(hf *Hoverfly, host string)
| 42 | } |
| 43 | |
| 44 | func GetHttpClient(hf *Hoverfly, host string) (*http.Client, error) { |
| 45 | if hf.Cfg.PACFile != nil { |
| 46 | parser := new(gopac.Parser) |
| 47 | if err := parser.ParseBytes(hf.Cfg.PACFile); err != nil { |
| 48 | return nil, errors.New("Unable to parse PAC file\n\n" + err.Error()) |
| 49 | } |
| 50 | |
| 51 | result, err := parser.FindProxy("", host) |
| 52 | if err != nil { |
| 53 | return nil, errors.New("Unable to parse PAC file\n\n" + err.Error()) |
| 54 | } |
| 55 | if client := parsePACFileResult(result, hf.Cfg.TLSVerification); client != nil { |
| 56 | return client, nil |
| 57 | } |
| 58 | |
| 59 | } |
| 60 | |
| 61 | if hf.Cfg.ClientAuthenticationDestination != "" { |
| 62 | |
| 63 | re := regexp.MustCompile(hf.Cfg.ClientAuthenticationDestination) |
| 64 | |
| 65 | if re.MatchString(host) { |
| 66 | |
| 67 | // Load client cert |
| 68 | cert, err := tls.LoadX509KeyPair( |
| 69 | hf.Cfg.ClientAuthenticationClientCert, |
| 70 | hf.Cfg.ClientAuthenticationClientKey, |
| 71 | ) |
| 72 | |
| 73 | if err != nil { |
| 74 | return nil, errors.New("Unable to load client certs file\n\n" + err.Error()) |
| 75 | } |
| 76 | |
| 77 | caCertPool := x509.NewCertPool() |
| 78 | |
| 79 | var tlsConfig *tls.Config |
| 80 | |
| 81 | if hf.Cfg.ClientAuthenticationCACert != "" { |
| 82 | // Load CA cert |
| 83 | caCert, err := os.ReadFile(hf.Cfg.ClientAuthenticationCACert) |
| 84 | |
| 85 | if err != nil { |
| 86 | return nil, errors.New("Unable to load ca certs file\n\n" + err.Error()) |
| 87 | } |
| 88 | |
| 89 | caCertPool.AppendCertsFromPEM(caCert) |
| 90 | |
| 91 | tlsConfig = &tls.Config{ |
| 92 | Certificates: []tls.Certificate{cert}, |
| 93 | RootCAs: caCertPool, |
| 94 | } |
| 95 | } else { |
| 96 | tlsConfig = &tls.Config{ |
| 97 | Certificates: []tls.Certificate{cert}, |
| 98 | RootCAs: caCertPool, |
| 99 | InsecureSkipVerify: true, |
| 100 | } |
| 101 | } |
no test coverage detected