buildHTTPClient creates an HTTP client with optional TLS configuration. If no certificate options are provided, it returns http.DefaultClient.
(insecure bool, caCert, cert, certKey string)
| 27 | // buildHTTPClient creates an HTTP client with optional TLS configuration. |
| 28 | // If no certificate options are provided, it returns http.DefaultClient. |
| 29 | func buildHTTPClient(insecure bool, caCert, cert, certKey string) (*http.Client, error) { |
| 30 | // Validate that cert and certKey are provided together |
| 31 | if (cert != "" && certKey == "") || (cert == "" && certKey != "") { |
| 32 | return nil, fmt.Errorf("both --cert and --cert-key must be provided together") |
| 33 | } |
| 34 | |
| 35 | // If no TLS customization is needed, return the default client |
| 36 | if !insecure && caCert == "" && cert == "" { |
| 37 | return http.DefaultClient, nil |
| 38 | } |
| 39 | |
| 40 | tlsConfig := &tls.Config{ |
| 41 | InsecureSkipVerify: insecure, //nolint:gosec |
| 42 | } |
| 43 | |
| 44 | // Load custom CA certificate if provided |
| 45 | if caCert != "" { |
| 46 | caCertData, err := os.ReadFile(caCert) |
| 47 | if err != nil { |
| 48 | return nil, fmt.Errorf("failed to read CA certificate: %w", err) |
| 49 | } |
| 50 | caCertPool := x509.NewCertPool() |
| 51 | if !caCertPool.AppendCertsFromPEM(caCertData) { |
| 52 | return nil, fmt.Errorf("failed to parse CA certificate") |
| 53 | } |
| 54 | tlsConfig.RootCAs = caCertPool |
| 55 | } |
| 56 | |
| 57 | // Load client certificate and key if provided |
| 58 | if cert != "" && certKey != "" { |
| 59 | clientCert, err := tls.LoadX509KeyPair(cert, certKey) |
| 60 | if err != nil { |
| 61 | return nil, fmt.Errorf("failed to load client certificate: %w", err) |
| 62 | } |
| 63 | tlsConfig.Certificates = []tls.Certificate{clientCert} |
| 64 | } |
| 65 | |
| 66 | return &http.Client{ |
| 67 | Transport: &http.Transport{ |
| 68 | TLSClientConfig: tlsConfig, |
| 69 | }, |
| 70 | }, nil |
| 71 | } |
| 72 | |
| 73 | func NewHTTPNode( |
| 74 | entrypoint string, |
no outgoing calls
searching dependent graphs…