github.com/ztalab/ZACA@v0.0.1/pkg/caclient/examples/client/client.go

github.com/ztalab/ZACA@v0.0.1/pkg/caclient/examples/client/client.go (about)

     1  package main
     2  
     3  import (
     4  	"crypto/tls"
     5  	"flag"
     6  	"fmt"
     7  	"github.com/pkg/errors"
     8  	"github.com/ztalab/ZACA/pkg/caclient"
     9  	"github.com/ztalab/ZACA/pkg/logger"
    10  	"github.com/ztalab/ZACA/pkg/spiffe"
    11  	"go.uber.org/zap/zapcore"
    12  	"io/ioutil"
    13  	"net/http"
    14  	"time"
    15  )
    16  
    17  var (
    18  	caAddr     = flag.String("ca", "https://127.0.0.1:8081", "CA Server")
    19  	ocspAddr   = flag.String("ocsp", "http://127.0.0.1:8082", "Ocsp Server")
    20  	serverAddr = flag.String("server", "https://127.0.0.1:6066", "")
    21  	authKey    = "0739a645a7d6601d9d45f6b237c4edeadad904f2fce53625dfdd541ec4fc8134"
    22  )
    23  
    24  func init() {
    25  	logger.GlobalConfig(logger.Conf{
    26  		Debug: true,
    27  		Level: zapcore.DebugLevel,
    28  	})
    29  }
    30  
    31  func main() {
    32  	flag.Parse()
    33  	client, err := NewMTLSClient()
    34  	if err != nil {
    35  		logger.Fatalf("Client init error: %v", err)
    36  	}
    37  	ticker := time.Tick(time.Second)
    38  	for i := 0; i < 1000; i++ {
    39  		<-ticker
    40  
    41  		resp, err := client.Get(*serverAddr)
    42  		if err != nil {
    43  			logger.With("resp", resp).Error(err)
    44  			continue
    45  		}
    46  		body, _ := ioutil.ReadAll(resp.Body)
    47  		logger.Infof("Request result: %v, %s", resp.StatusCode, body)
    48  	}
    49  }
    50  
    51  // mTLS Client Use example
    52  func NewMTLSClient() (*http.Client, error) {
    53  	l, _ := logger.NewZapLogger(&logger.Conf{
    54  		// Level: 2,
    55  		Level: -1,
    56  	})
    57  	c := caclient.NewCAI(
    58  		caclient.WithCAServer(caclient.RoleDefault, *caAddr),
    59  		caclient.WithAuthKey(authKey),
    60  		caclient.WithOcspAddr(*ocspAddr),
    61  		caclient.WithLogger(l),
    62  	)
    63  	ex, err := c.NewExchanger(&spiffe.IDGIdentity{
    64  		SiteID:    "test_site",
    65  		ClusterID: "cluster_test",
    66  		UniqueID:  "client1",
    67  	})
    68  	if err != nil {
    69  		return nil, errors.Wrap(err, "Exchanger initialization failed")
    70  	}
    71  	cfger, err := ex.ClientTLSConfig("supreme")
    72  	if err != nil {
    73  		panic(err)
    74  	}
    75  	cfger.BindExtraValidator(func(identity *spiffe.IDGIdentity) error {
    76  		fmt.Println("id: ", identity.String())
    77  		return nil
    78  	})
    79  	tlsCfg := cfger.TLSConfig()
    80  	//tlsCfg.VerifyConnection = func(state tls.ConnectionState) error {
    81  	//	cert := state.PeerCertificates[0]
    82  	//	fmt.Println("Server certificate generation time: ", cert.NotBefore.String())
    83  	//	return nil
    84  	//}
    85  	client := httpClient(tlsCfg)
    86  	go ex.RotateController().Run()
    87  	// util.ExtractCertFromExchanger(ex)
    88  
    89  	resp, err := client.Get("http://www.baidu.com")
    90  	if err != nil {
    91  		panic(err)
    92  	}
    93  
    94  	fmt.Println("baidu test: ", resp.StatusCode)
    95  
    96  	return client, nil
    97  }
    98  
    99  func httpClient(cfg *tls.Config) *http.Client {
   100  	client := http.Client{
   101  		Transport: &http.Transport{
   102  			TLSClientConfig:   cfg,
   103  			DisableKeepAlives: true,
   104  		},
   105  	}
   106  	return &client
   107  }