Gitiles
Code Review Sign In
gerrit.nordix.org / oransc / nonrtric / f4ad7493dc6bbdca342be69a2b997196f28f5d74^! / . / auth-token-fetch / main.go
commitf4ad7493dc6bbdca342be69a2b997196f28f5d74[log] [tgz]
authorPatrikBuhr <patrik.buhr@est.tech>Wed Mar 23 08:15:21 2022 +0100
committerPatrikBuhr <patrik.buhr@est.tech>Wed Mar 23 08:18:35 2022 +0100
treedd81e13b7ab83b9c80f2a2632a8a73e5269fd80b
parent1b82a8331d9b1f92687dbd25e6d28f2943c9df22 [diff] [blame]
Fetch of authorization token

Added support for configuration of root CAs for trust validation.

Signed-off-by: PatrikBuhr <patrik.buhr@est.tech>
Issue-ID: NONRTRIC-735
Change-Id: I9ee9e73eeb1f9f94a7ea73342d4ddee25066729f

diff --git a/auth-token-fetch/main.go b/auth-token-fetch/main.go
index 9a63534..41f49d3 100644
--- a/auth-token-fetch/main.go
+++ b/auth-token-fetch/main.go

@@ -22,8 +22,8 @@
 
 import (
 	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
-	"fmt"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -74,14 +74,10 @@
 		log.Fatalf("Stopping due to error: %v", err)
 	}
 
-	var cert tls.Certificate
-	if c, err := loadCertificate(context.Config.CertPath, context.Config.KeyPath); err == nil {
-		cert = c
-	} else {
-		log.Fatalf("Stopping due to error: %v", err)
-	}
+	cert := loadCertificate(context.Config.CertPath, context.Config.KeyPath)
+	caCerts := loadCaCerts(context.Config.CACertsPath)
 
-	webClient := CreateHttpClient(cert, 10*time.Second)
+	webClient := CreateHttpClient(cert, caCerts, 10*time.Second)
 
 	go periodicRefreshIwtToken(webClient, context)
 }
@@ -142,15 +138,29 @@
 	return jwt, err
 }
 
-func loadCertificate(certPath string, keyPath string) (tls.Certificate, error) {
+func loadCertificate(certPath string, keyPath string) tls.Certificate {
 	log.WithFields(log.Fields{"certPath": certPath, "keyPath": keyPath}).Debug("Loading cert")
-	if cert, err := tls.LoadX509KeyPair(certPath, keyPath); err == nil {
-		return cert, nil
+	cert, err := tls.LoadX509KeyPair(certPath, keyPath)
+	if check(err) {
+		return cert
 	} else {
-		return tls.Certificate{}, fmt.Errorf("cannot create x509 keypair from cert file %s and key file %s due to: %v", certPath, keyPath, err)
+		log.Fatalf("cannot create x509 keypair from cert file %s and key file %s due to: %v", certPath, keyPath, err)
+		return tls.Certificate{}
 	}
 }
 
+func loadCaCerts(caCertsPath string) *x509.CertPool {
+	var err error
+	if caCertsPath == "" {
+		return nil
+	}
+	caCert, err := ioutil.ReadFile(caCertsPath)
+	check(err)
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+	return caCertPool
+}
+
 func keepAlive() {
 	channel := make(chan int)
 	<-channel