *http.Client {
107+
tlsConfig := &tls.Config{InsecureSkipVerify: insecure}
108+
109+
if clientCertPath != "" && clientKeyPath != "" {
110+
clientCert, err := tls.LoadX509KeyPair(clientCertPath, clientKeyPath)
111+
if err != nil {
112+
log.Fatalln("Failed to load x509 client key pair:", err)
113+
}
114+
tlsConfig.Certificates = []tls.Certificate{clientCert}
115+
tlsConfig.Renegotiation = tls.RenegotiateFreelyAsClient
116+
} else if clientCertPath == "" && clientKeyPath != "" {
117+
log.Fatalln("Certificate file is required when using key file")
118+
} else if clientCertPath != "" && clientKeyPath == "" {
119+
log.Fatalln("Key file is required when using certificate file")
120+
}
121+
103122
defaultTransport := http.DefaultTransport.(*http.Transport)
104123
transport := &http.Transport{
105124
Proxy: defaultTransport.Proxy,
@@ -108,7 +127,7 @@ func httpClient(insecure bool) *http.Client {
108127
IdleConnTimeout: defaultTransport.IdleConnTimeout,
109128
ExpectContinueTimeout: defaultTransport.ExpectContinueTimeout,
110129
TLSHandshakeTimeout: defaultTransport.TLSHandshakeTimeout,
111-
TLSClientConfig: &tls.Config{InsecureSkipVerify: insecure},
130+
TLSClientConfig: tlsConfig,
112131
}
113132
return &http.Client{Transport: transport}
114133
}

0 commit comments

Comments
 (0)